Compliance Projects – “Good Enough” is Sometimes Good Enough!

Jim Collins wrote “Good is the enemy of great” as a corollary to Voltaire’s quote “Le mieux est l’ennemi du bien” (“The best is the enemy of the good”).

This phrase comes to mind when reviewing a common approach to improving organizational project management capability.  A catalyst motivates the leadership team to invest in project management improvements – perhaps it’s a string of failed projects, or reduced market share resulting from poor portfolio decisions or from increased time-to-market.  A consulting firm is brought in to implement a governance framework, processes & tools to address the issues.  The organization’s project management capabilities initially improve but then they stagnate.  Sometimes, this is a conscious decision if the perceived benefits resulting from continuous improvement are less than the change management and financial costs incurred.   Unfortunately, a many times it is simply a shift in priority – once project management maturity is no longer the “flavor of the week” or the management team is more keenly aware of the change management involved, the initiative gets shelved.

The one scenario where a commitment to greatness can hurt an organization has to do with regulatory projects.  The FUD (Fear, Uncertainty & Doubt) factor associated with Y2K, Sarbanes-Oxley & HIPAA generated obscene amounts of effort and money to be squandered on projects that at best were gold-plating and at worst created critical opportunity costs for strategic (albeit discretionary) spending.  While we hope that management teams learn from their mistakes, it won’t be long before some new regulation emerges that restarts this process.

This is an opportunity for project management to evolve beyond its traditional role of planning and executing projects to ask the important question “Are we doing the right thing?”. 

The project manager can first confirm that their organization has a defined policy for the regulations.  I’ve witnessed some compliance projects whose scope was purely defined by a third-party consultant – this is akin to the fox guarding the hen house!  If your organization has not established a documented stance for compliance with a particular regulation, the project manager should push for that. 

Once an organization policy is in place, the project manager can facilitate the discussion between the compliance champions (who might be inclined to do too much) and business stakeholders (who might be inclined to cut corners) to forge a scope for the project that everyone can live with. 

At the portfolio level, it can become difficult to prioritize individual non-discretionary projects against the discretionary, strategic ones.  Depending on who has more influence, either the non-discretionary projects will get higher scores, or the discretionary ones will.  A better approach is to not try to prioritize these two different sets of projects against each other individually, but rather to focus on defining what percentage of financial or resource capacity will be allocated to each in aggregate.  Once that has been defined, it can then be left to the appropriate governance committees to decide how this allotted funding will be spent for individual initiatives.

Regulatory and other compliance projects are hygiene factors –  your organization won’t succeed through over-investment in these projects as your clients and regulatory bodies expect that you will be compliant.  Project management can play a key role in helping the organization strike the “good enough” balance between catastrophic risk and gold-plating.

Don’t forget to leave your comments below

---