Can you really have compliance without control? You can check the box that a business procedures exists but a procedure requirement is not about existence it is about deployment and usage. When we are speaking of control, there are really two different control conditions: static control and dynamic control. What are static and dynamic policy and procedure systems?
Static systems are those that don’t move or change over time like a solid bridge or a building. You have to figure the static forces on these systems and calculate the stress, tension, torque, etc. Next comes dynamic systems, which are static systems that can (as a result of other forces) change or move over time like a suspension bridge that sways in the wind or automobiles that move.
The thing about static systems is that you have no feedback. So the static equation is drawn with the forces in balance and feedback set to zero. With no feedback the problem is easy or relatively easy using basic calculus. Processes with no feedback are ballistic processes with no control.
In contrast, dynamic systems have feedback. The wind pushes on the bridge and the bridge pushes back (basic physics: a force is met with an equal but opposite force). This “pushing back” starts the feedback, but feedback can also produce feedback loops, which means the bridge begins to oscillate as it rocks back and forth in the wind.
You see the wind is not a constant force, its velocity changes over time. So this is a complex situation that becomes difficult to solve. If we fail to produce the right answer, the bridge could fall apart in the wind (it has happened). Positive feedback loops amplify the signal and can cause such destruction (i.e. a vicious cycle) whereas negative feedback loops reduce the signal and result in…control. This is true when writing effective procedures systems too.
So when you design your policies and procedures systems, are you designing in positive feedback loops that amplify your output and lead to the destruction of your process or are you designing in negative feedback loops that result in the control you are looking for? Are you even thinking of feedback in the design of policies or procedures?
Funny, we have to take into account the dynamic nature of a bridge before we built it but how often do you take into account the dynamics of a business process when you capture it in your knowledge management system?
Business policies and procedures are not static. They involve people that provide feedback; they involve customers, suppliers, and management that all provide feedback. So how do you integrate this natural feedback into your procedure? Start by planning for it. Plan for both positive and negative feedback but most importantly harvest the negative feedback.
Planning for feedback means data, scoreboards, process reviews, process audits, management reviews, customer and supplier surveys, discussions, interviews, comments, and most of all employee collaboration. We need to design collaboration into business procedures to allow for the natural feedback process to occur. Just like building a bridge requires us to understand the forces at work BEFORE we build the bridge, so it is with building business policies and procedures systems.
The standards we talk about (ISO 9001, Sarbanes Oxley, GMPs) are all about reducing risks or reducing risks using negative feedback right? The next time you have to write business procedures think about how you can introduce negative feedback to obtain an effective internal control system that the standards are really asking for. Download free policies and procedures.