Can you really have compliance without control? You can check the box that a business procedures exists but a procedure requirement is not about existence it is about deployment and usage. When we are speaking of control, there are really two different control conditions: static versus dynamic. What does static versus dynamic mean in terms of policy control and procedure systems?
Static Versus Dynamic Systems
Static systems are those that don’t change over time like a bridge or a flag pole. You had to figure the forces on these systems and calculate the stress, tension, torque, etc. Next comes dynamic systems, which are static systems that can (as a result of other forces) change over time like a suspension bridge that sways in the wind.
The thing about static systems is that you have no feedback. So the static equation is drawn with the forces in balance and feedback set to zero. With no feedback the problem is easy or relatively easy using basic calculus. In contrast, dynamic systems have feedback. The wind pushes on the bridge and the bridge pushes back (basic physics: a force is met with an equal but opposite force). This “pushing back” starts the feedback, but feedback can also produce feedback loops, which means the bridge begins to oscillate as it rocks back and forth in the wind.
You see the wind is not a constant force, its velocity changes over time. So this is a complex situation that becomes difficult to solve. If we fail to produce the right answer, the bridge could fall apart in the wind (it has happened). Positive feedback loops amplify the signal and can cause such destruction (i.e. a vicious cycle) whereas negative feedback loops reduce the signal and result in…control.
So when you design your procedures, are you designing in positive feedback loops that amplify your output and lead to the destruction of your process or are you designing in negative feedback loops that result in the control you are looking for?
Funny, we have to take into account the dynamic nature of a bridge before we built it but do you take into account the dynamics of a business process when you capture it in your knowledge management system?
Business policies and procedures are not static. They involve people that provide feedback; they involve customers, suppliers, and management that all provide feedback. So how do you integrate this natural feedback into your procedure? Start by planning for it. Plan for both positive and negative feedback but most importantly harvest the negative feedback.
Planning for feedback means data, scoreboards, process reviews, process audits, management reviews, customer and supplier surveys, discussions, interviews, comments, and most of all collaboration. We need to design collaboration into business procedures to allow for the natural feedback process to occur. Just like building a bridge requires us to understand the forces at work BEFORE we build the bridge, so it is with building business policies and procedures.
The standards we talk about (ISO 9000, Sarbanes Oxley, GMPs) are all about reducing risks or reducing risks using negative feedback right? The next time you have to write business procedures think about how you can introduce negative feedback to obtain the control that the standards are really asking for. Download Procedure Examples of Compliance and Control.