The Cost Of Compliance

Posted on by Chris Brooks

‘Compliance Monitoring’ is a misleading term; misleading in that it gives the impression that ‘compliance’ is about nothing more than auditing.

There is far, far more to the field of compliance than mere auditing (although, that is a considerable skill in itself).  A ‘compliance manager’ IS NOT an ‘audit manager’.  Nevertheless, ‘compliance monitoring’ is the term in widest use.  The oft-forgotten element is exploiting the specialist knowledge of the compliance post-holder, in the resolution of regulatory problems.

The value of compliance monitoring lies less in the number of audits completed, or in the number of non-compliances raised, and much more in the standard of the responses to those non-compliances.  As organisations become busier and more complex, the negative effect of non-compliances becomes progressively greater and maintaining compliance becomes more difficult.  Finally, compliance can – and should – make a sizeable contribution towards developing the capabilities of an approved organisation.

The Basic Purpose

An organisation requires national authority approval(s) in order to do business, i.e:  to generate revenue.  To maintain those approvals, an organisation must remain in compliance with all of the applicable regulations. 

To remain in compliance, an organisation must maintain a set of procedures – in the form of controlled manuals – that must be followed at all times.  The basic premise that I employ is to teach that an approval is akin to a contract, and that procedures and manuals are akin to the terms of contract.  A sufficiently severe breach of those terms may lead to limitation, suspension or permanent withdrawal of an approval.

Cost Centre

Of course, there are standing costs for any compliance function:  salaries, IT subscriptions etc.  This is precisely the same as for any other function however, compliance is often viewed as a cost that must be borne only for regulatory reasons and it is common for it to be seen as a ‘tick in the box’ exercise only.  Having held post-holder approval from 14 different authorities, and having worked in seven countries, I can bear witness to the considerable degree of variation that exists.

Although cost is always an issue, each non-compliance has a degree of operational risk associated with it and the end effect – in isolation or in conjunction with other non-compliances – might be severe in terms of safety.  Compliance monitoring is part of the overall system for management of an organisation; it should NEVER be considered to be something to which managers turn their attention only when they are not too busy with other matters.

I have even been asked to slow down the raising of non-compliances on the basis that staff are very busy.  This is to lose sight entirely of the most fundamental purpose of compliance:  to ‘defend’ the approval under which an organisation does business.

Independence

All personnel, especially post-holders, are responsible for ensuring that procedures are complied with.  The compliance monitoring function is the independent means by which compliance is checked. 

Independence is required, for two particular reasons:

  1. Impartiality of oversight;
  2. Maintenance of sufficient resources for oversight.

Whilst the former (a) is understood, the latter (b) is often overlooked by both approved organisations and by national authorities.  Whilst I have a method for calculating the manhours required for maintaining a compliance monitoring function, very rarely have I been asked to demonstrate sufficiency of resources.  When the method I employ is used, the following is the type of plot of manhour loading that might result prior to any adjustments being made:

The Commercial Aspect

The safety management and the compliance monitoring systems are, often, the first to be examined during third-party audits and are often those functions that are examined in the greatest depth. 

These two systems are, therefore, critical in gaining new business and in renewing / gaining national authority approvals.  Non-compliances always will be found during a third-party audit; the key is to demonstrate that the compliance monitoring system is sufficiently effective to ensure that they are addressed in a timely and effective manner.  In other words, both facts and impression matter.

I advise that the following steps (as a minimum) be taken in preparing for third-party audits:

  1. Complete pre-audit questionnaires in detail, with precise answers and in good time (Note (1));
  2. Provide supporting evidence to all answers to questions on the pre-audit questionnaire;
  3. Prepare in advance to present the completed questionnaire and supporting evidence at audit;
  4. Even if not requested, prepare examples of additional material that demonstrate effectiveness of the compliance monitoring and safety managements systems (Note (2)).

Notes:

  1. It is NEVER good enough to state ‘Yes’. Qualify the answer with, at least, a reference to a manual. If there is a deficiency, be honest and mark it (in such cases, demonstrate at audit that solid action taken to address it).  The following is an example from the SMICG Evaluation Tool:
  1. Safety promotion material (newsletters, presentations etc), examples of non-compliances, briefing on the functioning of the SMS/CMS software (if used) etc.

Cost Avoidance

This is where specialist knowledge and imagination should be exploited. 

Let me give you examples of issues I have been able to address:

  1. Gaining a one-off ‘B’ scope of approval, by engine serial number (the spare, on a transport stand) and SB number, so that a SB might be accomplished off-wing;
  2. One-off approval of a base maintenance provider for a C-check, to avoid loss of the only slot possible, arising from the non-availability of the NAA;
  3. Temporary variation of the MEL (with the permission, of course, of the authority), with mitigating measures, to avoid placing aircraft out of service prior to completion of permanent rectification action for a defect;
  4. Cancellation of fines arising from departure procedure violations;
  5. Reduction of fines for noise violations;
  6. Return of excess landing fees charged;
  7. Avoidance of re-certification of work during aircraft changes in register;
  8. Use of management of change hazard assessments for the approval of post-holders;
  9. Standing approval of TCCA maintenance technician licences under a foreign NAA (by introduction of a comparative analysis in the MOE);
  10. Early approval of post-holders, based upon a management of change assessment design to mitigate shortfalls in qualifications and experience;
  11. Approval of hazard assessments required for re-starting flying operations during the COVID pandemic;
  12. Employment of task-trained certifiers in place of greater numbers of B1 / B2 certifying personnel.

Items (1), (2) and (3) amounted to an estimated saving of USD 1.5m.  To put it another way, the amount saved by only three initiatives was in excess of five times the annual cost of the compliance monitoring function.

Postscript

If someone tells you that a certain thing cannot be done, remember that there is – often – more than one way to solve a problem.  Frequently, we are restricted by a lack of imagination and a reluctance to ask a novel question.  If someone tells you that compliance is an overhead and nothing more, remind them that your compliance specialists might be key in both retaining existing and in gaining new business.

Footnote:

Should further information be required, including a .pdf version of this article, please contact the Author.