imageIn business situations a common frustration can be that staff do not follow the defined procedure, that data updates are not supplied correctly and that business change activities take more time and cost than expected.

These symptoms can indicate a deeper and more pervasive issue, namely whether your organisation has a compliance culture.

These cultural issues can result in poor business decisions, dissatisfied customers and potentially challenging questions from regulators. Above all, they can have a noticeable effect on profitability.


So how can you tell whether your organisation (or parts of it) suffer from a culture of non-compliance?

The following symptoms are some of the ones to look out for:

  • Staff create local variations and ‘improvements’ to defined business processes
  • Staff do not routinely use the required safety equipment, especially personal hearing or eye protection
  • Changes to planned work activities take place without approval, for example, whilst a server has been shut down to replace a failed disk drive, the support technician applies an untested application patch
  • Data on completed work activities is either not supplied, or the bare minimum to ‘close the job’ is supplied
  • Rather than choosing the correct job code for completed work, staff use the default code
  • Projects struggle to be completed due to continued scope creep
  • Change management activities take longer than forecast and do not result in a permanent change to the desired improved approach

If you see evidence of these symptoms, or similar, then your organisation is likely to be suffering from a culture of non-compliance.


Organisations which have a culture of non-compliance can suffer from many problems. These include:

  • Higher accident rate
  • Poor data quality
  • Process ineffectiveness
  • Poor customer perception
  • Reduced profitability
  • Higher project costs
  • Unwelcome attention from regulators and auditors

The most pervasive effect of this culture is that any attempts at standardisation, change management or improvement activities are either ineffective, or quickly revert to ‘the old ways’.

So if you are working to improve data quality in such an organisation, it is likely that any improvements that you manage to achieve will take more effort and time than anticipated. Additionally, these changes are unlikely to be sustainable, so you may end up repeating the same data cleansing activities on an ongoing basis.

Improving the culture

A poor compliance culture is likely to affect most activities of an organisation, therefore, changes need to be across the whole organisation and reinforced by the Directors and Senior Managers.

Clear communication to staff is required to explain:

  • Why the existing situation is not acceptable
  • What they need to do differently
  • What support is available to help people know what to do, how to raise concerns and sources of guidance
  • The sanctions that will be applied if staff if they fail to comply with expected procedures and processes

These messages will need to be repeated in different formats on an ongoing basis.

Additionally, the leaders of the organisation need to lead by example. An organisation I worked in a few years ago engaged in a change programme to improve the approach to Health and Safety. Whilst this was under way, the Managing Director realised that he also had to work in a safe manner at home as well as at work – for example, when doing home improvements or gardening, he needed to use the same safety precautions as expected at work. The message of improving approaches to safety would quickly be devalued if the MD got a splinter in his eye whilst woodworking!

A current client, who are a major infrastructure project, have a ‘Target Zero’ initiative, which is intrinsic to everything they do. Target Zero is heavily focused towards avoiding accidents, but also includes requirements for simplicity, openness, cost effectiveness and delivery commitment. The is supported by a strong focus on compliance and governance. Most corporate messages refer back to Target Zero and are backed up with poster campaigns and regular staff reminders. So far, this approach is proving very successful in avoiding accidents and avoiding compliance failures.


So, if you are frustrated at why your efforts to improve data quality, streamline business processes and deliver projects to time, quality and budget, look at how compliant the organisation is. If the organisation has a culture of non-compliance, then you should be encouraging Directors and Senior Managers to increase the importance of compliance.

Tagged on:     

4 thoughts on “Does your organisation have a compliance culture?

  • 12th November 2010 at 23:42


    Great post.

    Having slogged in the Compliance salt mines my personal feeling is that there is a very fine line to walk between compliance and innovation and an important need to ensure balance between the two. All too often organisations become prescriptive and punitive in their pursuit of compliant behaviour with the result that staff stop looking for ways to improve things and start just ticking boxes and watching the clock.

    I call that “small c” compliance.

    What is far better for organisations is if the Compliance culture is built on clearly communicated values and benefits that go beyond the “carrot and stick” and encourage adherence to the spirit and intent as well as the letter of policies. Building the intrinsic motivation to comply brings about “Large C” Compliance and co-operation rather than just conformity. Add to the mix a clear process where by staff can contribute ideas for improvement and enhancements to processes to increase quality and you have a classic Quality culture.

    It’s also worth bearing in mind that if you focus on the extrinsic motivators (risk/reward levers) then it has been proven consistently in the fields of economics, psychology and sociology that you will very often get the exact opposite result of what you were looking for as the focus shifts to the reward, not the objective. People are not pigeons it seems.

  • 13th November 2010 at 07:56

    Great post. Agree with everything apart from:

    “Staff create local variations and ‘improvements’ to defined business processes” as necessarily being a problem.

    In many bureaucratic organisations, “Compliance” means blind conformance in order to obtain a “tick in the box”. The outputs or products of activities are often far from what the customer requires.

    In such organisations, and there are many, one often comes across a small group of people who are committed to providing what the customer requires. Sadly, because they cannot get the central bureaucracy to make changes in flawed core systems, they need to make local improvements. These are genuine improvements that deliver quality.

    The real question is not, “Is your organisation committed to compliance?”, rather “Is your organisation committed to quality?”.

    Compliance to standards will not deliver quality. Only compliance to quality</b standards will.


  • 13th November 2010 at 08:24

    Some great comments on an equally great post.

    One of the biggest issues I find is a compliance mandate that doesn’t deliver a compliance culture.

    Slogans and directives don’t create a compliance culture, people do. Unless the benefits are presented as benefits for the individual and the actual mechanics enhance, instead of impeding, daily working life, it can be tough to get traction.

    I also think one of the big mistakes is to launch compliance directives that reach too far, I saw this once at a utilities company aiming for a zero defect drive, it just alienated the workforce who were already de-motivated. You have to consider the present mood before piling more pressure on.

    Daragh sums this up far better than me though, people are not pigeons, unless they see the benefits for themselves they can easily blockade.

    • 13th November 2010 at 20:47

      Daragh, John, Dylan,

      Thank you all for your excellent and well argued comments.

      Picking up on the variants and ‘improvements’ to processes phrase – I have, sadly, seen too many cases where the local changes to process are actually attempts to short cut the process in order to achieve local gains at the expense of corporate objectives – clearly not a good thing and not meeting quality standards.

      However, if process changes achieve the same business objectives in less time and at less cost then this is innovation that should be encouraged. This is where Daragh’s balancing act comes in and presents the challenge of encouraging innovation but ensuring there is suitable visibility and governance over these changes. John also presents the challenge here of how to ensure that the central bureaucracy allow such innovation, whilst still maintaining compliance to core standards.

      I agree with John that compliance to quality standards will have more chance of a successful outcome than a blind insistance on ‘compliance to rules’.

      As Dylan suggests, a zero defect drive can be a tricky thing to implement. In a former role I, like in Dylan’s example, was in an organisation with low morale who adopted a ‘sledgehammer’ one size fits all approach to safety compliance – which failed to succesfully change behaviours either in office locations or field locations.

      Conversely, the organisation I am currently involved with are being very successful with their Target Zero initiative. This is clearly lead by example from the Directors and is linked to a number of common sense objectives. Another reason for this success may be due to a generally better morale and, as this is a large engineering project, a very clear single goal that everyone is aiming for.


Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.