Comply or die
FROM FINANCE TO HEALTHCARE TO TELECOMMUNICATIONS, the already long list of compliance regulations keeps growing.
And each time a new rule or restriction is added—regardless of how well-meaning it may be—the project teams and organizations it affects have to adapt.
To ensure that change occurs with minimal disruption, organizations are launching more compliance-based projects to align themselves with new regulations or meet new industry standards to stay competitive. These endeavors represent interesting twists from their traditional project counterparts. For one, changes in compliance standards can be extremely disruptive to an organization. The risks are different, budgeting and ROI often take second stage, and there's rarely any flexibility to deadlines.
Of course, organizations in industries where regulations and standards are part of doing business have learned to adapt. Here's how organizations in three industries make the most of mandates.
The Search for ROI
The global economic crisis sparked calls for increased regulation of the financial industry. A March 2012 survey by Thomson Reuters Governance, Risk & Compliance found that 84 percent of financial compliance officers expect to handle more regulatory information in 2012.
In November 2011, the U.K. Financial Services Authority's mandate requiring firms to record all trader mobile phone calls went into effect. Banks spent the previous 11 months in a mad rush to launch projects to meet the new requirements by the deadline.
“In these instances where our organization is looking at an absolute drop-dead date, there is no need to make a business case, and the traditional focus on a budget is non-existent,” says Nigel Cannings, technical director with Chase Information Technology Services, London, England.
That makes it extremely difficult to tangibly demonstrate ROI, he says. “Unfortunately, you can't measure against regulatory fines the organization does not incur,” he says. “You can look to competitors and see how they are affected in terms of financial and reputational damage for regulatory breaches, but doing so is very speculative.”
Instead, Mr. Cannings' team used the government mandate to build out recording capabilities and seek new efficiencies within existing systems. Specifically, as part of the compliance project, the financial organization consolidated platforms, including eliminating multiple repositories for email and voice and instant messaging.
Mr. Cannings' team also faced major security issues when it came to the mobile recording issue. The easy answer would have been to allow a service provider to record the calls, store the data within the cloud and offer access on an as-needed basis. “Not surprisingly, financial institutions are paranoid about letting data leave the firewall into someone else's control,” he says. The solution: an internal cloud provision, with the application vendor providing a black-box solution running completely behind the company firewall.
Despite bitter commercial rivalry among banks, though, financial compliance teams are keen to learn lessons from one another to avoid repeating missteps. “For instance, two of the major U.K. banks just experienced an enormous computer glitch, blocking millions of people from access to their accounts,” Mr. Cannings says. “While financial organizations may see this as an opportunity to attract disgruntled customers, compliance officers see it as an opportunity to learn, knowing the shoe could be on the other foot tomorrow.”
Planning Among Uncertainty
On many healthcare projects, regulatory compliance means uncertainty from the start. That's because new regulations often are unclear at the time when compliance projects must be launched, says Tamara Morgan, PMP, principal at TKM Health Care and Project Management Consulting, Sacramento, California, USA. Even worse, regulations are prone to change after project deployment.
“The company invests significant capital, builds up operational capacities and leverages significant resources—human and otherwise—only to find regulations change after deployment,” says Ms. Morgan, who specializes in healthcare project management and development of government healthcare projects.
For example, U.S.-based hospital systems must comply with the U.S. Affordable Care Act (ACA), which, among other complex requirements, states that most adults must maintain health insurance coverage. While healthcare firms waited for the U.S. Supreme Court's ruling on the act's legality—it was ultimately upheld—they had to move ahead on various components.
One of the top priorities is obtaining meaningful use—achieving significant improvements in care—to meet requirements set by the U.S. government, and other electronic health record (EHR) incentives and regulations.
“Any organization that puts up so much capital in meeting the compliance for ACA to obtain meaningful use or other EHR incentives and regulations must have a backup plan,” says Ms. Morgan. She is currently working on a project to ensure a hospital system complies with ACA by providing higher-quality care for Medicare beneficiaries and reducing growth in Medicare expenditures.
Organizations must also “do a cost-benefit analysis to determine if their project plan to improve the business infrastructure ultimately makes sense for the organization, regardless of rules and regulations,” she says.
When it comes to ACA compliance, governance is a major driver of successful project outcomes. At the start of the project, healthcare project managers should integrate key stakeholders and end users into the project task force and vendor selection process to ensure buy-in on ensuing changes, she says.
Clinicians, doctors, pharmacists, nurses, physical therapists and other healthcare staffers can serve as subject-matter experts when it comes to integrating EHR and healthcare IT solutions with health information systems used by other healthcare providers. “They are the ones in the trenches who will use the systems daily,” Ms. Morgan says. “They help ensure the healthcare IT and EHR systems are in compliance with regulatory requirements, as well as determine if all aspects of a patient's medical records can be fully integrated into a single secure system.”
Project managers also should involve those stakeholders and end users in vendor selection, as more than 100 companies currently offer EHR and healthcare IT products. “Ideally, vendor selection would take place once requirements are gathered and agreed to by the task force or project team,” Ms. Morgan adds.
A Competitive Advantage
With constant advances in data-driven smartphones, wireless providers worldwide continually push to comply with evolving industry guidelines set by the 3rd Generation Partnership Project. While there are no fines for failing to comply, not doing so can have dire consequences. Specifically, it currently means missing out on the generation of devices built to operate on 4G—and missing out on driving subscriber activity.
The industry-wide initiative to convert to 4G focuses on simplifying the network architecture to an Internet protocol-based system, and increasing the capacity and speed of wireless data networks using digital signal processing techniques and modulations.
As a result of the 4G push, the Emirates Integrated Telecommunications Company—branded as du—has rolled out more than 300 4G sites and is adding more based on the company's ability to satisfy data and bandwidth requirements within the most popular target areas. But rollout of each site depends heavily upon the network technology already deployed within each identified target area. So the challenge for project managers lies in fine-tuning the actual deployment to fit the specific tower or network configuration, says Muhammad Amjad, PMP, du's Dubai, United Arab Emirates-based project manager of broadband wireless.
As with traditional projects, the business case for compliance-driven projects is extremely important, and expected ROI is established during project initiation. “None of the projects move forward until the business case is justified, and these are reviewed at multiple tiers of management approvals,” he says. “But all compliance-based projects we work on also are technology upgrades to keep up with and excel past the competitor.”
For the 4G initiative, successful completion ensures the company remains a top-tier competitor; failure to do so means it must operate as a second-tier competitor.
“Most of the ROI calculations are with assumptions that first-to-market is more important than short-term returns,” Mr. Amjad says. “Part of fully complying with the standard goes beyond being first-to-market in our region—we strive to be the first to the market with best quality.” PM
OCTOBER 2012 PM NETWORK
PM NETWORK OCTOBER 2012 WWW.PMI.ORG