Workflow, Controls or Tracking – Regulatory Compliance for Knowledge Workers

When trying to implement regulatory compliance it seems to me that there are three ways you could go aout implementing human centric regulatory compliance (where people play a big role in the compliance process)

  • The first is a rigorous workflow driven process approach, where each step is part of a completely defined process. The process would have little (or no)  flexibility and the people involved would have no discretion how things should be done. This approach would ensure compliance, and could work well when most of the process is automated (done by machines) or by very low level workers. This approach allows for complete process optimization, since every step is choreographed and can be measured and optimized. However, this approach would be very stifling and wouldn’t work for complex regulations or in a changing environment.
  • The second is a controls approach. Based on a guideline or best practice, people are trained and would be expected to do their part. Controls in certain critical junctures in the process could be defined and measured to ensure an expected workproduct exists at the control point. This gives people more flexibility since they wouldn’t be told how to do things, but only what is expected of them (they are told the “what”, but have freedom with respect to the “how”). The downside here is that any information about how things get done is lost – and there is no way to use that information to iteratively improve the process. Another problem is that even though the control is compliant – the way that compliance was obtained may be problematic (and I don’t mean malicious intent – just that things were done the wrong way, perhaps for good reasons). 
  • The third is a tracking approach. Here too there are a guideline and controls. The difference from the workflow approach is that the “how” isn’t dictated -but unlike the second approach it isn’t ignored, but rather is tracked so that “how” is known after the fact. Like the second approach there are controls defining specific work product at specific junctures in the process. In my opinion this approach blends the best of both worlds for knowledge workers – it doesn’t stifle them by dictating the “how” (which is probably impossible for many regulations), but enables an audit (even in real time) of both the “what” and the “how” enabling both compliance and process optimization.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: