Some organisations have invested considerable resources in developing a granular, global, picture of their businesses’ Health, Safety and Environmental (HSE) legal compliance. Indeed, there are a number of niche service providers of this regulatory content, others have made little or no effort to formally recognise the detailed obligations placed on their businesses.
The fact that approaches can differ so considerably, suggests that the very detailed and potentially costly approach, isn’t universally effective or required – if it were, surely all organisation’s would be doing it by now?
There are several stages in developing a robust legal compliance framework; from identifying all applicable obligations, to translating those into meaningful business requirements, before evaluating current compliance levels and taking any action to address identified ‘gaps’.
It’s only this last action to address gaps, that has any real bearing on risk level – and in practice, many of those ‘gap closing’ activities may simply be about tick-box compliance, rather than addressing real risk – which if significant, would likely have been revealed elsewhere, already.
"In practice, creating a granular register for legal compliance will do little to exercise this duty [to manage risk]"
Those who’ve taken a detailed approach may look over the fence with frustration, wondering how their less well-structured peers are surviving without a detailed and granular process in place. We have seen a few factors in play:
"Whilst there’s no clear answer, there absolutely is a case for all organisations to take stock of their approach to legal compliance"
Of course there is more to the story; ISO standards for HSE imply a need to document relevant legal requirements, many of the fundamental duties placed on business are common across multiple jurisdictions and so are familiar to most, and in some cases, organisation’s develop their own ‘ruleset’ which is seen to supersede specific local legal requirements; instead taking the most stringent local requirements and applying them globally.
Whilst there’s no clear answer, there absolutely is a case for all organisations to take stock of their approach to legal compliance, to understand where they sit between the coordinates of a granular register and ‘not knowing’, before asking whether they are where they need to be.
The place businesses ‘need to be’, invariably, is the place that enables them to best manage the risk of harm, with the finite resources available – a complex legal compliance programme may therefore be counter-productive for some.
Determining where you are, and should be
Answering some headline questions could be useful in framing the conversation for your organisation:
Complexity and strong performance are not inherently linked, and that’s almost certainly the case when managing HSE risks. There should be clear line of sight between any investment of effort, and a proportionate benefit to the organisation. Putting a scale to the benefit you expect to realise from investing in a HSE regulatory compliance programme should be core to determining type of approach will best fit your organisation.