Does your compliance approach measure up?
Compliance Assurance Management System Schema

Most companies publically express their desire to meet compliance obligations. This desire is typically expressed either through policy or values statements or through a Code of Conduct declaration. There are many and varied compliance demands placed upon a company either by law and regulation or through international and industry standards as well as other agreements that a firm may enter into voluntarily.

Achieving the stated desire to comply can be a daunting task and maintaining that performance over time even more demanding of resource and effort. So why should companies invest so much into compliance activities?

An event that might be considered a minor non-compliance can lead to a loss of reputation which can ultimately lead to a loss of revenue or community acceptance.
The answers are many and varied. First is the fact that many compliance activities are embodied in law and corresponding regulations. Failure to comply with these requirements can lead to civil or criminal penalties for the company and the individual involved. The worst case penalty being the loss of a company’s license to operate and/or the loss of the personal freedom of the individual involved. Secondly is the reputation of the company and employees. An event that might be considered a minor non-compliance can lead to a loss of reputation which can ultimately lead to a loss of revenue or community acceptance.

These punitive measures would probably be enough to justify pursuit of compliance as an important company imperative. However, there are at least two other reasons for striving to be in compliance and to do so at the earliest possible time in the product/process realization process.

First is the theory of prevention. When one reviews how the process of law and regulation works a common and important theme develops. Most laws are born just after something terrible has happened when we as a society decide that we are going to avoid repeating the conditions that caused the catastrophe in the first place. An example of this is the Process Safety Management series of national laws. These laws were promulgated after specific incidents that caused regulators to try to eliminate the conditions that caused the event. Laws such as the COMAH law of 1984 in the United Kingdom were promulgated after an explosion and fire in Flixborough, UK which killed 28 and injured over 100 people. Or the 1984 incident most attributed to getting the attention of regulators worldwide, the Bhopal accident, caused by a runaway reaction, which killed 2500 people and injured over 100,000. That event was followed by an explosion at a factory in Pasadena, Texas, in October 1989, which killed 23 workers and injured 130 others, demonstrated that these types of accidents could happen anywhere and caused OSHA to issue their PSM regulations and Canada to issue their responsible care program.

The second non-punitive rationale for striving to improve compliance performance is our innate ability to innovate when challenged. When laws and regulations are promulgated the typical first reaction from industry is that the cost or the schedule for the new controls and rules of operation will cause the affected company to become non-competitive. In fact with almost every major body of proposed regulation statements from industry associations seem always to be in this vein. Some might remember the hue and cry that came from the lead and petroleum refining industries when in 1973 the EPA initially tried to issue standards for the maximum level of lead in gasoline. However after this acrimonious beginning the innovative spirit of the petroleum and automotive industries allowed for lead free gasoline to be used in redesigned engines that did not lose power or ping loudly. Using this innovative spirit in an area that would not have received this attention except for the regulatory requirement allowed industry to continue in a profitable manner while also dropping the blood lead level by an amazing 78% between 1976 and 1994, a major public health benefit.

For these reasons achieving compliance is something that every business strives for. To accomplish the goal each company or site has a compliance management system in place, even if they don’t call it as such. We do know that some do it better than others. Citation’s regulatory experts have many years of field experience and have witnessed literally hundreds of approaches to building and operating a compliance management system. This experience has lead Citation to build the Compliance Assurance Management System Schema. The Schema defines the elements contained in the most effective compliance management systems. These elements range far from the traditional purview of the EHS organization. The Schema, constructed around the ISO Plan-Do-Check-Act continuous improvement cycle, lists the 32 elements every good compliance management system must contain.

By using our vast experience in this area Citation has developed a Compliance Assurance GAP tool that allows one to review all 32 elements of the Compliance Assurance Management System Schema against four different levels of management system approach. By delineating the level that best matches the approach to compliance taken at your site you can determine just where your management system fits against best in class approaches. An analysis report will show you the GAPs and offer helpful suggestions on how to fill them.


We encourage you to fill out the short form below to set up an appointment with one of our management system experts. The review takes less than an hour but the results will help you build or enhance your compliance assurance management system that will return results for years to come.