At regular intervals, we witness misconduct in companies and organizations. The federal companies SBB, SWISSCOM, Swiss Post and Ruag also made headlines last year with a lot of unpleasant stories, so that politicians and the federal councils felt compelled to take up the matter. The tenor in Bern was that new laws were needed and controls had to be tightened. Irrespective of the fact that the activism that came to light was probably more politically motivated, the parliamentarians showed the reflexive pattern that can be observed time and again of demanding more guidelines and more monitoring in response to undesirable events or conditions. The same is regularly observed in the corporate world. If our response to lapses is to react with more rules and more controls, and at the same time we share the experience of being surprised by them again and again anyway, we should take a closer look at our reflexive pattern of behavior. How successful and efficient is our concept when it comes to making things more reliable and safe?
Our 'compliance concept' is based on the assumption that rules and laws are operating instructions of systems of all kinds that describe how the systems deliver predictable output. It is also based on the assumption that people working in the system will adhere to these operating instructions, that they will be compliant. The third component of this concept is control. It ensures that the operating rule is implemented correctly, and that people comply with it. In a nutshell, the concept consists of rules, compliance and audit. But now we find that this transactional, causal approach reveals its weaknesses to us over and over again.
Lack of competence
Investigations of undesired events in high-risk environments, where the analysis of what has happened is carried out with particular thoroughness, show that in complex systems situations repeatedly occur for which the operating instructions did not provide any guidance. Further, we find that failures occur in our systems even though everyone has done everything 'right' in terms of following the operating instructions. It gets even worse. We further find that things have often turned out just fine because one or more actors in the system have not followed the operating instructions. All these situations show us in an unpleasant way that we are increasingly overtaxed with writing operating instructions for complex systems. We have to admit to ourselves that we lack the necessary competence.
Leadership is the order of the day
For the actors in complex socio-technical systems, the challenge of doing the right thing in the right situation is becoming increasingly important. Simple compliance with the rules is increasingly falling short of the mark. Conveniently committing only to compliance will have to give way to subject commitment, as unpleasant as it may sound. Responsibility for the matter at hand is coming to the fore. Leadership is the order of the day - for everyone. For management as well as for the employees. If things are to be safe and reliable, everyone must take responsibility for the matter in hand. Compliance is a child of the organizational paradigm. As Frederick Winslow Taylor pointed out in his work "Principles of Scientific Management" as early as 1919, it is part of the factory system of the industrial revolution. It belongs where man is understood as part of the machine, where everything can be controlled and monitored as in a machine, where the company becomes an organization. Compliance belongs to where thought work is separated from execution work. The fact that the person who thinks today has to learn that he is no longer up to his task puts the other person, who was used to making his contribution by simply following the rules, in the spotlight of co-responsibility for the overriding whole.
Rethinking the importance of compliance
In the past, we have contributed a great deal to the fact that compliance has become rampant. As important as it may be in causal contexts, today it has a corrosive effect in complex environments, in times of change, crisis and transformation. It is appropriate to reflect now on the importance of compliance. We would do well to look closely at where it can still play its role. We should set about singling out those areas in the company where it is not up to the job. Where its misaligned incentives are causing collateral damage and where it has become blunt as a tool for reliability and safety. Inherent in compliance is the arrogance that the thinker is right. By now we know that no authority has ever succeeded in explaining the world to us, let alone writing us an instruction manual for it.
The task of leadership
In view of the increasingly recognizable excessive demands, humility would be called for and a willingness to embrace new things. If the task in our world is to navigate around cliffs, manage risks and avert damage, and thus ensure safety, leadership will have to position itself differently. It will increasingly have to deal with the question of how a climate of trust can be built up in the organization or in the company. How to shape cooperation that defies the rigors of complexity. It will have to turn to a credo that aims to understand the system. It will make learners out of everyone; itself as a role model in front. It will build in reporting systems and make every effort to ensure that those who report do not have to be afraid. All this will help to anchor organizational learning, to perceive events as opportunities and to understand human fallibility primarily in the light of system complexity. As a result, emerging problems become low-threshold addressable. The probability decreases that decision-makers will find themselves in an escalation or that they will learn from the press what is going wrong in their own company. If one follows up on undesirable incidents by tracing their history, it is often found that there were people in the organization who knew about them. In most cases, there were also indications of the developing event, but these were not systematically recorded and analyzed. The showcase on this topic is the unspeakable misconduct and the intrigue associated with it at Zurich University Hospital. The failure of the 'compliance approach' came to light in all sharpness and the decision-makers were prompted to turn to safety culture under the situational pressure. We are following the developments with interest. Hierarchies have to be broken down, silos have to be collapsed and key players have to become learners.
What we need
Against this backdrop, the reaction of politicians and councils to the lapses in federal companies turns out to be understandable, but neither efficient nor up to date. What the companies need is a legal framework that allows them to build sustainable safety cultures. That would be the job of parliament. There needs to be effective protection of the reporting persons and the safety data collected in the safety management systems and the 'Critical Incident Reporting Systems' of the health care system. We need strict separation of incident investigations dedicated to learning from law enforcement investigations. We need criminal legislation that focuses not on harm, but on the causes that led to harm, and we need strong legislation that allows accountability not just of individuals, but of bodies and decision-makers who bear systemic responsibility. In our complex world, legal procedures are needed in which it is possible to answer the important question of which is the greater good for society in the case under consideration: To learn as much as possible from what happened or to find and punish the guilty. And we need a more relaxed approach to whistle-blowing. In all of this, the councils would have a lot to do. That they have responded to misconduct in federal companies with scrutiny and suspicion has not helped all the much-needed changes to the legal framework one bit.
It's time to rethink.