In a 2013 survey by AT Kearney, 57% of the compliance experts said they would seek external help, especially to staff departments with experts in anti-corruption, data protection, and product safety issues. That survey also found the most effective compliance systems integrate compliance and process management (1).
Building a compliance system in the manufacturing industry can be quite complicated, requiring deep integration between compliance and process management across eight domains: anti-corruption, IT safety and security, product safety, fair competition, export controls, health, data protection, and employment law. We will explore these domains and how companies can align the needs of each area with a single policy management solution.
Staying in business; striving for excellence
Most businesses turn to compliance as a way to reduce liability, to avoid corporate fines, and to meet customer requirements. Whether you are in survival mode or already near the top and seeking that X factor to reach a new plateau of excellence, all compliance systems comprise the same basic components.
The first step is to design processes that adhere to regulations or internal goals. The next step is to ensure each process has a manager assigned to it for oversight. Finally, you need a control system to mitigate noncompliance—especially in critical processes—and have a way to document those measures and keep track of the pathways of delegation.
In most cases, processes are associated with a certain kind of domain. For example, onboarding a new employee and setting strict password requirements is a process associated with IT safety and security. In manufacturing, there are eight relevant domains.
Understanding the manufacturing compliance domains
In manufacturing, the eight domains are driven by areas that expose the organization to risk. Some, like anti-corruption, are mandated by legislation of the host country must be developed from scratch. Others like product safety and data protection are customer-driven, meaning that maintaining compliance in these domains have become a customer expectation that must be met in order to remain competitive in the market.
It’s also important to understand how compliance is closely tied to costs of business (see Table 1). A failure of compliance in data protection, for example, can cost a business millions of dollars as was the case when unpublished copies of Sony movies were released online ahead of global distribution (9). Each domain is associated with a cost per incident that is ultimately determined by the size of the business, the domain, the nature of the incident, and the severity (e.g., were federal or state laws also breached?).
Overall risk can be reduced by implementing effective controls in all areas of business. By building clear policies and procedures in the eight domains of manufacturing compliance, your organization can significantly reduce its risk profile.
Table 1. The eight domains of manufacturing compliance
|Domain||Perceived Risk (1)||Cost per incident (3-10)|
|Data protection||49%||~$8.5 million|
|Product safety||49%||> $1.0 million|
|Fair competition||49%||>$1.0 million|
|Health, safety, and environment||46%||>$5 thousand|
|IT safety and security||17%||Varies|
Building a compliance system in manufacturing with ComplianceBridge
Maintaining high levels of internal control requires a robust set of policies and procedures that are regularly reviewed by your staff across every department. With TotalCompliance, you can import and create thorough documentation that can be easily reviewed and approved by various stakeholders such as department managers and third-party consultants. Once each document passes through the appropriate checks, you can publish and notify specific people in the organization about its existence—all within the platform. These individuals can then go on to view and acknowledge each document as well as take tests of your design (11).
Finally, the robust metrics and reporting tools enable you to quickly gauge your compliance and spot areas that need your attention. And instead of sending out dozens of individual e-mail reminders, you’ll have access to a powerful system that automatically sends out regular notifications and even escalates the messaging your behalf.
Interested learning more about how TotalCompliance can help your manufacturing organization build a robust, automated compliance system? Take a tour.
- “Compliance in Manufacturing: A Very Personal Affair.” T. Kearney. Accessed 3 August 2017. https://www.atkearney.com/documents/10192/841827/Compliance+in+Manufacturing.pdf/c774b2e0-a7f9-4632-a508-93852e0532fb.
- “Compliance Management Systems.” Accessed 3 August 2017. https://www.fdic.gov/regulations/resources/director/presentations/cms.pdf.
- “Corruption: Costs and Mitigating Strategies.” Accessed 3 August 2017. http://www.imf.org/external/pubs/ft/sdn/2016/sdn1605.pdf
- “Examining the cost of a data breach.” @IBMSecurity. Accessed August 04, 2017. https://databreachcalculator.mybluemix.net/?cm_mc_uid=64030537039615017889035&cm_mc_sid_50200000=1501788903&cm_mc_sid_52640000=1501788903.
- “The high cost of not reporting product safety issues.” SADLER. July 10, 2017. Accessed August 04, 2017. https://www.products-liability-insurance.com/reporting-product-safety-issues/.
- “The Law of Anticompetitive Price Squeeze Claims.” The Law of Antitrust Price Squeeze Claims. August 10, 2009. Accessed August 04, 2017. http://brianmcmahonlaw.com/CM/Client-Bulletin/The-Law-of-Anticompetitive-Price-Squeeze-Claims.html.
- “UNITED STATES DEPARTMENT OF LABOR.” Occupational Safety and Health Administration. Accessed August 04, 2017. https://www.osha.gov/pls/oshaweb/owadisp.show_document?p_table=OSHACT&p_id=3371.
- Gross, Robin. “Penalties.” BIS Website. Accessed August 04, 2017. https://www.bis.doc.gov/index.php/enforcement/oee/penalties.
- Talbot, David. “The Costs of Bad Security.” MIT Technology Review. October 22, 2012. Accessed August 04, 2017. https://www.technologyreview.com/s/424165/the-costs-of-bad-security/.
- “Enforcement.” United States Department of Labor. May 06, 2016. Accessed August 04, 2017. https://www.dol.gov/general/topic/youthlabor/enforcement.
- “Powerful Policy Management Software from ComplianceBridge.” ComplianceBridge. Accessed August 3, 2017. http://compliancebridge.com/products/policy-management-software/.