If your business runs a compliance management solution, there’s a good chance you purchased it to do exactly that: help you monitor, manage, and measure the tasks and activities related to following compliance regulations. This is no small feat. In part 1 of this series, we reviewed all the challenges compliance managers face keeping up with NERC, and in part 2, the various KPIs that can help you better wrangle your compliance processes. Your compliance management solution is key to solving those challenges and keeping those day-to-day KPIs on track.
But if that’s all your compliance solution does, you’re leaving money on the table. You’re sitting on a goldmine of data about how your business functions at a wide variety of levels. To maximize ROI on your compliance management solution, it should help you take that data from tactical workhorse to strategic asset.
In part 2, KPIs and the Power of Aggregate Reports, we talked about metrics like how many tasks are in flight and why Facility One is performing better than Facility Two. Now, let’s take it a step further. Instead of considering your compliance data as a snapshot, look at it over time to understand if you’re improving, where, how, and why.
Say your goal is 100% completion of your NERC compliance requirements. If you’re hitting 98% at every facility in every department, good – keep doing what you’re doing but work on incrementally getting better. But maybe one quarter your completion rate is 80%, then 75% the next, then 82%. This demonstrates a trend: you’re not improving. It’s time to dig into the numbers.
Perhaps all four of your facilities average the same completion rate. If that’s below your target, and it’s not going up, it may tell you that you have a cultural issue on your hands, and you need to address your culture of compliance company-wide. But say that Facilities 1, 2, and 3 are all hitting 98%, but Facility 4 is down at 70%. On paper, the average doesn’t look too bad; 91% completion is pretty good. The data demonstrates, however, that Facility 4 has a problem – which is good news, because it means you can go fix it.
If you consistently don’t hit your goal, you need to understand why you missed it. Is Facility 4 understaffed or under-trained? What is different there than in your other facilities (or departments, or standards – you get the idea.) Examining your compliance data over time uncovers trends, isolates issues, and facilitates answers.
Once you know what’s going on, you can do something about it. That may begin with adjusting your goals to be realistic and incremental. You may want to hit 98% completion, but if you’re currently running at 70%, that’s a long, steep climb. Instead, set the goal for the first quarter of your improvement program at 75%, then 85%, then 95%. Give your people attainable objectives to keep them motivated.
What does an improvement program look like? It could be education and training. Your employees may honestly not know what they’re supposed to be doing and/or how to do it, especially if you deal with high turnover. Perhaps it’s staffing, ensuring that you have enough people in place to get things done in a timely manner. Or as mentioned earlier, you may need to revamp your company culture around compliance. It’s critical to set the expectation from the top down that compliance is important. If there are no ramifications for missing goals, or on the flip side, no incentives for hitting them, why should anyone care? This isn’t to say that your compliance department should become a police state, but if management isn’t communicating that this is important, it won’t be.
With the right compliance management solution, you can understand the problem, put a process in place to fix it, then record results again to see if it’s working. Rinse and repeat. It may take some trial and error, and it will likely take some time, but using your data in a strategic way pays tremendous dividends. You’re running a compliance program because NERC makes you – fine. But you’re also protecting the grid and protecting your business. Stop measuring for the sake of measuring, and start improving the health of your organization.
SigmaFlow is a leading provider of Process Execution solutions. The company’s NERC Compliance Solution is a real-time, evidentiary based software solution that solves the challenges of CIP & 693 Compliance. The SigmaFlow Compliance Solution manages all documents, data, and work activities while automatically collecting and building the evidence for NERC compliance in a real-time repository. SigmaFlow products place a strong emphasis on embedding domain knowledge through a process-driven template-based-architecture. Contact us at firstname.lastname@example.org to learn more.