Regulatory enforcement, customer and supply chain audits, and internal risk management initiatives are all driving requirements for managing regulatory compliance obligations. Many companies—especially those that are not large enough for a dedicated team of full-time staff—struggle with how to effectively resource their regulatory compliance needs.

Striking a Balance

Using a combination of in-house and outsourced resources can provide the appropriate balance to manage regulatory obligations and maintain compliance.

Outsourcing provides an entire team of resources with a breadth of knowledge/experience and the capacity to complete specific projects, as needed. At the same time, engaging in-house resources allows the organization to optimize staff duties and ensure that critical know-how is being developed internally to sustain compliance into the future.

Programmatic Approach to Compliance Management

Taking a balanced and programmatic approach that relies on internal and external resources and follows the three phases outlined below allows small to mid-size companies to create standardized compliance management solutions and more efficiently:

• Identify issues and gaps in regulatory compliance
• Achieve compliance with current obligations
• Realize improvements to compliance management
• Gain the ability to review and continually improve compliance performance

Phase 1: Compliance Assessment

A compliance assessment provides the baseline to improve compliance management and performance in accordance with current business operations and future plans. The assessment should answer the following questions:

• How complete and robust is the existing compliance management program in comparison with standard industry practice?
• Does it have the capability to yield consistent and reliable regulatory compliance assurance?
• What improvements are needed to consistently and reliably achieve compliance and company objectives?

It is important to understand how complete, well-documented, understood, and implemented the current processes and procedures are. Culture, model, processes, and capacity should all be assessed to determine the company’s overall compliance process maturity.

Phase 2: Compliance and Program Improvements

The initial analysis of the assessment forms the basis for developing recommendations and priorities for an action plan to strengthen programs, building on what already exists. The goal of Phase 2 is to begin closing the compliance gaps identified in Phase 1 by implementing corrective actions, including programs, permits, reports, training, etc.

Phase 2 answers the following questions:

• What needs to be done to address gaps and attain compliance?
• What improvements are required to existing programs?
• What resources are required to sustain compliance?

Phase 3: Ongoing Program Management

The goal of Phase 3 is to improve program processes to eliminate compliance gaps and transition the company from outsourced compliance into compliance process improvement/program development and implementation. This is done by managing the eight functions of compliance—identifying what’s needed, who does it, and when it is due. Ongoing maintenance support may include periodic audits, training, management review assistance, Information Systems (IS) support, and other ongoing compliance activities.

Case Study

For one Kestrel client, business growth has increased at a rate prompting proactive management of the company’s regulatory and compliance obligations. Following a Right-Sized Compliance approach, Kestrel assessed the company’s current compliance status and programs/processes/procedures against regulatory requirements. This initial assessment provided the critical information needed for the Kestrel team to help guide the company’s ongoing compliance improvements.

Coming out of the onsite assessment, Kestrel identified opportunities for improvement. Using industry standard program templates, in combination with operation-specific customization, Kestrel created programs to meet the identified improvement from the assessment. Kestrel then provided onsite training sessions and is working with the company to develop a prioritized action plan for ongoing compliance management.

Using the appropriate methods, processes, and technology tools, Kestrel’s programmatic approach is allowing this company to implement EHS programs that are designed to sustain ongoing compliance, achieve continual improvements, and manage compliance with efficiency through this time of accelerated growth.

Making the Connection

Kestrel’s experience suggests that the connection between management and compliance needs to be well synchronized, with reliable and effective regulatory compliance commonly being an outcome of consistent and reliable program implementation. This connection is especially important to avoid recurring compliance issues.

Following a programmatic approach allows companies to realize improvements to their compliance management and:

• Organize requirements into documented programs that outline procedures, roles/responsibilities, training requirements, etc.
• Support management efforts with technology tools that create efficiencies and improved data management
• Conduct the ongoing monitoring and management that are vital to remain in compliance
• Gain the inherent capacity, capability, and maturity to comply, review, and continually improve compliance performance