This article, a second in a series exploring how to organize activities, determines their value add, and leverages them for performance, examines the characteristics, impacts and organizational traits related to procedures and audits.

Part 1, Activities vs. Performance Improvement, Common Sense, discussed the nature and attributes of organizational culture and behaviors when evolving from a reactive state to a preventive state. The article examined training activities, data collection and the nature of organizations driven by activities and lagging indicators without complementary leading performance indicators and driving strategies.

Source of Compliance Activities

Some followers of business improvement processes label attributes in the reactive state as “non-value added,” others say the attributes provide organizational discipline and are a necessary “overhead” for a high performing organization. In many industries compliance activities are driven by regulatory requirements. In other situations, customer requirements drive the need to prove evidence of a systemic and institutionalized approach to design, production, testing and quality control. Sometimes companies do not have a choice but to comply with the requirements or turn down the business opportunity. This then leads to potential conflict: should the company incur the added cost and perceived inefficiency or coordinate the efforts and provide a competitive advantage?

To verify that procedures and standards are followed companies conduct independent compliance audits. History and experience however, tell us that compliance audits and procedures may not lead to increased performance, but take on a life of their own with corresponding departments, budgets and staff.

Source of Bureaucracy

A task team was chartered to understand the requirements and differences between BSI 5750/ISO9001, QS9000 (auto industry), CMMi and an existing internal quality system. The team was tasked to fully understand the requirements, merge them into one workable system, and assure that they linked to and drove performance. During this project the team had the opportunity to meet with the actual authors of the standards. The authors discussed how the procedures were taken out of context, exploited for business consulting revenue, and turned into something they never intended – and only on occasion used efficiently and successfully by high performing organizations. Their initial premise was that if they could define “best practices” and procedures around a common framework, good performance results would follow. The authors defined the “what” but not necessarily the “how.” They were hoping that well-trained experienced professionals would translate the standards, and use good management and common sense to drive results. For example, a piece of the ISO9001 standard deals with the use of statistical process control methods (SPC). The standard requires the demonstrated use of SPC but not necessarily the particulars of where and how to use it. An organization becomes highly focused on meeting the requirement of demonstrating the use of SPC (perhaps in a pocket) instead of leveraging it with business purpose for results.

The compliance audit often falls on the shoulders of an individual or a department and takes on a life of its own – un-linked to key business needs and priorities it often leads to conflicts of interest, inefficiency and “out of context” application. Some organizations use the standards and regulatory requirements as an excuse to not change anything: “We can’t change that process. It is a regulatory or audit requirement.” To avoid this ask the person to site the specific standard and requirement to which they are referring.

When organizations regularly misuse the tools, bureaucracies are created that add little value to business. Fortunately, most of these standards have embraced a process of continuous improvement and the later versions have built-in links to performance results. To assure a business value added purpose and fit, their successful use still requires planning, management, prioritization and review.

Lean Six Sigma Can Help

There is a developing and natural collision between agile and iterative development practices and standard or compliance activities. People argue that managers should “throw all that stuff away and just let us do our jobs.” This attitude proliferates the problem. It causes an organization to maintain two systems, development and compliance, which creates a bottleneck and finger pointing. Compliance is a business requirement, so it is not going away. In iterative and agile organizations the compliance standards and procedures need to be “sliced” to fit the development cycle and synchronized to particular tasks. Iterative practices improve the efficiency of compliance because they are:

  • Accomplished in real time,
  • Completed in smaller segments and
  • Included early enough in the process to make changes and adjustments to assure compliance.

Lean Six Sigma has proven that “leaning out” processes, while assuring they are measurable and aligned to key business goals, drives performance. The prioritization, streamlining and process tools (found in the “D” of the DMAIC roadmap) take an objective look at the regulatory and audit requirements, map them to critical core business processes, and gain better alignment between the standards, requirements and business purpose. Organizations can then quickly identify and remove non-value added steps, and redundancy becomes apparent.

The prioritization and analysis tools (in “M” and “A” of DMAIC) attack the problem in a logical sequence. Using historical data managers can determine where the largest non-value added steps are in the compliance process and where our compliance efforts fall short. These tools provide direction and an order of precedence on what to attack. Without these tools organizations tend to tackle the entire problem at once, setting themselves up for scope issues.

Use the analytical tools (in “A” and “I” of DMAIC), to recognize the root causes of the more complex compliance issues. The analytical tools enable managers to statistically sort issues of noise from true causes and use the information to drive improvements and further process fixes.


Senior management needs to recognize that maintaining two systems is not acceptable. In cases of significant scale, managers may need to review organizational structure and accountabilities for compliance. The accountability should shift to the process owners, not a separate department, and the process of work (including compliance requirements) needs to be reengineered so as not to create a new layer of compliance checks. A trained Lean Six Sigma (LSS) Black or Green Belt can assist using the process tools of LSS to refine, and the measurement tools to maintain control. The cumulative effect of reworking many LSS projects is one work process with compliance built in – lowering the cost, time and risk, and improving the quality rather than keeping compliance as a separate and redundant function.

About the Author