In our previous blog “evaluating compliance” we discussed the benefits of analysing compliance functions in the organisation, which enable us to identify trends and opportunities for improvement.
We are going to discuss what happens when we do identify non-compliance and actions that may be considered to assist in rectification.
Each organisation will vary in how instances of non-compliance are managed. It is integral that the culture and documented procedures within the organisation are such that employees feel comfortable and understand how to report suspected or actual non-compliance. Having a procedure for employees to follow, can assist in ensuring the process is fair and consistent.
Of course, the impact on the person/s and organisation needs to be established, then an analysis is required to identify the root-causes of the non-compliance, to ensure the most appropriate corrective actions can be undertaken.
Once the risk-analysis has been undertaken, there may be several actions or corrective actions, that need to be implemented, to reduce the recurrence of non-compliance. Corrections and corrective actions may occur simultaneously with investigations and continue following the investigative stage.
Corrections or corrective actions may include one or a combination of:
- Disciplinary action
- Training (or retraining)
- Communicating with stakeholders
- Changes to policies and procedures
- Changes made to other documentation (forms, checklists etc)
- Provision of additional resources
- Changes to equipment, including IT systems
- Changing organisational culture and behaviours
Communication is integral through the management of a non-compliance.
To assist in employee engagement of training opportunities, training should use real-life examples and relate directly to the roles and responsibilities of the employees. It may be advantageous to involve employees in decisions around the training that is required, to have them more engaged in this process.
If policies or procedures require amending, consideration needs to be had towards who will be responsible for updating these documents, how the updated documents will be distributed and how training and education will occur in the workplace around the updates.
Whichever corrective actions are implemented, they need to be appropriate to the non-compliance and minimise the risk of future re occurrences. It is important that evaluation occurs to reflect on the implementation and measure their effectiveness.
All corrective actions should be documented.
Our Manage Business Risk Course, facilitated by risk-expert, Steve Robinson, is a great course to undertake if you want further knowledge on undertaking root cause analysis and risk-assessments in your organisation. Manage Business Risk | Gray Management Systems (grayms.com.au)