All too often, getting accredited is seen as being the compliance team or quality manager’s job, or viewed as “extra work” that has nothing to do with day-to-day operations. Furthermore, whilst many companies have compliance and audit teams, they can be seen as the “policy police”. This can result in a disconnect with the actual business and a lack of understanding as to what the return on investment for compliance actually means.
Getting the right accreditations is a vital start but even more importantly, this needs to drive an overall culture within the business that the protection of customer interests comes first. This is where business effectiveness comes in, removing the stigma that comes with the need for compliance and instead offering comprehensive solutions that will ultimately achieve the same goal.
Doing the “right things”
The key is to implement things that are effective and actually work for customers and the business – not just to satisfy an auditor. At GCI, we have undergone the auditing process for a number of important standards, including ISO20000-1 (IT Service Management), ISO27001 (Information Security Management System), ISO14001 (Environmental Management System) and ISO9001 – (Quality Management System).
While these accreditations certainly prove that we take our compliance responsibilities seriously, the real benefits come in many other forms. For instance, they support the business in gaining new customers; we’re increasingly finding that we wouldn’t get a foot in the door with some prospective customers without being fully accredited. And when done correctly, accreditations promote, support and drives us all to be more effective, which in turn helps the delivery of our strategic objectives and overall business strategy.
Finally, there’s the positive enforcement and recognition of the good work being done within the business. With experts from outside the company providing valuable validation that we are doing the ’right things‘, it provides our customers with the assurance they need to deal with us.
Best practice is part of our culture
How should you go about tackling the not-insignificant challenges of compliance and audits? It begins with working and engaging with departments, teams and individuals to position the effort involved as contributing to business effectiveness, gaining their buy-in to the formation of the plan to effectively implement and embed best practice within the DNA of everything we do.
Best practice should be seen as a facilitator that works for the company we represent, not something that dictates how we work. We should not be ’slaves‘ to the standards or treat the associated audits as an annual event that needs to be successfully navigated to retain a badge. Best practice should become part of the organisation’s culture, never as an afterthought.
Are you doing the “right things” already?
When a certification is gained, it should be as a by-product of doing all the ’right things‘ effectively. In a successful organisation, people are often doing this already without realising it is a requirement of a given standard. Badges or certifications should be seen as a final step and validation that organisations are doing what’s right, but they shouldn’t be the holy grail of business processes.
Instead, the focus should be on streamlining processes to meet the objectives of the business and the common goals of the people within it. And if those processes put an organisation within touching distance of a shiny new accreditation? Well, that’s just a fortuitous bonus.
About the Author
Phil Smith is COO at GCI.