New laws and regulations are having, or soon will have, a major impact on process manufacturing companies. Should the increased burden of compliance be simply viewed as just a necessary costsimilar to the Y2K issue where a lot of money was spent on new IT systems, with little apparent benefit? Or should it be viewed as a key weapon in a companys overall strategy to improve corporate performance management?
There are a number of headline-grabbing regulations currently in the news. At the generic level there are those that are fiscally focussed, such as Sarbanes- Oxley and the International Accounting Standards. At the manufacturing level there is 21 CFR Part 11 (electronic records and signaturesmostly focussed on the pharmaceuticals industry), Food Traceability and Regulation Evaluation and Authorisation of Chemicals (REACH). However, when you take a broader view of regulations that apply to any one process manufacturing company there are typically many hundreds that need to be complied with, ranging from the Data Protection Act to ISO 1400x environmental management and from equal opportunities in the workplace to ISO 9000 quality standards. Just about every department and employee in a company will have one or more external regulations imposed upon them with which they will have to comply.
The reality is that many companies are not able to manage regulatory compliance efficiently. Commonly, one or more of the following problems apply.
* Management underestimates the effort required and the necessary funds are not made available
* Departments lack the required expertise
* Policies, processes and procedures are not well documented, updated and communicated
* In general, there is a silo approach to IT compliance solutions, with multiple IT systems maintaining similar data with differing security and journaling capabilities. Companies that choose one-off solutions for each regulation will spend significantly more on compliance projects than those who at least maintain their data in one database
* Compliance is viewed as a tactical necessity just more cost.
The good news is that, no matter what the regulation, there are a number of common steps that a company can undertake to manage compliance better.
Know who is responsible for compliance
Much of the inefficient management of compliance is simply caused by uncertainty as to who is responsible. To avoid this, it is necessary that one person, or team, is assigned prime responsibility for all regulatory aspects across the complete enterprise. In this way, a holistic view of all of the regulations can be taken and, where appropriate, a common approach to complying with the regulations can be spotted. There is a growing trend within large multinational organisations to employ a full-time corporate compliance officer with a dedicated team. In smaller companies this is not practical, but at least if the prime owner of compliance is communicated, then this is a major step forward.
Eliminate paper and reduce the risk of incorrect datawith electronic signatures
Paper records are cumbersome and expensive to circulate for review and approval when there are several people involved in the process. This is compounded in a global enterprise where the individuals may be dispersed. Faster and cheaper product development, manufacturing and quality assurance turnaround is possible with electronic routing of signature requests anywhere, virtually instantaneously. Audits by regulatory gencies are a fact of life and very serious business in regulated industries. They are laborious and expensive and the agency generally will not wrap up their investigation until they are satisfied with the information that they are provided. The quicker a company can provide the auditors with the evidentiary records they need, the more incontrol the company will appear and the quicker they will be on their way.
Enforce policies, processes and procedures
Documenting policies and procedures was once a onetime project. That's no longer the case. For instance, Sarbanes-Oxley makes it a continuous requirement with quarterly and annual check offs. Standardised process documents make identifying risks and controls much easier. Employees unfamiliar with a system often try workarounds when they don't receive the response they expect. Workarounds can corrupt data and render reporting unreliable. Modern IT solutions are available that use an intuitive graphical interface to develop, document and maintain all key business policies and procedures and store the information in a centrally accessible database. Any selected solution must also provide easy and timely access to anyone who wishes to audit a companys policies and procedures. Once policies and procedures are in place there is a need to ensure that employees are educated and that a record is kept of their completing the training. This is best undertaken with an on-line e-learning tool so that the training can be accomplished at times most appropriate to themespecially if shift workers are involved.
Manage unstructured information
Typically, 30 per cent or less of a companys data is in a structured format, i.e. data produced by transactional systems such as ERP, MES or SCADA. Yet more than 70 per cent of any data that is needed for regulatory compliance is in an unstructured format, such as e-mails, faxes and scanned documents. This can be the cause of major problems when trying to search for all the relevant data, especially in a product recall where all relevant data needs to be on-hand within minutes of the trigger to recall. The answer is to have both structured and unstructured data residing in a common database where a common search engine and security features can be used.
To help ensure that there is only one source of truth, companies should try to simplify their systems, bringing more of their databases within a single overriding structure and eliminating the potential for multiple entry points into the system. Companies must avoid inflexible IT systems that will be difficult to change every time there is a change in regulations.
In addition to these generic measures a company can take to manage compliance, there are of course specific solutions needed to meet specific regulations. A good example is the new EU Food Product Traceability regulations that come into play in 2005, where there will be a much stronger need for companies to be able to improve product traceability. Getting fast answers to certain questions may determine whether a company will survive a crisis.
What product was delivered to which customer? And what was the quality of the component ingredients? And which suppliers provided them? It is essential that a system will track lots and sublotsthrough multiple locations and warehousesfrom suppliers all the way through to the customers. A good ERP system will not only do this but also show what resources and quality checks were used in producing the product. All this should happen within seconds of triggering an enquiry.
Because compliance regimes are forcing the adoption of more formal business processes and stricter ways of eporting, the upside is that companies are becoming more able to spot inefficiencies, overlaps and duplications of effort, thereby reducing costs and becoming more competitivea healthier company. The more enlightened enterprises are now waking up to the significant benefit compliance can bring when it is viewed as a key weapon in their strategic armoury. It is helping them to become leaders in corporate performance management by:
Regaining control of the business
* Meeting legal and statutory requirements
* Improving the understanding of the business
* Linking strategy, planning and reporting systems across the enterprise
* Exploiting business opportunities.
Increasing organizational credibility
* Ensuring that strategy, planning and reporting systems are consistent, repeatable and auditable
* Establishing clear lines of accountability for all aspects of the business
* Managing by fact instead of by soft information.
Removing barriers throughout the enterprise
* Enabling cross-functional sharing of information
* Enhancing communication among strategy formulation, planning and monitoring systems
* Working as one team.