TEST to main content First level navigation Menu
climber hanging from cliffside

Managing uncertainty: How organizations can move beyond simple compliance

by Dylan Williams
 
This article is not meant to convince you of the merits of RFID-blocking wallets and underground bunkers. We see the security breach headlines, pray for litigation costs to reach a ceiling, and watch executives escorted from their headquarters for unethical conduct — but the exaggerations have become alarmist.

In practical terms, every organization deals with some level of uncertainty in regards to their information — the accuracy of quarterly projections, the introduction of previously unknown technologies, the impact of generational shifts in the workforce.

That said, what I concern myself with is how to leverage the knowledge from things we can and should measure all the time to proactively address blind spots.

We will discuss these potential uncertainties, how they can affect your organization, and the measures that you can take to address them before they become major issues.

Today, I will discuss the impact and importance of compliance to your organization.
 

​Organizations need compliance to deal with much of their business information, but often fall short of making effective use of that information to respond to challenges that don’t easily present themselves on a balance sheet or operating report. 

compliance pyramid

Big uncertainty, big problems

But before we get into compliance, I want to discuss briefly what I call the 5 I’s of Big Uncertainty. Uncertainty is “big” because information is “big,” and getting bigger every day.

The massive volume of unstructured information has shifted the calculus. Today, the biggest risk exists in areas that are not measured, analyzed or managed — the more ambiguous the information, the greater the risk it presents to your organization.

But so many resources are dedicated to refining fractions of a percentage of known metrics. I would argue that while “big data” gets all the attention, addressing “big uncertainty” is a far better indicator of an organization’s ability to innovate sustainably.

Managing this uncertainty is at the heart of governance, risk and compliance, and can be broken into these 5 I’s of Big Uncertainty:
 

1. Inconsistent

The uncertainty with the least impact on your organization, this generally deals with deterministic concerns. Variables can lead to inconsistency in the information you have coming into your organization. This can have a ripple effect throughout your organization and lead to poor decision-making.
 

2. Inaccurate

The next level of impact comes from inaccurate information — often caused by poor measurement methods or wrong decisions about what information to collect. This is potentially more harmful than inconsistent information, as inaccuracies are often more difficult to identify and change.
 

3. Inconclusive

Leaders are often paid to make business decisions without having all of the information in front of them. But if that information is incomplete and inconclusive, it could cause decision-makers to make choices they would not otherwise make, or delay and prevent decisions entirely.
 

4. Intangible

Even more dangerous than inconclusive information is intangible information — info that doesn’t present itself on a balance sheet or operating report. This can be anything from brand perception to information about inner-workings at your facilities (e.g., why production at your west coast plants is behind schedule). The danger is in perception that this information can’t or shouldn’t be measured.
 

5. Invisible

This represents the classic “don’t know what you don’t know.” The unexpected nature of this information makes it also potentially the most dangerous, however unlikely.

Of these 5 I’s, compliance concerns itself mainly with the two most common: inaccurate and inconsistent information.
 

Finding additional value in compliance

Compliance deals with rules and maintaining existing measurements. While globalization and a steadily shifting legal landscape are creating a number of compliance hassles and headaches, there are usually fairly clear objectives and measurement tactics in place to follow existing rules. And generally speaking, if an organization follows the rules, it should be in compliance.

But it isn’t always that easy.

In my experience, many organizations tend to focus extraordinary resource levels towards information decisions in this area — the potentially inconsistent or inaccurate information informing business forecasts, market research or budgets. These numbers are continually refined to make them more precise as more information comes in.

Go beyond traditional compliance measures

Look at it as less of a requirement and more for the extended value it can bring an organization.
 
This is where many organizations stop, however — a mistake in my view.

These organizations are missing out on the value of the learnings and metrics generated from their compliance activities, which can better inform decisions around information higher up the pyramid — inconclusive, intangible or even invisible. As an example of this, consider your accounts payable team.

Every business has bills and taxes to pay, and their own methods of doing so. Organizations that process hardcopy invoices find that this work takes longer, and that errors can create significantly larger bottlenecks than typically seen with electronic invoicing, which is more automated, accurate and more easily integrated with other systems in your organization.

Shifting to electronic invoicing also makes sense from a compliance perspective, and allows organizations to attain early payment discounts and more accurately report regulated financials. But where many organizations stop here, information leaders take steps to leverage additional value.

If the entire procurement-to-payment process can be conducted in near real-time, it frees up workers to spend less time matching vendor numbers and manually keying data from paper invoices, and more time looking for trends in purchasing habits, shipping times, vendor service level compliance and more. This information can then be used to inform decisions around information that was either previously inconclusive (lacking analytics), or intangible (e.g., what’s causing one branch to outperform another?). That’s why compliance addresses the foundation of the uncertainty pyramid — these issues are often at the heart of your business challenges.

Organizations need compliance to deal with much of their business information, but often fall short of making effective use of that information to respond to challenges that don’t easily present themselves on a balance sheet or operating report. And with the flood of information flowing into organizations only increasing, compliance should be seen as less of a requirement, and more for the extended value it can bring an organization.
 
Dylan Williams
Dylan Williams is Principal Consultant for Ricoh USA, Inc. Consulting Services’ Governance, Risk and Compliance Practice Group, specializing in the design and implementation of efficient operational workflow processes that mitigate business information risk with transparency, integrity and accountability. A certified records manager and information governance professional, Williams excels at providing analysis and program guidance for healthcare, government, legal and corporate clients. He is an active speaker, a member of EDRM, CGOC, ARMA, CompTIA and the Institute of Certified Records Managers.