Thanks for posting this query, currently I am working in Process Management Governance and Sarbanes Oxley Compliance area. My thoughts on on your views are
1. Compliance : Need for compliance originates from achieving certain business objects e.g. to bring the business harmonisation and uniformity in processes OR to safeguard the business assets including physical and brand OR to comply with local regulatory requirements. Hence compliance does achieves some business objectives. Managers may see compliance as necessary evil as the cost of non-compliance (e.g. Fraud, Regulatory Fines or Brand Image Loss) is not directly predicatable and quantifiable and has certain probability attached to it.
2. Objective of the management should be to convince the rank and file in the company to use the compliance procedures / steps as a set of opportunities to review the status quo and look for improvements.
Coupling these points would defeat the arguement of 'Compliance as necessary evil or facilitator'
Thanks for extending the scope of the argument beyond pharma alone. I think one important common denominator of the different compliance regulations is the objective of reaching transparency about what is going on in an organisation. Process control is one aspect of this, comprehensive and comprehensible documentation is another. Transparency in turn, is the essential prerequisite for assessment and improvement of any process.
Beyond legal requirements the skill of management will show in balancing the cost of reaching compliance with the benefit of leveraging the process (performance) transparency for process improvement.
Thanks for responding with further inputs ... and insight.
Yes, I believe that most of the organistions fail to upfront do the business case for a compliance programs ..bcos justl like any other intiaitive, this one also goes thru' its 'Hot Topic >>> Also Ran' phase and participants starts getting fatigued with doing similar control checks and compliance reporting year after year.
It would be good, if the organisation does proper ROI around compliance programs as well, to
- Calculate the cost of compliance (investments)
- Returns (Business gains by not getting NCRs on audits or more serious like litigations or lawsuits, loss of brand name)
This ROI if established early on ...will help convincing the manager that 'operation certain control' , ' maintaining certain documentation ' has business gains year after year,