White Paper Compliance-Innovation April 2013

Compliance-InnovationEnabling strategic growth

White Paper April 2013

Dr. Eleanor Doyle Stephen McCarthy Institute for Business Development and Competitiveness School of Economics University College Cork

Damien McGovern Compliance & Risks

2

Contents

Executive Summary 1

1 Introduction 21.1 Definitions 21.2 Structure of the Paper 7

2 Limitations of Current GRC and 8 Innovation Management Practices 2.1 Balancing the Upside and Downside of Risk Management 82.2 Misfit between GRC and Innovation Management Practices 102.3 The Millstone of Siloed GRC Systems 12

3 Compliance-Innovation 13 3.1 The Nature of Compliance-Innovation 13 3.2 The Evolutionary Demands Placed on GRC Systems 15 3.3 The ‘Golden Line’ of Absorptive Capacity 16 3.4 Virtuous Compliance-Quality Platform 18

4 Delivering Compliance-Innovation 23 through the Innovation Value Chain 4.1 The Value Chain and Innovation 234.2 Benefits of Compliance-Innovation: Operational and Strategic 244.3 Compliance-Innovation across Innovation Phases 27

5 Quality as a Unifying Goal of 29 Compliance-Innovation 5.1 Knowledge Work, Quality, and Productivity 295.2 Defining Quality for Compliance-Innovation 305.3 The Need for Cross-Functional Collaboration in Achieving Quality 31

6 Embedding Six Sigma Quality 34 into Compliance-Innovation 6.1 Driving Systematic Quality Standards through Six Sigma 346.2 Quality Incarnated - Compliance-Innovation Powered by Six Sigma 35 6.2.1 Core Quality Management Practices 36 6.2.2 Infrastructural Quality Management Practices 36

7 Conclusion 38

References 40

1

Executive Summ

ary2 Lim

itations of GRC

3 Com

pliance-Innovation4 Innovation Value C

hain5 Q

uality6 Six Sigm

a Quality

7 Conclusion

References1 Introduction

Compliance & RiskWhite Paper Compliance-Innovation April 2013

Contents Executive Summary

The current lack of integration of Governance Risk and Compliance (GRC), Innovation, IT and Strategy results in lost opportunities for growth. If a recent KPMG (2011a) Report reflects the true picture, less than 10% of businesses today demonstrate full integration of GRC activities with their business strategy.

This paper argues for Board level support for better ‘Absorptive Capacity’ across the entire organization to drive innovation, growth and sustainability. In GRC-specific terms ‘Absorptive Capacity’ gets at the ability to nail the various intersections of three fast-moving business targets i.e. (i) new regulations (policy, law, standards) (ii) product evolution (new and improved) and (iii) evolving intra-organisational strategic and operational imperatives.

Conceptually no more than a change from ‘strategic risk management’ seen through a cost lens, to a parallel focus on ‘strategic growth management’, seen through an investment lens, is called for. This paper sets out the types of benefits that can materialize, both strategic and operational, and identifies the activities within and across the Innovation Value Chain from which specific benefits and opportunities for growth arise.

Sustained growth can only come with change – in the things organisations do, the ways people work both alone and with others, and in why and how they share what they do and learn. Whatever creative talent and support for innovation exist in an organization the better its ‘Absorptive Capacity’ and the more good innovations of all kinds that are likely.

One vital element for Compliance Innovation is access to timely regulatory compliance information structured in line with a business’s product, market and geography focus. Decision makers need actionable information as early as possible. Modern IT makes this increasingly possible which is particularly welcome since much of the regulation aimed at business is not provided in a format, through channels or in a timely fashion to meet their information management needs.

Even in the 10% of cases where KPMG (2011a) found full integration of GRC activities with business strategy there is significant room for improvement in innovation and growth wherever ‘Absorptive Capacity’ is hampered by reliance on ‘dumb documents’ instead of transformed, structured content around external and internal requirements.

Put simply, investment in better ‘Absorptive Capacity’ will pay handsomely through everyone getting more of the information needed to get the right tasks executed sooner, faster, better and with more confidence.

A next major impetus for strategic growth can be funded through Compliance-Innovation a transformational process through which conformity with all requirements – compliance – drives innovations in quality.

2 Compliance & RiskWhite Paper Compliance-Innovation April 2013

1 Introduction

We explain how processes enabling conformity with requirements coupled with processes for commercialisation of knowledge offer potential for strategic business growth.

1.1 DefinitionsGovernance Risk & Compliance (GRC) GRC activities refer to organizations’ focus on identifying and assessing risks of all kinds, and particularly monitoring compliance with regulatory requirements. Brand protection is key, and its purpose tends to be around ensuring that commitments – mandatory but also voluntary – are fulfilled to avoid expensive breaches, business disruption or worse. GRC’s potential as a powerful energizing source of growth is notably absent from the GRC space yet represents a substantial, under-exploited opportunity.

Absorptive Capacity The Absorptive Capacity of businesses results from the routines and processes which enable knowledge workers to acquire, assimilate, transform and exploit information and knowledge for commercial ends. Knowledge integration across business functions and staff is the basis of modern competitive advantage, and the strategic growth-orientation of the business is the governing force for such integration. In GRC-specific terms Absorptive Capacity gets at the ability to nail the various intersections of three fast moving business targets i.e. (i) new regulations (policy, law, standards) (ii) product evolution (new and improved) and (iii) intra-organizational strategic and operational imperatives.

An organization’s Absorptive Capacity emerges as a ‘golden line’ on the border of two knowledge contexts – one relating to internal business objectives, activities and functions and the other to the external regulatory environment.

Compliance-Innovation Compliance-Innovation refers to an integrated approach to innovation processes and GRC activities across an organization. It requires elevating GRC from its traditional tactical-level focus to a more strategic role where opportunity recognition, innovation and business sustainability are at the heart of all strategic thinking. Compliance-Innovation is a transformational concept that provides organizations with a means to develop stronger Innovation Value Chains through the integration of GRC and innovation knowledge bases, in turn supporting commercialization and business sustainability.

Technology plays a crucial role here. Optimally integrated ICT platforms are essential in fostering strong lines of interdepartmental communication, and more importantly enabling continuous recording, storage and retrieval of knowledge. Good integration ensures that decision processes meet all contextual requirements. One vital element for Compliance-Innovation is access to timely regulatory-compliance data structured in line with a business’s product, market and geography focus.

To deliver Compliance-Innovation requires coordinating and integrating organizational routines in new ways - demanding changes in habits and routines to refocus managers’ attention on balancing the pursuit of business opportunities with the management of risk.

This paper introduces Compliance-Innovation and its potential to drive major improvements in quality, productivity and sustainability.

3Compliance & RiskWhite Paper Compliance-Innovation April 2013

2 Limitations of G

RC3 C

ompliance-Innovation

4 Innovation Value Chain

5 Quality

6 Six Sigma Q

uality7 C

onclusionReferences

1 IntroductionExecutive Sum

mary

1 Introduction continued

Compliance Knowledge Management System (CKMS) A CKMS is a relational database and knowledge management workbench comprising highly structured regulatory content (smart regulation) mapped to a range of other objects in the database including product categories, attributes, materials, substances, business, other legal and non-legal requirements, and supported by workflow, collaboration and reporting tools. It supports both internal and external communities of experts including business advisors and industry associations. By definition a CKMS is designed to support the development of Absorptive Capacity and must therefore integrate appropriately with other IT platforms and data sources allowing cross-functional teams to share and collaborate. It supports, in particular, the goal of ‘Mind of the Product’ whereby structured content and derived knowledge flow automatically to help users get work done sooner, faster and better.

Information v Knowledge In the context of Absorptive Capacity where information is coming to workers from external and internal sources, information becomes knowledge if and as it is contextualized, or given meaning and usefulness in the context of an organization’s culture, expertise, objectives, strategy and management.

As information is contextualized, filtered and directed, it becomes more useful to the right experts and decision makers. Learning organizations seek to make good, timely decisions and to make the reasons for decisions permanently accessible to others, and as understandable and useful as possible to both experts and non-experts. Information Technology can automate and support this goal, and can be significantly more powerful if the underlying content is structured and machine-readable.

It may be argued that knowledge is really only ever transferred between people with similar expertise because they understand the same contexts in the same way. In this case most communication between members of the same team can be said to be more likely to look like knowledge transfer, whereas communication between workers with different expertise, say an engineer to a sales person is more like information transfer, albeit contextualized with company-sensitive and often confidential information.

The nuance is important because at one end of the scale it is accepted that communication of information is easy whereas at the other end of the scale the transfer of wisdom is problematic. In between lies the challenge to transfer information that feels as often as possible like ‘knowledge’ where context and pattern are presented in a way that allows experts and non-experts alike to absorb what is useful in order to support company culture, objectives and strategy with good decision making.

In this paper where we refer to the transfer of knowledge within an organization we do so with an understanding that the way this is done makes all the difference. Take a simple example, an important communication between experts that lives in email exchanges that will never become part of the corporate memory, and is therefore lost, leads to a loss of potential value for the future.

Strategic Growth Our definition of strategic growth comprises several aspects explained here since strategic is widely used but seldom defined. Strategic growth is oriented to long-term business sustainability 1. Strategic growth puts innovative enterprises at the heart of economic development. Such enterprises are increasingly high-wage high-value-adding companies producing high quality innovative products or services for which consumers are willing to pay premium prices2. Innovation and how it is managed by business is, therefore, a central aspect of strategic growth.

Sustainability Sustainability has two meanings, temporal and environmental. In strategic growth terms both meanings can be conflated since consumer sentiment increasingly identifies environmental attributes as not only desirable but required. In order for sustainability to become a strategic imperative within businesses, it first needs to be identified and promoted as a means to achieving competitive advantage (Gladwin et al. 1995; Hart and Milstein 2003; Nidumolu et al. 2009; Porter and Van Der Linde 1995). Such a cognitive shift requires organizations to frame sustainability as a business opportunity rather than a risk, where practices such as ‘green’ procurement and production, product safety, longevity, end-of-life management, corporate social responsibility, financial transparency, and ethics are treated as value-adding attributes 3.

Sustainability has two meanings, temporal and environmental. In strategic growth terms both meanings can be conflated since consumer sentiment increasingly identifies environmental attributes as not only desirable but required.



Quality Quality is another aspect of our definition of strategic growth and it relates both to the manner in which businesses organise their activities to deliver value to consumers on a sustainable basis, and to the requirements to which those selected activities are aligned, including e.g. innovation and sustainability. Quality refers to more than ‘quality movement’ techniques and practices 4. It embraces business excellence themes that identify the need to integrate such tools and practices with a quality culture that encompasses elements of leadership, people-based management and customer focus (Dahlgaard-Park et. al 2013). Facilitating workers to think beyond their individual responsibilities and deliverables in the context of the needs and goals of the business (e.g. innovation and sustainability) is, therefore, intrinsic to quality 5.

Growth ordinarily relates to increases in amounts such as sales, output or profit but its second standard meaning is of interest here. This relates to improvement in quality as a result of a process of development or progressive change i.e. qualitative change. This process-oriented view, adopted by Penrose (1959), focuses attention on those conditions that favour growth and how both the “sequence of changes created by a firm’s own activities” and “the effect of changes that are external to the firm and lie beyond its control” must be considered when thinking about growth (Penrose [1959] 1995: 4). Our discussion of growth proceeds in stages where various aspects that impinge on it are considered and which, from our interviews with leading business practitioners (listed in Table 1) and our examination of research, must include sustainability, innovation, quality and compliance.

Strategic growth can be delivered through Compliance-Innovation a process through which conformity with requirements drives improvements in quality, productivity, and sustainability. Compliance here relates to conformity with all requirements, both legal and beyond such as business best practices and choices made to improve any operational activities, or self-imposed requirements to target the types and range of customers that have been identified in practice or from market analysis. In this process the GRC function is perceived as an engine for growth by facilitating commercialisation of knowledge and business sustainability 6.

Maintaining attention and focus on growth is a challenge for business in the face of increasing demands on Boards and Directors to address not only considerably more but increasingly complex types of risks. At the same time, capacity to adapt and reconfigure resources in response to market challenges, regulatory reform and complex stakeholder influences and expectations is necessary to achieve the strategic growth businesses need. Integrating Governance, Risk & Compliance (GRC) with Innovation activities and business strategy is a comprehensive definition of what we mean by strategic growth that attends to the innovation, quality and sustainability imperatives of business.

Maintaining attention and focus on growth is a challenge for business in the face of increasing demands on Boards and Directors to address not only considerably more but increasingly complex types of risks.


2 Limitations of G

RC3 C



5 Quality

6 Six Sigma Q

uality7 C

onclusionReferences


mary


Figure 1: Absorptive Capacity driving strategic growth

Brand Value

Innovation, Growth, Quality, Sustainability

Strategy

ManagementDashboardsPerformance

Risk/Opportunity

CKMGRC

Absorptive Capacity

SCM

CRM

ERP

Others

PLM

Info

rmat

ion

syst

ems

land

scap

e su

ppor

ts

Builds &

protects

Informs

Boar

d le

vel p

olic

y on

Integrated CKM is a Compliance-Innovation lever and pivot for increasing absorptivecapacity to drive strategic growth

CKM: Compliance Knowledge Management GRC: Governance, Risk & ComplianceCRM: Customer Relationship ManagementERP: Enterprise Resource PlanningSCM: Supply Chain ManagementPLM: Product Lifecycle Management


Andy Baynes Director Business Development and Energy Efficiency NA

Lettemieke Mulder Vice President Sustainability First Solar

Tom Butler Principal Investigator GRC Technology Centre, University College Cork

Sake Niemeijer Global Product Stewardship Director Automation and Control Systems Honeywell

James Carlo Cascone Principal Deloitte & Touche, LLP

Michelle O’Neill Vice President Government and Public Affairs EMEA Ingersol Rand

Etienne Celis Environmental, Regulatory and Standards Compliance Manager, GE Industrial Solutions

Theo Schoenmakers Director and Founder Schoenmakers Sustainability Consulting

Paul Coebergh van den Braak Senior Director Standardisation Philips

David Scuderi Environmental Affairs Manager Samsung

Jean Cox-Kearns Director of Compliance - Global Takeback DELL

Dirk Segers Regulatory Affairs Compliance Program Manager EMEA Agilent

Therese Deane Program Manager (Technical), Environmental Product Compliance EMC

Darrel Stickler Corporate Social Responsibility Cisco Systems

Ulrich Ellinghaus Partner Baker & McKenzie

Donal Sullivan Third-Party programme Leader Tyco International

Hudson Hollister Founder and Executive Director Data Transparency Coalition

Colin Thirlaway Global Product Compliance Leader Stanley Black & Decker

Corinne Holmes Senior Environmental Compliance Engineer Microsoft

Guy Van Doorslaer Secretary General of Several European Manufacturers’ Associations in the Engineering Industry

Ken Jennings Managing Director: Adjunct Prof. Environmental Management, K2J Environmental University of Marylandd

John Vassallo Independent Advisor to Microsoft, formerly VP European Affairs General Council with Microsoft and Head of European Office at GE

Table 1: Business/Compliance Professionals Contributing to Research 7



2 Limitations of G

RC3 C



5 Quality

6 Six Sigma Q

uality7 C

onclusionReferences


mary


1.2 Structure of the PaperIn Section Two the current state of GRC and innovation management in companies gleaned from both published research and from discussions with leading international companies is outlined, pointing to a new paradigm across both domains i.e. Compliance-Innovation.

The prevalence of siloed GRC systems and their implications are discussed along with the business implications of using ad-hoc IT platforms to deal with the ‘avalanche of regulation’ 8. GRC’s central contribution is rarely, if ever, defined in terms of sustainable or strategic growth. Its purpose tends to be defined around ensuring commitments – mandatory or voluntary – are fulfilled to avoid expensive breaches, business disruption or worse. GRC’s potential as a powerful energising source of growth is notably absent from the GRC space, and represents a substantial yet under-exploited opportunity. The recognized evolving role of GRC must change further so that its potential contribution materializes and it can return tangible business value from investments estimated in the US for 2010 at €30bn 9. Without further evolution in GRC, knowledge-based organisations continue to perceive GRC through a cost rather than investment lens, overlooking growth opportunities masked by the scale and pace of the regulatory avalanche.

Further detail on the nature of the Compliance-Innovation concept is provided in Section Three which outlines how, facilitated by Information Systems (IS) planning, platforms such as Compliance Knowledge Management Systems (CKMSs) can enhance organisations’ ability to acquire, assimilate, transform and exploit information and knowledge for commercial and business sustainability ends. The impacts on these various abilities, which are all aspects of Absorptive Capacity, points to a need for an integrating perspective on knowledge work and knowledge workers to gain not only the benefits from specialized functional

expertise but also cross-cutting contextual knowledge that supports information-driven decision-making processes.

In Section Four we specify the benefits – strategic and operational – generated by Compliance-Innovation by turning our attention to the Innovation Value Chain to identify the business activities upon which such benefits are founded. This allows us to indicate how the Innovation Value Chain can be enhanced through the transformation of GRC into an asset for strategic growth.

In Section Five the concept of Quality is explored as a unifying goal for Compliance-Innovation – a necessary measure for ensuring that knowledge workers are organised in a way that supports and facilitates productivity improvement. The importance of creating a consensual definition of Quality across knowledge workers is addressed, in addition to the need for cross-functional collaboration to deliver sustainable Quality through Compliance-Innovation.

In Section Six we offer one approach to implementation of Compliance-Innovation using Six Sigma like rigour, with a view to indicating how Six-Sigma’s intensive statistical and data-driven methodology could be employed to ensure that Compliance-Innovation activities direct unbridled attention towards conformity to requirements and commercialisation of knowledge. We then outline a set of core and infrastructural quality management practices to help embed Six-Sigma driven quality standards within the Compliance-Innovation paradigm.

We bring the paper to a close with some concluding comments.

The 6 sections that follow address innovation management, Compliance-Innovation, the innovation value chain, quality, six sigma and the conclusions drawn.


2 Limitations of Current GRC and Innovation Management Practices

2.1 Balancing the Upside and Downside of Risk ManagementIn the wake of the financial crisis and ensuing global economic recession, companies are increasingly conscious of the importance of risk management. The rise in economic, environmental, and social regulation (e.g. Sarbanes-Oxley Act, RoHS, REACH, WEEE), have brought compliance and business sustainability to the forefront of the management agenda (Butler and McGovern, 2008; Dyllick and Hockerts, 2002).

Monitoring, reducing risk and meeting compliance requirements are obviously key activities in all areas of decision making, and the GRC function has become a focal point for these tasks. The OCEG’s (2012) recent GRC Maturity Report indicated that most GRC professionals identify their primary task as risk management (50%), followed by compliance (43%), internal audit (36%) and governance (32%).

Similar research by the Ponemon Institute (2011) found that 83% of respondents identified risk management as the most essential activity in meeting GRC goals, while 63% said that compliance was a critical activity: a further 61% reported that developing strategies was a GRC priority (see Figure 2). A KPMG (2011a) study also found that risk management (51%) was the primary focal point for businesses in their drive towards integrated GRC, followed by tackling complexity (35%) and improving performance (32%).

This section directs attention to current paradigms at play within the GRC and innovation management domains. Although links between GRC and innovation management are seldom made, a range of inter-linkages between GRC and innovation management point to the untapped potential of organising business activities around such connections.

Assessing risk

Monitoring compliance

Developing strategies

Reporting to senior management

Creating and implementing policies

Analysing regulations

Administering program

Training and awareness

Responding to incidents

Advising the organisation

Figure 2: Essential Activities to GRC Objectives

83

63

61

60

50

45

44

43

42

40

%

Source: Ponemon Institute (2011; pg. 5)


3 Com


hain5 Q

uality6 Six Sigm

a Quality

7 Conclusion


2 Limitations of G

RCExecutive Sum

mary

2 Limitations of Current GRC and Innovation Management Practices continued

To deal with this uncertainty, to the extent that it can be assessed and measured, risk management aims to identify, measure, and assess the likelihood of favourable or unfavourable outcomes being derived from future events. Based on these assessments, a firm can achieve informed decision-making by taking their risk profile into account 10.

Indeed within many companies opinions diverge as to whether risk management should be opportunity (upside) or risk (downside) focused. A risk management survey carried out by KPMG (2011a) suggests that, on the one hand, CEOs tend to view risk as an opportunity while Boards and Risk Officers, on the other, are more likely to view risk as a threat to be reduced at all costs. According to KPMG (2011a; pg. 10), effective risk management must bridge the “gap between what the CEOs expect and what the directors, Audit Committee members and risk officers are actually doing”. Furthermore, 66% of respondents said their “board is unable to leverage risk information it receives to improve strategy” and risk management is often focused on a more operational level (KPMG, 2011a; pg. 13). This is a worrying statistic, as unless decision makers are fully aware of all the potential business opportunities and risk emanating from internal and external contexts they are unlikely to take effective action. In turn, it is possible that imminent threats will not be mitigated and opportunities for innovation will be missed by the business due to lack of strategic insight.

GRC expert Norman Marks recently challenged the idea that risk management is “about the downside” 11. From his work with GRC professionals Marks asserts that risk management is about influencing decision-making and achieving objectives through the provision of high-quality information. Drawing on the definitions offered by ISO31000:2009 and the COSO ERM (i.e. Enterprise Risk Management) framework, Marks argues that risk management involves “managing the effects of uncertainty – which can be positive or adverse” while helping a firm “get to where it wants to go and avoid pitfalls and surprises along the way”.

Growth opportunities are usually identified by the line of business managers, and then it’s up to the product management people to source or develop these types of products. Knowledge of and interpretation of emerging types of regulation and legislation is essential; and the second biggest thing is trying to drive some kind of innovation with the seam of sustainability. People then look differently towards designing and marketing of products, they approach these areas differently.”Theo Schoenmakers, Director of Schoenmakers Sustainability Consulting

While risk management can potentially drive performance, many companies are not yet prioritising GRC as an engine for sustainable growth which can open up new opportunities for innovation and enhanced decision-making. The implication is that opportunities are lost when GRC’s full value-adding potential is not recognised. Businesses’ perspective on GRC needs to balance both the up-side and down-side of risk management. Relevant challenges are examined next.

In essence, risk management arises due to the inherent uncertainty of future events and their associated probabilities of occurrence. (Tarantino, 2008)

“



2.2 Misfit between GRC and Innovation Management PracticesMcKinsey (2007; pg. 2) reported that, according to one third of top managers one of the primary reasons for the absence of sound governance and risk management in innovation activities is because companies ‘govern innovation in an ad hoc way’ i.e. they do not feel in control of the innovation process. In addition, companies were found to lack a structured approach for decision making for innovation and require enhanced risk management and modelling tools (see Figure 3).

Belloc (2011) identifies corporate governance as a key determinant of innovation capabilities and contributes to explaining why companies operating in the same market space achieve varying levels of innovation success. The role of governance in innovation is to bring cohesion between human and physical resources based on a structured relationship between corporate ownership, corporate finance, and labour, in order to derive benefit from investment decisions (Belloc, 2011).

A survey conducted by McKinsey on approaches to innovation found many ‘leaders lack confidence in their innovation decisions’. (2007; p2)

Making innovation a core part of the leadership agenda

Modelling behaviour that encourages innovation, such as taking risks

Improving tools and processes for managing innovation risk and making sound innovation decisions

Gaining alignment among senior leadership team on correct role of innovation in driving growth

Creating and communicating compelling story and sense of urgency about innovation

Clarifying accountability for innovation

Creating dedicated team or group outside core business to carry out innovation initiatives

Figure 3: Processes with Greatest Impact on Innovation Performance.

47%

58

4352

3541

3538

3333

2226

1924

Source: McKinsey (2007; p10) Top managers,2 n=722 Other executives, n=736


3 Com


hain5 Q

uality6 Six Sigm

a Quality

7 Conclusion


2 Limitations of G

RCExecutive Sum

mary


A different survey by McKinsey (2012) found that half of organizations segregate their innovation portfolio among distinct innovation functions and so independent silos characterise the functions. This implies that numerous innovation models are being employed across business units with little, if any, integration across projects. Again, a lack of consistent governance among innovation activities is identified as contributing to poor performance tracking and bounded decision-making across siloed innovation structures. To achieve sustainable innovative performance a business needs strong corporate governance to influence decisions, allocate resources and exert organizational control for cohesion of purpose. Corporate governance refers to the structured management of processes, systems and controls that contribute to an organisation’s operations. Corporate governance can involve activities such as decision-making and resource deployment to protect a stakeholder’s interests and meet requirements. In addition, proactive governance helps businesses remain agile to changes in the internal or external environment i.e. moving into a new market, responding to competitors’ actions (Tarantino, 2008).

Nearly half of respondents indicated that creating a clear and integrated strategy between separate functions was the most significant challenge they faced (McKinsey, 2012). Over half (56%) of respondents said achieving this depended on strong leadership and company level support and a positive correlation was found between the amount of such support and a function’s ability to meet innovation objectives i.e. profit and cost targets. McKinsey (2012) argue that the best measure of innovation success is how well a function plays its respective role in the broad innovation process 12.

The link between GRC and innovation management is not often made, thereby ignoring implicitly or explicitly the positive influence that GRC may exert on a company’s innovation processes – available opportunities for growth can be overlooked and missed. With strong GRC capabilities in place a business is better able to make informed decisions on innovation activities relative to its internal and external contexts (OCEG, 2012). Furthermore, when a growth-oriented perspective on GRC is created and maintained, the GRC function has, like any others, within its remit the requirement to contribute to idea generation by identifying and assessing opportunities while scanning its regulatory environment. Poor strategy-GRC integration can slow down this progress evident in KPMG’s (2011a) finding that only 9% of companies have fully integrated their GRC activities with business strategy so far.

I think the first step is you have to be compliant to operate - there’s no question there. And of course you can improve all of your processes. The second thing is maybe going beyond compliance and making compliance something strategic, so that’s something that I’m trying to do in my company and previous companies I’ve worked in. When you’re lobbying on a piece of legislation, you are at times looking at going beyond compliance and getting a competitive advantage in the marketplace. For example, complying early perhaps, or complying in a better way. If you think about green issues, being ‘greener’, or being seen as more sustainable, and actually going beyond what you think that legislation will demand of you. Going beyond compliance is becoming more and more important for delivering customer value, for instance in relation to environmentally sustainable products and services.”

Michelle O’Neill, Vice President Government and Public Affairs EMEA, Ingersol Rand

It is essential for GRC activities to be fully integrated with strategy in order to provide decision makers with a clear mandate for balancing the pursuit of business opportunities with the mitigation of risk. In addition, by elevating GRC to a strategic level within the firm, other business leaders will begin to recognise the importance of dealing with contextual requirements in an integrated manner, thereby helping to foster greater cross-functional collaboration (PWC, 2012).

In the following section we contend that one important reason why GRC has not yet been identified or prioritised as a driver of growth is that the prevalence of siloed GRC systems has impeded progress (PWC, 2012). Due to the absence of an integrated GRC data repository, most organizations are likely to be unaware of the strategic potential offered by integrated GRC systems and, therefore, its potential as a tool for driving sustainable growth has therefore yet to be fully realised (Butler & McGovern, 2012).

Compliance should be incorporated in the strategic planning process and is fundamental to innovation. Companies make large investments in R&D and marketing when taking products to market. If compliance requirements are not incorporated in the ideation and go/no-go decision process, this may result in non-compliance with standards and regulations in certain countries. Financial costs associated with downstream product design modifications or product recalls may delay market entry or cause reputational damage.

Compliance should be at the forefront of product innovation strategies. Technology also plays an important role. It provides insightful information to the Chief Compliance Officer (CCO) regarding not only standards and regulations, but emerging issues as well. Armed with this knowledge, the CCO becomes integral to teaming with marketing and R&D throughout the design process in enabling speed to market, while helping the organization avoid costly fines, recalls, or design changes. The right technology can enable the CCO to become a valued contributor in achieving the company’s strategic goals.”

James Carlo Cascone, Principal at Deloitte & Touche, LLP

“

“



2.3 The Millstone of Siloed GRC SystemsAs the pace of production of regulations increased over recent years organizations reacted logically by developing internal risk and control activities. However, since many investments were made at a tactical and geographical level by different budget holders, there was often little thought given to the integration of similar activities - governance, compliance, and risk functions were left disconnected across the business (Price Waterhouse Coopers, 2012). In many firms, issues such as siloed structures and resulting data duplication adversely affect the information management practices of GRC functions (OCEG, 2012a; Price Waterhouse Coopers, 2012). In addition, an exorbitant level of spending is often required to maintain these siloed GRC systems, as process inefficiencies rise with increased business complexity (Ernst and Young, 2010).

Well what I’ve basically seen (used for managing GRC activities) was typically home grown solutions. People will track and trace on Excel spread sheets. Some departments have built internet databases; some were using Outlook and its associated tools… And that is typically something that is never as well realised as when you have an automated system which facilitates a complete networking of all this knowledge. Because it breaks down as soon as things rely on email and telephone and there’s not a central knowledge system that allows and mandates people to enter things that happen in a certain country, where developments are going…. People change and there’s a lot of things that need to happen again and again because the knowledge is not really well managed.”Theo Schoenmakers, Director of Schoenmakers Sustainability Consulting

In our interviews conducted with compliance professionals we discovered a number of issues inhibiting the evolution of integrated GRC systems. These include lack of organizational support, development complexity, functionally siloed IT infrastructures with stand-alone applications, and ad-hoc communication and knowledge management systems. Our results align with those of the OCEG’s (2012a) GRC Maturity Survey (see Figure 4).

As business environments continue to grow in complexity, and the ‘avalanche of regulation’ mounts increasing pressure on firms’ compliance capabilities, a divergent approach to GRC systems can lead to the duplication of

data and responsibilities across departments, and often hidden absence of responsibility where the extent of the avalanche is not perceived or is ignored. As a result, decision-making and quality management are also hindered as critical knowledge is not readily accessible and workflow cannot be managed in a transparent way. As we found from our primary research, companies that operate at a global scale are highly dependent on their knowledge and information management capabilities to ensure that their businesses and products remain compliant across global marketplaces. Technological advances now mean that integrated GRC knowledge management systems can effectively address organisations’ contextual challenges through cross-functional collaboration and risk management practices (OCEG, 2012a, 2012b). The nature and extent of integration must resonate with the business reality of those growth-oriented GRC functional experts, whatever their title, domain or expertise and remove the limitations created by silos.

“In certain sectors of environmental requirements there has been an acceleration in the number of regulations that apply to electrical and electronic equipment. For example, if you go back to 2005 there was only EU RoHS (Restriction on Hazardous Substances). Now we have RoHS in California, China, Japan, Korea, India and Turkey. The number continues to grow and all are slightly different. So even considering only RoHS, regulatory complexity grows for manufacturers as it proliferates. Another source of added volume and complexity of environmental compliance is chemical safety. There used to be a clear demarcation between safety and environment, particularly in the area of electronics. If you were a safety person, safety was more associated with electrical fires and associated issues. Now there are a number of safety requirements that involve chemicals in products and packaging. Examples include the Consumer Product Safety Improvement Act (CPSIA), and its revision for the safety of toys, the REACH requirement, the Toy Safety Directive and its many analogs around the world. Toys, especially, are subject to a daunting number of country-specific marks, documentation and tests. All of this adds considerably to the volume and complexity of regulatory compliance creating a need for greater cross-collaboration between those who have historically been in the safety industry and those who have responsibility for the environment.”

Ken Jennings, Adjunct Professor, Environmental Management at University of Maryland, Managing Director at K2J Environmental

Lack of championsNo established strategy for integration efforts

Inability to secure program/department cooperationNo compelling business case or method to demonstrate ROI

Belief it is too complex to undertake integrationIT not aligned with GRC needs

Not knowing how to startOtherNone

Figure 4: Organizational Barriers to an Integrated GRC Approach

40.8

“

%

39.634.834.6

31.626

16.67.8

5Source: OCEG (2012a, p. 22)


2 Limitations of G

RC4 Innovation Value C

hain5 Q

uality6 Six Sigm

a Quality

7 Conclusion


3 Com

pliance-InnovationExecutive Sum

mary

3 Compliance-Innovation

“

A lack of experience in working with such integrating systems and what they can offer is an understandable barrier to appreciating the potential impact that may be gleaned from using such systems. Penrose (1995[1959]: 53) explained in the context of the learning that results from experience, it “shows itself in two ways – change in knowledge acquired and changes in the ability to use knowledge…with experience a man may gain in wisdom, in sureness of movement, in confidence – all of these become part of his very nature, and they are all qualities that are relevant to the kind and amount of services he can give his firm” (1995 [1959]: 53).

GRC has to date failed to deliver Boards with a comprehensive profile of its role and potential impact in terms of the function’s ability to contribute to manage the uncertainty around both favourable and unfavourable events. Therefore, a change in mind-set is required to alter and enlarge the perspective on GRC above and beyond risk aversion to encompass an opportunity-orientated view. A means of achieving this is provided in the form of the concept of Compliance-Innovation which is explained and unpacked next.

3.1 The Nature of Compliance-InnovationOur growth-oriented perspective on GRC is termed Compliance-Innovation where GRC activities are integrated with innovation processes. To unpack what the concept entails we explain how it builds on the practices and theory of innovation management and the concept of Absorptive Capacity.

Boards of Management and CEOs are always seeking ways to increase innovation and drive growth, while still meeting business sustainability goals through compliance requirements and risk mitigation (Accenture, 2011; KPMG, 2011a). Based on discussions with interviewees, the primary obstacles to unifying departments were the following: limited resources, lack of top management support, and the inherent complexity in implementing an integrated GRC system. GRC has traditionally been more focused on risk mitigation activities rather than pursuing opportunities for growth, while marketing departments tend to be more focused on getting a product to market quickly, sometimes to the detriment of GRC requirements.

In most cases mid to long term activity (of the) regulatory (department) is often seen as a cost centre because you don’t have a quick return on investment. And especially if you talk to marketing and sales people they want to cash in as soon as possible and if they need to take something less to get to the market they will do it.”Dirk Segers, Regulatory Affairs Compliance Program Manager EMEA, Agilent

Compliance-Innovation refers to an integrated approach to innovation processes and GRC activities across an organization. It requires elevating GRC from

its traditional tactical-level focus to a more strategic role where opportunity recognition, innovation, and business sustainability are at the heart of all strategic thinking (Hansen & Birkinshaw, 2007; Zahra & George, 2002).

In defining Compliance-Innovation, each element is first ‘unpacked’;

Compliance is a process which, if successful, leads to conformance to requirements including both legal (involuntary) and supra-legal (voluntary) requirements covering the spectrum from laws, statutory requirements, regulations, all the way to businesses’ voluntary codes, guidelines and strategic goals (Doyle, 2007; Tarantino, 2008).

Innovation is a process which, if successful, leads to the commercial exploitation of new or existing knowledge (O’Sullivan & Dooley, 2009; Freeman, 1997). In essence, innovation involves taking either a new or pre-existing idea from its conceptual state and orienting it towards satisfying consumer need before finally offering a new product or service to a market.

Schumpeter (1934) argued that innovation comes about through new combinations made by an entrepreneur, resulting in a new product, a new process, opening of a new market, a new way of organising the business and new sources of supply or combinations of these. His definitions remain the basis of the OECD’s ‘Oslo Manual’ (2005) categorising innovation. Each type of innovation varies in its degree of novelty and can be new to the firm, sector or world market. Innovation is classified according to the following categories:

Product innovation: A good or service that is new or significantly improved. This includes significant improvements in technical specifications, components and materials, incorporated software, user friendliness and other functional characteristics. Process innovation: A new or significantly improved production or delivery method. This includes significant changes in techniques, equipment and/or software. Marketing innovation: Significant changes in product design or packaging, product placement, product promotion or pricing. Organisational innovation: A new organisational method in the firm’s business practices, workplace organisation or external relations.


3 Compliance-Innovation continued

Both innovation and compliance processes rely on the production and consumption of information and knowledge to deliver on their purpose. Absorptive Capacity offers conceptual bridging between the two domains since it relates to what information and knowledge is identified and perceived and how it is acted upon. Absorptive Capacity can be defined as ‘a set of organizational routines and processes by which firms acquire, assimilate, transform, and exploit knowledge to produce a dynamic organizational capability’ (Zahra and George, 2002; pg. 18). Knowledge is a key element and enabler of both innovation and compliance management, while concurrently influencing a firm’s value chain and other organizational competencies (Butler & McGovern, 2008; Cohen and Levinthal, 1990; Zahra and George, 2002).

We contend that compliance imperatives (whether driven by external regulations or within-firm objectives, or both) offer an additional and separate source of innovation-related knowledge to those already widely addressed in research 13. CKMSs can become a fertile source of innovation for companies through the integration of diverse contextual requirements within a single IT platform. Knowledge workers can then work to commercially exploit information hosted in the central CKMS repository, which can originate from internal or external sources. However, the semantic annotation of regulatory documents otherwise known as ‘smart’ regulation is essential to the effective management of information within the CKMS. This issue is dealt with in more detail in Section 3.4.

The findings of McKinsey (2007) are that the integration of GRC and innovation activities provides managers with greater insight into the innovation process, allowing managers to be more confident

in their decision-making. Integrating processes can open up opportunities for the GRC function to assess new ideas (for product, process, marketing or even organisational innovation) based on scanning the regulatory environment to acquire new compliance events or information, assimilating it, and applying it within the context of its current market and technological knowledge bases to use it for productive opportunities e.g. by assessing the potential revenue and cost streams from entering into a new market within the context of its strategic imperatives.

Where I want to get to is to have complete visibility of all market access requirements…And that’s where we are driving towards to create these specific overviews for my business areas which we can then also filter for product groups or specific products… And in that way compliance supports or drives that strategic thinking.”

Sake Niemeijer, Global Product Stewardship Director Automation and Control Systems, Honeywell

Therefore, GRC and innovation activities can be directly linked, in turn solidifying the notion of growth-oriented GRC as a means to achieve competitive advantage. Based on this proposition, Compliance-Innovation is defined as:

the processes by which the knowledge bases of the GRC and innovation domains are integrated to drive both commercial exploitation and business sustainability, through knowledge-enabled decision-making processes.

To deliver Compliance-Innovation requires coordinating and integrating organizational routines in new ways - demanding changes in habits and routines to refocus managers’ attention.

Compliance-Innovation Case Study Dynapac Concrete

Some companies have made a clear decision to make higher regulatory requirements as a tool of innovation, especially in the environmental, the ergonometric, and the health and safety areas. They have raised the bar so high, that these companies have an advantage when they are selling at home or abroad.

Many years ago I was in a Swedish company where we were selling handheld tools for the construction industry. The vibrations from these tools produced cramps in the hands of the workers, and my R&D team came up with a very clever way to eliminate those vibrations - by putting a spring between the vibrating part of the tool and the handle, and by heating the handle so it was warm on cold days and therefore it didn’t contract the veins in your hand and make it more damaging to the vibration.

So with these two things added to the tool it suddenly became quite expensive, but it made inroads to the market because everybody wanted it for health and safety reasons and also comfort in the colder countries. So you see the obligation to follow standards that are much higher with which you have to be compliant, have led to innovation, have led to new products.”John Vassallo, Independent Advisor to Microsoft

“

“


2 Limitations of G


hain5 Q

uality6 Six Sigm

a Quality

7 Conclusion


3 Com


mary


3.2 The Evolutionary Demands Placed on GRC SystemsOur review of academic literature reveals that a more strategic approach to GRC would require management to have a holistic view of the risk and opportunities residing in both the internal or external business environment (Barney, 1991; Cohen & Levinthal, 1990; Mintzberg, 1987; OCEG, 2012b; Teece, Pisano, & Shuen, 1997). But unless GRC activities are integrated across business units, strategic collaboration remains near impossible (Porter, 1988). As a result, robust Information Systems (see Figure 5) are required to unite people, business processes, and IT infrastructure with a view to achieving common goals.

Suboptimal IS management can adversely affect GRC activities. For instance, KPMG (2011b) found in the case of risk management that less than one third (29%) of managers applied risk management frameworks consistently across their organization and risk management is often not integrated with decision-making processes. Siloed GRC systems generate disparate pockets of information which, even if up-to-date and expertly informed, inhibit a company’s decision making ability in the absence of integration and access (Butler & McGovern, 2012).

In an organization that has no formal system for capturing and documenting, it doesn’t mean that nothing gets captured, as non-structured organizations also take decisions based on arguments and discussions, they may just miss relevant aspects and inputs because of the absence of a formal system.”

Lettemieke Mulder, Vice President Sustainability, First Solar

Compliance Knowledge Management Systems (CKMSs) could help address such organizational shortcomings. Integrated platforms allow for knowledge and expertise to be captured, tagged, stored, and accessed from a centralised repository which, in turn, allows managers to make more informed decisions by reducing knowledge gaps in GRC activities. CKMSs also help reduce data duplication by providing a single version of the ‘truth’ and permit cross-functional tasks to be coordinated throughout workflow processes. Within such integrated IT architectures, each function can continuously deliver its unique role, however, the key difference is that a shared view of the collective GRC objectives, risk appetite, and contextual knowledge is available to inform activities. One of the determinants of the impact of such a knowledge-based system is the extent to which users exploit it to share and collaborate. As with any network effect (or positive externality), the value of the system to each user depends on the number of others using it. Added considerations here relate to the quality of interactions across users and the system’s role as an evolving repository of key elements feeding into an organisation’s corporate memory.

Consequently, investment must be directed towards Information Systems and knowledge management routines, as given the growth in regulatory production and the ephemeral nature of knowledge, businesses need to train, re-train and incentivise knowledge workers to record, tag, share, and distribute their expertise across the organization (Osterloh & Frey, 2000). Furthermore, the points at which knowledge is allowed to bleed out of the organization must be identified and addressed i.e. via emails, telephones, and video-conferencing. Knowledge-worker expertise represents a valuable resource but it is easily lost as workers leave companies – more visible – or with non-tracking and non-tagging of relevant events and activities – less visible – that have value and meaning beyond one time and place.

In the next section the role of platforms or CKMSs is explained in greater detail by focusing on how the platform can help firms manage their contextual requirements and build effective decision-making processes in the context of Absorptive Capacity.

People

Information technology

Business Processes

Figure 5: The Information Systems Triangle.

Markets tend to move faster than legislation. In this part of the world you will find customers demanding more than what the law will legislate. So even if you’re compliant or you know you’re going to comply, you need to think about going that little bit further. To go beyond compliance is what makes it more strategic and more valuable in terms of business growth… I think you’ll find that companies that are very good at innovating will be really crisp (at compliance) and have excellent compliance tools.”Michelle O’Neill, Vice President Government and Public Affairs EMEA, Ingersol Rand

The next section considers the current evolutionary demands being placed on GRC systems by businesses and investigates how integrated GRC systems can help companies achieve Compliance-Innovation through cross-functional collaboration and knowledge sharing.

“

“



3.3 The ‘Golden Line’ of Absorptive CapacityContext is a critical component of decision theory referring to the past, present and future conditions that affect all decision processes i.e. the characteristics of internal and external business environments.

Sutcliffe and McNamara (2001) argue that decision-making behaviour and judgement are embedded in organisational and subunit contexts and, therefore, a chosen course of action is influenced by more than just an individual’s experience and cognition.

The decision context determines what data and information is useful to decision makers based on such dimensions as timeliness and completeness (Wang & Strong, 1996). The decision context can be augmented to the extent that a corporate memory exists in the form of a knowledge platform and repository.

GRC plays an important function in managing decision-making contexts (OECG, 2012). For instance governance primarily concerns strategy and aims to bring structure to decision-making and resource deployment. Risk management and compliance meanwhile are concerned with the uncertainty and binding regulations inherent in day-to-day decision making and organisational behaviour. Therefore, GRC can enable better decision making, and help a firm to capture business opportunities while simultaneously mitigating risk.

The OCEG (2012) argue that context is a critical factor in building stronger GRC capabilities. As displayed in Figure 6, context surrounds the integrated components of the capability model and plays a central role in achieving the eight universal outcomes.

The OCEG (2012) state that in order to understand the role of contexts in GRC activities, a firm must first study their internal and external business contexts, business objectives and culture. These should be mapped and communicated appropriately to workers, especially knowledge workers. By doing so, firms can then influence contexts by using a set of critical success factors for each area.

8 Universal outcomes

Achieve business objectives

Enhance organisational culture

Increase stakeholder confidence

Prepare & protect the organisation

Prevent, detect & reduce adversity

Motivate & inspire desired conduct

Improve responsiveness & efficiency

Optimize economic & social value

Figure 6: GRC Capability Model Component View

Interact

Organize

Detect

Assess

Proact

Measure

Respond

Context

Source: OCEG (2012)


2 Limitations of G


hain5 Q

uality6 Six Sigm

a Quality

7 Conclusion


3 Com


mary


In order to achieve the organizational objective of strategic growth, strategic thinkers must be identified and supported to consider the entire business environment which includes both internal and external contexts (Barney, 1991; Mintzberg, 1987, Penrose, 1995 [1959]). Effective strategy formulation and implementation requires a holistic and consistent view of the internal organization (including compliance-innovation processes) and its external business environment (marketplace, regulation, competitor positioning etc.). Developing this contextual knowledge-base is needed to ensure that both decision-making processes and action plans are in line with shared meanings of current circumstances (see Figure 5) (Mintzberg, 1987; OCEG, 2012b).

Absorptive Capacity as it relates to Compliance-Innovation emerges as a ‘golden line’ on the border of two knowledge contexts – one relating to internal business objectives, activities and functions and the other to the external regulatory environment (Figure 7).

Once acquired, information from both contexts can be organized effectively and business domains including legal, marketing, environment, design, quality, and CSR can develop their cumulative Absorptive Capacity to assimilate and transform contextual knowledge for Compliance-Innovation purposes. These Compliance-Innovation purposes are then used to guide and support the organization’s innovation processes contributing to the delivery of high quality products and/or services i.e. to a positive customer experience.

Dealing with both of these separate knowledge bases in an effective and integrated manner is obviously challenging. In its raw state knowledge is often unstructured and, in many cases – especially when it encompasses potential for innovation - knowledge is tacit and, therefore, difficult to share (Leonard & Sensiper, 1998).

Regulations are invariably unstructured, and despite regulation-setting bodies’ goals for implementation, regulations are generally produced without the needs of their business ‘consumers’ in mind. Suitably developed platforms in the compliance domain have the potential to serve as a critical system supporting organizations in commercially exploiting knowledge, through a central repository of data appropriately structured for their needs and which is accessible to any business actor with conferred permission.

“So far the EU was good in generating lots of legal standards and requirements but was lagging behind heavily with its ability to enforce them. We now see a new focus on enforcement – including coordinated market surveillance, sharing of best practice, development of a support infrastructure. As a consequence, there is an increased likelihood that enforcement authorities will identify non-compliant products, which will trigger an increased demand by companies selling product in the EU for systematic and comprehensive Compliance Knowledge Management Systems.”Ulrich Ellinghaus, Partner, Baker & McKenzie

A long term commitment to move away from dumb documents to smart data is essential. The structure of underlying content in any CKMS is itself designed as weft for the knowledge warp to come. In this way the fabric of corporate memory, like a precious oriental rug can, with intention and learned skill, be crafted over time.

IT models, architecture and design should knowingly support Absorptive Capacity. Ease of use, worker role and responsibility oriented user experience, inbuilt learning, training and incentivisation must nurture expertise and knowledge sharing not only to serve immediate workbench and workflow processes, but also deeper innovation goals and commitment to strategic growth.

Figure 7: The Golden Line of Absorptive Capacity

The Golden Line of Absorptive Capacity

RegulatorsIndustry Associations Customers, Advisors

Strategic objectivesOpportunity exploration

Risk management

External context Internal context

PlatformKnowledgeRepository

Information Information

Some of the markets may require certain compliance beyond the legal obligations… It’s not only for the one side of the legal obligation but it’s also on the other side - our customers can specify certain compliance needs... It’s imperative to watch for new legislation, legislative changes that are in development and also legislation that already applies in other regions or interesting markets to be able to make our products ready in compliance with those markets and legal requirements if needed. We drive our business to comply with and meet a wide variety of stakeholder needs (including that of our customers). We also continuously strive to stay current on legislative and regulatory activities to keep our focus on compliance activities and customer requirements for the markets we serve.”Etienne Celis, Environmental Regulatory & Standards Compliance Manager, GE Industrial Solutions

“



This requires a commitment to innovation in IT design and systems integration, and to user interface excellence so that knowledge is captured, structured, situated, passed on, called and served up to support and incentivise workers and to catalyse and fertilise innovation. IT systems designed without an understanding of the role they should play to support Absorptive Capacity, innovation and strategic growth will not reach their integration potential. The data models themselves can support Absorptive Capacity, and with subsequent great design and care about the bigger Absorptive Capacity picture across the whole IS landscape, integration discussions can take place at a strategic level focusing on sustainable growth.

3.4 Virtuous Compliance-Quality PlatformAn effective platform allows managers to connect the internal and external contextual requirements by integrating all refined data in a central repository. If generated and used with a ‘Golden Line’ in mind, CKMSs can enhance Absorptive Capacity. For instance, by using a CKMS, a company can bring together data and information relating to the GRC function (external) and innovation process(es) (internal). Figure 8 details aspects of both external and internal contexts which contribute to creating a virtuous Compliance-Quality system, enabled by the knowledge platform. The information and data must be structured and refined to best meet business needs and can then be assimilated as knowledge or information to support decision-making processes and action plans.

Refinement through semantic annotation technology, for example, offers opportunities for the enrichment of ‘dumb’ documents using ontology-based systems (Kiryakov et al., 2004). KMSs provide search, interpretation and aggregation functionality for unstructured data, by reading and marking-up text with attributed semantic meanings (Uren et al., 2005). In other words, paper-based documents are transformed into virtual text files that understand their own content and can process data without the need for human interaction or analysis (Berners Lee & Hendler, 2001). These principles can be applied to any business domain once a shared ontology (i.e. standards, syntax, and meaning of concepts) has been defined to allow machine processing. Once the ontology has been defined, semantic annotation technology (i.e. semantic tagging) can then automatically interpret dumb documents to index and build relationships between the words that make up its collective content.

“The concept of machine readable regulation, and by that I mean machine readable rules and machine readable disclosures, is the second half of the IT revolution. But we haven’t really started to realise the productivity gains that are possible yet. We’re talking about a concept that requires a combination of three kinds of expertise: you need subject matter expertise in whatever domain the regulation covers, technological expertise, and legal expertise to understand the legal framework that governs the regulations and disclosures. Currently, there are very few people that have all three.”Hudson Hollister, Founder and Executive Director, Data Transparency Coalition

For example, a scanned dumb document can be interpreted by semantic technology with each recognised word assigned a conceptual meaning based on a prescribed ontology i.e. the appearance of the word “Cadmium” in a regulatory document could automatically be linked to the predefined and described concepts of “Hazardous Substance”, “Product A”, “Department X” and “Region 5”, reducing complexity and clarifying the impact the regulation will have on the business. Each concept may be automatically mapped to related content in the CKMS allowing more meaningful query results with reduced ambiguity i.e. searches can distinguish between the concepts of “Cork” as a city in Ireland and “cork” as an object that seals wine-bottles. Additionally, metadata such as date, author, and regulation deadline can be recorded.

Some of our multinational clients consider that limiting their regulatory endeavours to obeying ‘the law’ does not meet their own standard of excellence. They prefer taking a holistic and global approach, for example by developing sophisticated programmes for re-use and take back. Such strategic thinking allows them to stay on top of developments and to avoid the race between turtle and hare. These companies anticipate that, on a global level, there is only one direction for environmental standards: up.”Ulrich Ellinghaus, Partner, Baker & McKenzie

“


2 Limitations of G


hain5 Q

uality6 Six Sigm

a Quality

7 Conclusion


3 Com


mary


Another simple example is the classification and sorting of definitions according to their purpose in any given document. For example, some definitions exist to help identify to whom a law is addressed or its scope, or exemptions from scope. Any list of definitions, which could be enhanced to include key non-defined terms can then be sorted to allow grouping and, therefore, faster and deeper understanding of regulatory or internal guidelines, standard operating procedure documents and other documents containing requirements of any kind. This kind of structuring of regulatory content is a good example of the conceptual use of information in that it allows it to be used in a way that changes thinking processes.

Semantic annotation technologies can be exploited in the area of Governance, Risk and Compliance (GRC), specifically in the practice of compliance management (El Kharbili et al., 2008). A complex area requiring expertise and continuous consumption of information, one of the main challenges for managing compliance involves creating a consistent and unambiguous organisation-wide understanding of what regulations mean. The exact requirements of a new regulation can be interpreted differently depending on a person’s contextual knowledge, training and education (OECD, 2000). This can lead to inefficient compliance management, as regulatory documents cannot apply semantic categorization and reasoning without the need for human refinement (Butler & McGovern, 2008). Legal refineries where regulatory documents are studied and organised can be expensive and tedious for all involved and, therefore, the application of semantic annotation technologies could greatly reduce costs while also saving time and adding value (Kiryakov et al., 2004; Kharbili et al., 2008).

In Figure 8 the ‘Mind of the Product’ is introduced. This indicates conceptualisation right down to product-by-product levels on the knowledge platform. Through the use of semantic annotation technology each product can become ‘aware’ of the characteristics that define it in terms of attributes it contains that are directly affected by specific regulations (e.g. cadmium content, health and safety…), and also the attributes it contains that generate value for consumers in markets in which it is sold, as compliance is monitored and managed. Such smarter and more sophisticated compliance solutions enabled by compliance intelligence and delivered through a knowledge platform lessen the regulatory burden faced by organisations. Regulations can be flagged sooner and dealt with faster and better in the broader context of strategic business objectives and voluntary requirements, product by product.

“It’s about not missing things, you need a single global overview of the regulations and to preserve there the initial assessment of relevance, with reasoning. A deeper analysis closer to the product categories impacted can be stored for example in the kinds of company secure, cloud-based tools made here at Microsoft with strict access controls. In all of your knowledge there’s a cream that rises to the top, and making that available in a kind of time-capsule, with everything ordered, mapped and time stamped so that it’s useful to others is a challenge. The need is not just to maintain the status quo, it’s to build efficiencies over time, and partly this means minimizing the loss of the most relevant, impactful information. This matters even when people go on vacation. If I’m not available I can’t leave my co-workers hanging, floundering, taking too long to recover.”Corinne Holmes, Senior Environmental Compliance Engineer, Microsoft

Compliance-Innovation supports focus on growth opportunities beyond limitations of risk aversion by facilitating coordination, collaboration and co-decision. Tagging facilities in the platform increase visibility of linkages across the various activities (emphasised by Porter, 1996) within the business, which can facilitate sustainable competitive advantage generally through their joint consideration and providing the means for organising and operationalizing integration across functions, and specifically through things like pattern recognition to support learning and cost reduction for problem solving or opportunity evaluation (for more see the Box on Tagging).


RegulatorsIndustry Associations Customers, Advisors

Strategic objectivesOpportunity exploration

Risk management

External context Internal context

Key compliance topicsProduct safetyLabellingTestingMaterials & substancesQualityCorporate social responsibilitiesClimate changeEthics plus...

Key roles/responsibilities of:Corporate LegalProduct integrityStandardisationRegulatory affairsGovernment / public affairsProduct stewardshipEnvironment Health & SafetyCorporate planningBusiness developmentCorporate Social ResponsibilitySustainability Engineering plus...

Mind of the product

Product attributes Substances & materials Packaging plus...

Sales drivers

Consumer preferencesLongevityCarbon footprintSafetyWarrantyCostBrand plus...

Customer experience & loyalty

Compliance Quality

R&D SalesManufacturing

Figure 8: Compliance/Quality axis drives customer loyalty



2 Limitations of G


hain5 Q

uality6 Six Sigm

a Quality

7 Conclusion


3 Com


mary


Tagging

When IT systems support individuals’ tagging activities and permit them to be shared, the connections and associations generated by a compliance event or new compliance information can become part of the organisation’s knowledge base in a more meaningful and ‘permanent’ way than if such knowledge remains with the originator of the association, or even if it is shared by them via email.

The nature and quality of tagging can itself be enhanced by the system that supports it – where tags are recognised by some as too narrow, for example, they may be changed to encompass greater associations or if too generic and broad, tags may be useless in guiding required action and identifying who should take responsibilities for issues that the tagging points towards.

The simplicity of the activity of tagging is at odds with its potential role for and impact on an organisation. Tags are the connections made between compliance information and other relevant external and internal conformity imperatives the business has chosen to meet. The activity of tagging is a channel in the process of creating connections across documents, events, products, inputs, geographies and so on.

Tagging is the means that allows knowledge workers to take the meanings they have accumulated from their prior knowledge and experience, share them and share the associations they generate with their knowledge co-workers, and generate further knowledge some of which can more usefully reside within the CKMS to be available for better understanding how connections and associations are made over time, the resulting tasks and activities the associations generate, identification of who – individual and group – should take on responsibility for execution.

Managers with access to the CKMS are provided with both broader visibility and more granular information – with potential richness far beyond what can be provided through email exchanges and current practices. Managers and, of course, individual contributors of tags, may identify more appropriate networks for generating flows of relevant information across the lead nodes in the information flows. It may be found that over time adaptive processes can allow selection of those tags that mediate the most useful flows, and hence the sum of the tagged information generate organizational knowledge in its real sense where individuals’ contributions reside in the system, but when mapped together emerge as aggregated. Tagging, therefore, is precisely the type of activity that happens at the interface between acquiring information and using it to generate knowledge that can require new practices. It is the means by which integration is facilitated.

The practice of tagging is a clear example of where one individual’s learning events can be shared with others and is a practical means of acquiring, assimilating and transforming information (all elements of Absorptive Capacity) at individual levels and across an organisation.



This integrating capacity of CKMSs characterizes the demands on the contemporary Knowledge Worker who is required to make conceptual as well as instrumental use of data - in this case compliance and regulatory data. As Maltz et al. (2001) explain, instrumental use relates to solving a specific problem whereas conceptual use of information requires using it in a way that changes thinking processes - without necessarily leading to relatively immediate concrete action 14. As a result, rebalancing the use of compliance information towards the conceptual facilitates and supports its potential for strategic purposes to emerge.

By developing a central CKMS incorporating GRC and Innovation activities, it follows that a company’s knowledge workers are better facilitated to acquire, assimilate, transform and exploit knowledge for commercial gain (Alavi & Leidner, 1999; Zahra and George, 2002). The channels through which Compliance-Innovation is enacted within an organization is outlined next by focusing on the ‘Innovation Value Chain’ and considering how competitive advantage may be secured through innovation.

A compliance repository can streamline information research. But the repository can have so much information that it can become its own treasure hunt. If searching the dedicated system becomes too complicated, you might as well do original research on the web.

But through the use of Tagging, you can transfer prior knowledge – yours or prior users – of the relationship between objects, not just that there is a relationship, but very granular annotation that frees you from the tangled web that can be the Internet.

In the end, I want to sit at my big monitor and be awash in a finely nuanced view of the textual equivalent of Big Data, a view that has been made even better than having 50 physical papers spread out on a big table. Excellence in information selection, tagging and annotation and brilliant information display moves business innovation, not the soul-crushing treasure hunt, to the fore.”Darrel Stickler, Corporate Social Responsibility, Cisco Systems

“


2 Limitations of G

RC5 Q

uality6 Six Sigm

a Quality

7 Conclusion



3 Com


mary

4 Delivering Compliance-Innovation through the Innovation Value Chain

The benefits, both strategic and operational, that result from Compliance-Innovation are identified, outlining how the Innovation Value Chain can be enhanced through transforming GRC into an asset for strategic growth. More specifically the theory behind benefits is introduced in Section 4.2.

The discussion in Section 4.3 then focuses on describing and categorising the types of benefits that can be realised by a business through employing an integrated CKMS and promoting the role of the GRC function within the Innovation Value Chain. The benefits discussed are indicative and not exhaustive.

4.1 The Value Chain and Innovation In introducing the Value Chain concept Porter (1985) presented a framework for considering the internal sources of added value within a business under a set of primary (direct) and supporting (overhead) activities i.e. everything involved in sourcing, creating, producing, selling, delivering and supporting its inputs, products and services was included. Impact in applying the Value Chain arose from its use in identifying what a firm did exceptionally or moderately well. Innovation was not identified as a distinct or separate activity in its own right because of how it could impact any and all activities to generate additional added value. Hansen & Birkinshaw (2007) explain that innovation should be viewed analytically using a value chain perspective incorporating three distinct phases: idea generation, conversion and diffusion (see Figure 9).

Within the three phases six knowledge-related activities are identified: “internal sourcing, cross-unit sourcing, external sourcing, selection, development, and company-wide spread of the ideas” (Hansen & Birkinshaw, 2007; pg. 122). The authors recommend the Innovation Value Chain as a model for enhancing innovative capabilities, arguing that its application helps companies optimise their entire Innovation Value Chain, rather than looking to improve each activity in isolation. Senior managers must view the Innovation Value Chain as an “integrated flow”, where innovation processes transform “ideas into commercial outputs” (Hansen & Birkinshaw, 2007; pg. 122).

The Innovation Value Chain is examined by considering the main categories and activities of innovation and the importance of linkages across business activities.

Idea generation Conversion Diffusion

In-house Creation within a unit

Cross-pollination Collaboration across units

External Collaboration with parties outside the firm

Selection Screening andinitial funding

Development Movement from idea to first result

Spread Dissemination across the organization

Figure 9: The Innovation Value Chain

Source: Hansen & Birkinshaw, 2007; p 24


4 Delivering Compliance-Innovation through the Innovation Value Chain continued

In essence the activities outlined in the Innovation Value Chain deal with those same concepts relevant to the Absorptive Capacity of a firm - knowledge acquisition, assimilation, transformation and exploitation. These knowledge-related activities are the unifying factor linking the elements within the Chain as innovation is pursued. The motivation for firms to engage in the risky, uncertain and costly activity of innovation arises from the attention they pay to shareholder expectations, competitive pressures and opportunities. It follows that an organisation’s innovation orientation is both a cause and a consequence of its stance to compliance and GRC activities.

In adopting an Innovation Value Chain approach a company must adequately capture knowledge from internal, cross-functional, and external sources. The latter includes regulatory imperatives. A firm must undertake idea screening and development to ensure that promising ideas are developed, while unviable projects are eliminated early to minimise losses. Finally, idea diffusion is needed to win support from several stakeholders for the idea i.e. business units, subsidiaries etc. This requires organisational buy-in to help spread and monetise new ideas across channels, customer groups and geographically dispersed locations. Furthermore integration of regulatory requirements at early stages can support appropriate decision making.

Given finite resources available to companies and the need to manage risk effectively, managers must ensure their Innovation Value Chain is optimised in all three key areas. Proper and timely management (identification, categorisation, risk assessment, prioritisation, action) of all compliance events demands an IT system capable of facilitating the anticipation of rather than reaction to problems.

4.2 Benefits of Compliance-Innovation: Operational & StrategicThe beneficial business impacts of Compliance-Innovation are considered by focusing on activities within the Innovation Value Chain. This approach is aligned with Porter (1996; pg. 62) who argues that activities are the “basic units of competitive advantage”, and that sustainable competitive advantage is secured by fostering a systemic fit between linked activities in the value chain. In this section, following Porter’s explanations, the benefits of Compliance-Innovation are categorised as either operational and/or strategic. In the following section the focus turns to the phases of the Innovation Value Chain.

‘Operational Effectiveness’ (OE) gains are achieved where companies are able to “perform similar activities better than rivals” by availing of best practices available in their industry (Porter, 1996; pg. 62). Best practices, represented by a boundary termed the ‘Productivity Frontier’, include management techniques and technology which any firm can take advantage of once they have sufficient resources for investment. OE or continuous improvement initiatives help a company to realise productivity, speed, and quality improvements through greater efficiency and effectiveness across its value chain activities. OE may lead to competitive advantage in the short term – assuming other firms will strive towards achieving such operational improvements (Porter, 1985, 1996).

The means by which Compliance-Innovation is applied requires a best practice technological platform for managing the distinct knowledge bases of both GRC and innovation domains. OE can then be achieved by effectively utilising the information management capabilities of a CKMS to allow knowledge workers to increase the productivity, speed, and quality with which they engage in activities in the Innovation Value Chain (O’Sullivan & Dooley, 2008; Porter, 1996). Non-value adding activities include any task which does not add direct value to the customer experience and, therefore, is surplus to the primary requirements of product or service delivery. For instance, rummaging for sought-after GRC or innovation information does not add value to the customer and diverts attention from more important value-adding activities e.g. assimilating or transforming such information. In other words, by employing an IT platform to structure information and support greater automation of administrative tasks, knowledge workers can dedicate more effort to value adding activities.

Once a product is developed people need to rely on well-articulated instructions on the applicable company compliance policy and what exactly it means for them. It is in the trajectory before that where the non-structured information and processes are abundant and the networking has to take place.

So: gathering information on upcoming or to be revised standards or regulations, investigating the implications for the own business, sometimes influencing their development, etc.”Paul Coebergh van den Braak, Senior Director Standardisation, Philips

“


2 Limitations of G

RC5 Q

uality6 Six Sigm

a Quality

7 Conclusion



3 Com


mary

Notwithstanding the well-known difficulties in quantifying returns on IT investment and productivity improvement, there is widespread recognition that technology platforms can deliver real value for businesses once benefits are actively managed and the underlying attributes of IT value are properly understood (Brynjolfsson, 1993; Peppard, Ward, & Daniel, 2007; Tiernan & Peppard, 2004). Therefore, to ensure that the maximum benefits can be derived from the IT platform, it is essential that change management schemes such as education, training and appropriate incentives, are offered to knowledge workers to encourage CKMS adoption, while also designating project champions to drive these changes (Peppard et al., 2007). Where appropriate, people can be encouraged to engage in new ways of working through incentives and rewards linked to performance reviews, for instance, while simultaneously discouraging return to old behaviours by using the threat of penalties or other deterrents. In addition, the resulting OE benefits from the CKMS can then be quantified in terms of tangible and intangible measures which are derivable over time i.e. the productivity, speed, and quality of activities across the Innovation Value Chain (Brynjolfsson, 1993; Porter, 1996).

Porter (1996) warns that any derived competitive advantage from OE alone is not sustainable due to the potential for imitation of best practices implicit in the productivity frontier. For Compliance-Innovation to secure sustainable competitive advantage it must be integrated with strong strategic positioning to address rapidly changing environments, while continuously strengthening the linkages across value chain activities (Porter, 1985, 1996). For example, in the context of Figure 7, the Mind of the Product reflects its sales drivers in current markets and the knowledge platform enables scenario-types of analyses that take account of changes in drivers that result from new product launches (and similarly for cost drivers).

Porter (1996) distinguishes ‘Strategy’ from Operational Effectiveness, and insists long-term growth cannot be derived from continuous improvement (OE) alone. While adoption of best practices enables competitiveness it generates, at best, short-term growth only. Porter (1996) suggests that companies should instead focus on building a unique strategic position through implementing trade-offs and seeking a mutually reinforcing fit between activities in their value chain. For example, Ikea implemented a trade-off by focusing on cost minimisation rather than service delivery quality and choosing which activities it would not carry out. By transferring part of the service process to the customer (i.e. delivery and assembly), Ikea focuses on offering quality products at a low price, therefore, creating a strong value-adding proposition. It is likely that Ikea’s success and distinctive positioning would be hampered if they tried to engage in both cost and service quality dimensions. Such strategic trade-offs help avoid a state of ‘hyper-competition’ resulting from excessive homogeneity as firms look towards leveraging their internal activity system to create inimitable value (Barney, 1991; Porter, 1996).

Our conceptualisation of Compliance-Innovation is in terms of evolving capabilities that allow organisations to be innovative in acquisition, assimilation, transformation and exploitation of internal and external compliance-knowledge assets, to create additional value. In other words, Compliance-Innovation delivers the ability to integrate, build, and reconfigure knowledge assets from the GRC and innovation domains across the Innovation Value Chain to achieve sustainable competitive advantage (Hansen & Birkinshaw, 2007; Roper, Du, & Love, 2008; Teece et al., 1997, p. 516). Compliance-Innovation is a continuous process of combining GRC and innovation expertise that can allow the firm to uniquely position itself in line with market changes to capture any potential value through means such as strategic decision-making, new product development, knowledge replication and learning (Eisenhardt & Martin, 2000; Roper et al., 2008; Teece et al., 1997; Zollo & Winter, 2002).

The majority of organizations across industry sectors manage GRC using spreadsheets (70-80%), or focus on leveraging GRC capabilities through SCM, ERP, CRM or PLM systems, or all of the above. The end result is far from acceptable, as integrated GRC is the exception, rather than the rule; furthermore, the costs of risk and compliance management continue to skyrocket as more and more regulations are instituted, and problems with risk management and compliance reporting grow. On one hand, there is the problem of consuming the regulations and creating associated governance policies; on the other, there is the challenge of integrating GRC data, information and knowledge from multiple, heterogeneous, structured and unstructured data sources. A truly effective GRC Knowledge Management system increases organizational GRC-related Absorptive Capacity by linking and integrating these heterogeneous data and information sources and mapping them onto structured regulatory data. In this way, greater GRC effectiveness can be realised with associated cost reductions.”Tom Butler, Principal Investigator, GRC Technical Centre , University College Cork, Ireland (UCC)

“



Furthermore, in surveying its internal and external business contexts using its CKMS, a business can deepen its distinctive strategic positioning or seek out new market positions, while proactively utilising the dynamic capabilities to manage market volatility (Eisenhardt & Martin, 2000; Hansen & Birkinshaw, 2007). A firm might deepen its customer value proposition and exploit current positioning, or reinvent its business model to target niche market spaces. Compliance-Innovation enables firms to strategically pursue untapped customer segments or even new industries - ‘Blue Oceans’- and avoid competing in overcrowded marketplaces -‘Red Oceans’– (Kim & Mauborgne, 2005)

In the environmental, compliance, sustainability space, there are two aspects generally: one is strategic and the other is implementation. And again for many companies more often than not they react to (requirements) in an implementation way – so here are the requirements, now, how do I fix it, how do I continue to sell my products. And it’s important to understand – and there are companies that understand this, the strategic part is stepping back and saying things such as how can I organise to make this not only a neutral issue but a benefit… I always say that it’s not an either or, it’s both.”Ken Jennings, Managing Director, K2J Environmental and Adjunct Professor, University of Maryland

Compliance-Innovation goes beyond deployment of best practices and fosters a culture of quality through GRC and innovation activities. In this way, Compliance-Innovation does not require a major restructuring of the organisational hierarchy; rather it proposes the strengthening of pre-existing linkages across Innovation Value Chain activities to create greater barriers to imitation (Barney, 1991). Through the adoption of Compliance-Innovation companies can seek out sustainable growth either by strengthening their strategic positioning and/or finding new positioning opportunities in the marketplace, and capturing these opportunities through their dynamic capabilities (Eisenhardt & Martin, 2000; Kim & Mauborgne, 2005). Furthermore, Compliance-Innovation can help a business balance its commercialisation goals in the broad context of economic, environmental, and social capital sustainability (Dyllick and Hockerts, 2002).

“ What we’ve now established over two or three years is a moving picture (of the business environment) because our customer base, supply base, markets, growth prospects, and business relationships are constantly in motion… There’s no question that there was an up-front investment to this process for the staff and the technology. But we have proven over time that we also got a significant benefit because in doing all that work and looking at all these relationships... it allows us to take a much more strategic look at all the business partners that we have because we now have all the data you could ever want to do a comprehensive assessment.”Donal Sullivan, Third-Party Program Leader, Tyco International

“


2 Limitations of G

RC3 C


5 Quality

6 Six Sigma Q

uality7 C

onclusionReferences

1 Introduction4 Innovation Value C

hainExecutive Sum

mary


4.3 Compliance-Innovation across Innovation PhasesHansen & Birkinshaw (2007; pg. 125) assert that “a company’s capacity to innovate is only as good as the weakest link in its Innovation Value Chain”, and, therefore, firms must have, or create, an end-to-end view of the value chain in order to optimise innovation. Compliance-Innovation offers such a holistic solution by the integration and improvement of each stage of the Innovation Value Chain, through the ability to facilitate operational effectiveness gains and solidify strategic positioning. It becomes possible for a business to achieve sustainable competitive advantage within their unique context through Compliance-Innovation.

Idea Generation As the compliance environment is always shifting, companies must be able to accurately monitor, assess and, at times, predict market changes to identify opportunities while simultaneously managing risks. To support the development of Absorptive Capacity it is essential that the CKMS integrates several data sources into the one repository and allows cross-functional teams to share ideas and collaborate (Alavi & Leidner, 2001; Leonard & Sensiper, 1998). By continuously creating, transferring, and applying knowledge within the organisation, innovation groups can solidify knowledge assets and foster a strategic approach to GRC (Alavi & Leidner, 2001) by, for example, evaluating new markets and segments to enter while monitoring product/service performance to ensure quality across portfolios.

By creating and supporting a culture where knowledge recording and sharing is valued and rewarded, a firm can prevent strategic knowledge from leaking out of the company i.e. when a knowledge worker leaves the company (Osterloh & Frey, 2000). This ensures that valuable knowledge, both explicit and tacit, is retained and transferred insofar as possible within company boundaries to ensure that it is made available to all knowledge workers (Alavi & Leidner, 2001; Leonard & Sensiper,

1998; Osterloh & Frey, 2000). This contributes to the Absorptive Capacity of later generations of knowledge workers by ensuring that decision processes, lessons learned and cumulative experience of the GRC and innovation domains are preserved (Eisenhardt & Martin, 2000; Zahra & George, 2002). Not only is the knowledge leakage that accompanies employee turnover and churn reduced but increased visibility of decision-making and knowledge generation in the compliance context is possible. The process of knowledge work and what it entails is made visible.

Conversion Compliance-Innovation aids funding assessment and further development of ideas by providing decision-makers with actionable information to evaluate the viability of action plans in light of commercialisation and sustainability goals. CKMS dashboards provide a platform to assess business cases according to their associated compliance requirements, risks, costs and potential for adding value, while also helping executives prioritise investments based on the overarching governance strategy. This generates a more solid and structured approach to business case analysis overall, thus supporting the fit between investments and strategic objectives (Ross & Beath, 2002; Ward, Daniel, & Peppard, 2008).

This process also promotes business-case accountability and reduces frustration generated in the absence of transparent decision-making. GRC and innovation data can be centrally monitored in real-time to facilitate conformance to all strategic imperatives. Compliance-Innovation can, therefore, support a culture of innovation as workers can be motivated to meet GRC and business requirements and even when projects within the innovation portfolio are cut idea generators can more clearly understand the reason for the decision based on CKMS data and criteria employed.

The main ways in which Compliance-Innovation helps companies develop stronger Innovation Value Chains is through influencing three critical phases of the innovation activity: idea generation, conversion and diffusion.



Diffusion Compliance-Innovation, through its integrated CKMS, helps generate momentum behind new ideas across an organisation. As Compliance-Innovation can offer a useful business case tool for quantifying potential benefits and risk of projects, the resulting business cases can, in turn, build a strong value proposition for an innovation project and can foster buy-in across the firm (Hansen & Birkinshaw, 2007; O’Sullivan & Dooley, 2008). Furthermore, the CKMS’s social functionality through, for example, content tagging, forums, and secure messaging, allows a company to spread approved ideas across communication networks and break down silos to facilitate consensus (Alavi & Leidner, 2001; Cohen & Levinthal, 1990). Furthermore, to the extent that a CKMS supports Government Affairs teams to influence the evolution of laws and standards, surveillance and enforcement, it is used to create opportunities and maximise pressure on competition. Ideally if the CKMS can also be integrated with key partners’ systems, new channels of communication and reporting can open up and enable greater external knowledge collaboration between subsidiaries, trusted buyers, and suppliers, and thus allow extrinsic value chain linkages to be strengthened further (Cohen & Levinthal, 1990; Porter, 1985; Roper et al., 2008).

For instance, the central CKMS repository would house common organisational-wide goals and help ensure that all stakeholders are on the same page through a dynamic knowledge-sharing platform, unlike the siloed partial knowledge-sharing mediums offered by desktop tools (Alavi & Leidner, 2001; Butler & McGovern, 2012). The approach also presents knowledge workers with the opportunity to deliver better business cases that balance both upside and downside risk management. Compliance-Innovation, therefore, can play a pivotal role in driving strategic growth. Executives can access quality data for decision-making and implementing selected strategic trade-offs such as those emanating from both the GRC (e.g. selection of markets and territories to target/avoid), and business (e.g. cost or differentiation strategy) domains in a confident, collaborative and cost-effective way.

In summary, by using a CKMS the integration of disparate innovation and compliance activities is supported. Business can identify which Innovation Value Chain activities require focus and apply the Compliance-Innovation approach as an enabler for change in the organisation. Compliance-Innovation therefore both supports and enables a holistic culture of quality across all activities, and thus prevents performance disparity between activities, for instance where the strongest links are enhanced to the detriment of weakest (Hansen & Birkinshaw, 2007).

The Quality concept is explored in further detail next and is used as a unifying principle for Compliance-Innovation.

“The more geographical areas you want to start selling into, the more complex your regulatory framework or portfolio becomes, and therefore the more sophisticated the tool you need to manage that complexity. When you’re being innovative you’re setting yourself into an extremely vulnerable position, think of it as being very fragile… What that ultimately means is that you as the start-up company have to know your stuff, and have dotted your i’s and crossed your t’s, and done your compliance homework.”Andy Baynes


2 Limitations of G

RC3 C



6 Six Sigma Q

uality7 C

onclusionReferences

1 Introduction5 Q

ualityExecutive Sum

mary

5 Quality as a Unifying Goal of Compliance-Innovation

A Quality orientation strengthens the proposition of Compliance-Innovation further and creates an impetus for further change in the GRC domain. The importance of cross-functional collaboration in driving and managing these changes is considered.

5.1 Knowledge Work, Quality, and ProductivityKnowledge work has increasingly become the primary form of labour input for modern economies and their organizations. With increasing diversity and complexity in organisations much of what constitutes knowledge work is less easy to manage through bureaucratic systems of coordination and control (Sandberg and Targama, 2007). An emphasis instead on knowledge systems rather than structures is evident in much of the literature on knowledge management (e.g. Davenport and Prusak, 1998). Compliance-Innovation is a prime example of the processes needed to create and maintain the type of business environments required for effective and productive knowledge workers 15. In the context of Compliance-Innovation special attention must be paid to the nature of knowledge work as facilitative of enriched and higher levels of Absorptive Capacity, motivation and collaboration among white-collar professionals (Alavi & Leidner, 2001; Drucker, 1999; Janz, Colquitt, & Noe, 1997).

In light of the widespread consensus that management principles which governed manual work are not realistic for various forms of knowledge work being undertaken today (Blackler, 1995; Drucker, 1999) knowledge can no longer be thought of as residing solely within individuals and organizations’ systemic routines. Instead consideration must be given to how knowledge bases are influenced by factors such as shared understandings (culture) of business context and strategy - including compliance, technology platforms, and the conceptual and cognitive skills of knowledge workers themselves.

As argued by Trevor and Kilduff (2012) the rise of knowledge work demands a distributed or network type of leadership where self-directed workers with a shared purpose co-ordinate their activities. Collaboration within and across networks in organisations through shared information and a common platform is, therefore, a central supporting element in delivering the leadership required.

Many authors suggest ‘knowing’ as a useful concept in helping organizations to get to grips with the unique attributes and requirements of knowledge work (Blackler, 1995). Knowing is defined as a continuous process involving knowledge and learning, “where knowledge boundaries are fluid and overlapping” (Blackler, 1995, p. 1034). Blacker (1995, p. 1039) set out the main characteristics of knowing in order to allow firms to understand and analyse knowledge work processes:

Mediated knowing is manifested in shared systems of language and terminology, technological platforms, collaboration networks, and control processes;

Situated knowing is context dependent and relevant within particular dimensions of time and space;

Provisional the process of knowing is not static, but rather it relies upon the continuous process of knowledge construction and development;

Pragmatic knowing is object-oriented and must be retained and used by knowledge workers to fulfil a specific purpose;

Contested knowing is not infallible and can be challenged by other knowledge workers based on the inherent organizational power structures.

We contend that Quality should become Compliance-Innovation’s principal objective to unify departments under an overarching goal of ‘conformance to requirements’ (Crosby 1979)


5 Quality as a Unifying Goal of Compliance-Innovation continued

While any ‘knowledge’ located in depositories or Knowledge Management Systems is what can be codified and formalised, it forms only one element of an organization’s knowledge – the tip of the knowledge iceberg. Another compelling and increasingly significant element of knowledge is subjective knowledge learned through professional experience and while some of this is embodied in individuals as tacit knowledge, there is also knowledge that cannot be pinned down to “assigned tasks or to external tools or to the environment but instead lie in the relations among them” (Lave, 1993: 9).

Drucker (1999, p. 84) believes that Quality is a key determinant of knowledge work productivity and, therefore, knowledge workers must strive to achieve “not minimum quality but optimum if not maximum quality” in their output. Drucker (1999) states that organizations must first define what the concept of quality means for knowledge work, by considering what the task and the desired results are for knowledge-work activities. This definition of quality, which should be based on consensual agreement between management and knowledge workers, can then be applied to targeted activities through change management practices (Crosby, 1979; Drucker, 1999; Schroeder, 2010).

From an in-depth literature review Reeves & Bednar (1994) found there is no universally accepted definition of Quality, instead each organization differs in their understanding of the concept according to their unique circumstances. The authors categorise Quality in four general ways: excellence, value, conformance to specifications, or meeting/exceeding customer expectations. Reeves et al. (1994) assert that trade-offs exist between each quality category and, therefore, it is essential that quality management initiatives are properly designed and implemented in line with the organizational context. The relative strengths and weaknesses of each category must be understood when defining quality to ensure that business activities can deliver on expectations (Reeves and Bednar 1994; Schroeder 2010).

Similarly Ashkenas (2012) argues that continuous improvement schemes such as Total Quality Management must be customised to fit the unique contexts they apply to. Using an example Ashkenas (2012) explains that the meaning of quality in manufacturing is entirely different to that of research work, even within the same organization. This again relates to how Quality is defined and illustrates the importance of seeking shared understandings between knowledge workers and management before communicating and imposing any single definition. According to Ashkenas (2012) when defining Quality firms must pay close attention to what the process, objectives and subculture of the contexts are to see whether innovation or efficiency, for example, is a priority.

The next section looks at how Quality is defined for the concept of Compliance-Innovation drawing on primary and secondary research.

5.2 Defining Quality for Compliance-Innovation Compliance-Innovation is a transformational concept that provides organizations with a means to develop stronger Innovation Value Chains through the integration of GRC and innovation knowledge bases, in turn supporting commercialisation and business sustainability.

Technology plays a crucial role here and optimally integrated ICT platforms are essential in fostering strong lines of interdepartmental communication and, more importantly, in enabling continuous recording, storage and retrieval of knowledge. However, companies still need to create a unifying goal to ensure employees in different functions understand, are committed to and enabled to achieve Compliance-Innovation. The concept of Quality offers such a unifying property for Compliance-Innovation. Once a consistent definition has been agreed the notion of Quality can be embedded into Compliance-Innovation activities which, in turn, can support cross-functional collaboration throughout the Innovation Value Chain.

“I would say that compliance and quality are connected within our company. We have environmental divisions that basically provide advice to engineers, designers, and R&D teams regarding questions around regulation and quality. Due to the size of our company compliance and quality have to be integrated in this way as otherwise it would only take place at a corporate level which would be detached from what is going on in the business units.”David Scuderi, Environmental Affairs Manager, Samsung

As the organizational definition of Quality can strongly influence the nature of knowledge worker productivity, companies must take care to form a consensual definition. This is especially important for Compliance-Innovation given the strategic impact of Compliance-Innovation activities. A weak definition of Quality can affect knowledge worker engagement and motivation in knowledge management tasks and, therefore, affect the successful adoption and continual development of Compliance-Innovation practices.


2 Limitations of G

RC3 C



6 Six Sigma Q

uality7 C

onclusionReferences

1 Introduction5 Q

ualityExecutive Sum

mary


Compliance-Innovation essentially aims to balance the upside and downside perspective of risk management, through the integration of GRC and innovation knowledge, to ensure that decision processes meet all contextual requirements. Therefore, we contend that Compliance-Innovation Quality aims to generate commercial benefit from Compliance-Innovation knowledge throughout activities across the Innovation Value Chain. The implied characterisation of knowledge work quality in Compliance-Innovation draws on Crosby’s (1979) definition of quality as conformance to requirements. Crosby (1979) viewed the concept of quality as a business opportunity rather than just a risk that needs to be mitigated – an idea that closely resonates with the key principles of Compliance-Innovation.

By communicating this characterisation of Compliance-Innovation quality, knowledge workers can seek out opportunities in the Innovation Value Chain while continuing to balance risks and business sustainability goals in their daily tasks. Integrated platforms accelerate this cycle by facilitating workers in meeting all quality requirements (Alavi and Leidner 2001; Gold et al. 2001; Janz et al. 1997). In addition, a company can then begin to analyse knowledge work processes in order to identify waste and reshape job structures to support quality management (Crosby 1979; Drucker 1999; Schroeder 2010) i.e. automate administration activities through IT, to allow knowledge workers to focus more on value- adding activities such as opportunity recognition and customer service.

“Compliance programs are very important to quality management. For instance, IT equipment can have sensitive data at its end of life and so there’s a huge risk profile around managing this. Compliance programs must deliberately impose a very high standard of quality on that basis. That does come at a specific cost but it’s a cost that protects the company’s brand, it protects their products, it protects their customers… You need constant innovation on how you manage that.”Jean Cox-Kearns, Director of Compliance – Global Takeback, Dell

The following subsection addresses the importance of fostering cross-functional collaboration for achieving Quality through Compliance-Innovation.

5.3 The Need for Cross-Functional Collaboration in Achieving QualityCompliance-Innovation quality is not the sole responsibility of the GRC function but rather is the collective duty of the organization. Therefore, several departments must be involved in meeting contextual requirements to ensure that Quality is achieved continuously. Based on our research it was clear that in order for the Compliance-Innovation paradigm to be operationalized, businesses must first create a culture of Quality where cross-functional collaboration is fostered.

Cross-functional teams are frequently organised within the Innovation Value Chain, with the implicit objective of generating higher levels of Absorptive Capacity to deal with large quantities of information and knowledge, and make effective decisions (Lovelace et al. 2001). Within the Compliance-Innovation domain for instance, interdisciplinary knowledge and expertise gleaned from functions such as legal, government and regulatory affairs, design, engineering, environment, marketing and sales, can be very useful in meeting the demands of globalisation and new product development processes.

“You almost need to have subject matter experts for the different parts of the world…To drive (compliant market access) you need people with the right skill set who can help setting the requirements that are specific to your products.”

Sake Niemeijer, Global Product Stewardship Director Automation and Control Systems Honeywell

Based on our qualitative research, cross-functional collaboration is essential to the successful implementation of a quality driven Compliance-Innovation approach. Intradepartmental functions must work together to achieve the unified value-adding proposition of Quality. We use the term ‘Compliance-Innovation Quality Loops’ (CIQLs)to describe the requisite collaborative process needed for Compliance-Innovation. Essentially, CIQL teams come together to solve problems or work on opportunities, and typically consist of a team of representatives across different departments or functional areas, set with the task of ensuring Quality is accurately defined and implemented across the organization; the exact composition of the Quality Loop varies with the unique context of each organization. Figure 10 offers an example of one such Quality Loop, involving departments including regulatory affairs, environment, design, engineering, marketing, and sales. Meanwhile, Human Resources (HR), IT, and quality assurance would involve themselves periodically to audit issues and verify whether the information is being treated with a view to maximising usefulness both to current objectives and future value extraction, i.e. from a strategic growth perspective.

“There would need to be a lot of collaboration if you were going to try and innovate – you’d need the detailed material knowledge, and the ability to test, you’d need to know if you can actually manufacture it, and you’d need to know that it’s scalable. I think there would definitely be an opportunity for a technology platform that would share knowledge about innovation in the whole area... There’s so much going on that having all the (compliance) information in the one place is vital.”

Therese Deane, Program Manager (Technical), Environmental Product Compliance, EMC



QualityDesign

Regulatory Affairs

Environment

Engineering

MarketingSales

HR

IT(Integration /

usability)

Quality Assurance /

Audit

Figure 10: The Compliance-Innovation Quality Loop (CIQL)

The cross-functional loop revolves around the principal concept of quality.


2 Limitations of G

RC3 C



6 Six Sigma Q

uality7 C

onclusionReferences

1 Introduction5 Q

ualityExecutive Sum

mary

. CIQLs should not be seen as a ‘closed shop’ and the size and composition of a Quality Loop can change over time. This can also help stimulate new ways of thinking by bringing in new representatives with different perspectives on Quality. Balance is required as large and divergent groups may be more difficult to coordinate and lead to more contentious debates with less effective outcomes i.e. stifling creativity and inhibiting timely decision-making (Holland et al. 2000; Lovelace et al. 2001).

A collaborative culture must first be fostered, through effective leadership, freedom to express doubt, and strong communication mechanisms, to allow CIQL teams to achieve innovation while adhering to constraints (Holland et al. 2000; Lovelace et al. 2001). This means that cross-functional teams will engage more effectively throughout the Innovation Value Chain while also meeting constraints such as GRC requirements and budget targets. Collaborative environments also help overcome any inherent resistance to knowledge sharing as team members more readily share information and knowledge when they feel that it would be beneficial to the team’s common goal (Gold et al. 2001; Leonard and Sensiper 1998; Osterloh and Frey 2000).

In the next section, Six Sigma is considered as a means to increase the pace at which benefits can be realised from the Compliance-Innovation paradigm.

In Figure 10 circles represent departments which are permanently central to the Quality Loop, while squares denote business units which periodically audit how information is being captured so it can deliver value not only at one point in time but for the future i.e. breaking down silos to ensure that knowledge is effectively captured and shared.

For example, regulatory affairs begin by collecting and prioritising all internal and external contextual requirements to be considered in decision processes.

The environmental engineering team distills and contextualises the requirements and disseminates them across functions such as R&D, design and manufacturing.

The marketing and sales department then drive the commercialisation of this R&D knowledge throughout the Innovation Value Chain, while still ensuring Quality.

In addition, the HR, IT, and quality assurance departments help manage knowledge assets and human capital within the business – ensuring that knowledge is adequately recorded, and data is tagged as required.

External auditors ought to be able to examine the processes, decisions and implementations and deliver to the Board a certificate of CKMS excellence.



6 Embedding Six Sigma Quality into Compliance-Innovation

6.1 Driving Systematic Quality Standards through Six SigmaFlynn et al. (1995 p. 660) explain that quality management can be defined as an “integrated, inter-functional means of achieving and sustaining competitive advantage”, where senior management instil quality standards throughout the organization using quality management methodologies. One such methodology is Six Sigma, an ambitious approach to quality management which rose to prominence following heralded successes of companies such as GE and Motorola in the late 80s and 90s. Six Sigma has continued to remain popular among practitioners with many other high-profile companies, such as Honeywell and DuPont, implementing their own Six Sigma strategies to great effect (Kwak and Anbari 2006).

Six Sigma is an aggressive data-driven methodology for continuous operational excellence and quality improvement (Antony and Banuelas 2002; Kwak and Anbari 2006). The approach involves statistical techniques such as regression analysis and process control charts to analyse defects and deviations of products, services, and processes. Technological platforms and computational software are used to track data and calculate results.

Six Sigma is primarily focused on a customer-oriented view of quality, reflected in the fact that customer requirements are the gamut from which defects and deviations are identified and measured i.e. Critical to Quality (CTQ) parameters. Achieving the Six Sigma mark requires an organization to reach a total

process yield of around 99.99966%, or 3.4 defects per million opportunities (Linderman et al. 2003). Basing Six Sigma efforts simply on internal considerations may lead to outcomes which do not meet customer expectations. Therefore, it is essential that customer needs are accurately defined to ensure that Six Sigma efforts are financially beneficial and worth the significant investment required.

The Six Sigma approach recognises that quality defects and deviations arise from an organization’s systems and culture, rather than the employees. Therefore, managers must first look at designing and embedding operational excellence into systems and culture, and then continuously monitoring, reporting, sustaining, and improving the Six Sigma competence. This on-going process is supported by such statistical tools as control charts to analyse data and performance, with reports and communication plans then used to foster informed decision-making. This helps lead to improved customer value, productivity, cost effectiveness, process performance (elimination of waste), and competitive advantage (Antony and Banuelas 2002; Kwak and Anbari 2006).

Six Sigma benefits are delivered through two primary techniques, Design for Six Sigma (DFSS) and Define, Measure, Analyse, Improve, and Control (DMAIC). DFSS relates to how products, services, and process are designed from scratch using Six Sigma (see Figure 11). This means that customer requirements are embedded into newly designed products, services, and process through the sequential course: Define, Measure, Analyse, Design, and Verify.

The intensive quality management method of Six Sigma offers one representative example of a coherent means for implementing Compliance-Innovation.

Figure 11: Key Steps of Six Sigma using DFSS Process

Initiate and plan the project

Define Measure Analyze Design Verify

Capture the customer needs

Develop design concepts

Develop detailed design

Implement fullscale processes

Source: Kwak & Anbari, 2006; p709


2 Limitations of G

RC3 C



5 Quality

7 Conclusion


6 Six Sigma Q

ualityExecutive Sum

mary

DMAIC (Define, Measure, Analyse, Improve, and Control) targets focus on the continuous improvement of existing products, services, and processes, as opposed to the ground up approach of DFSS (see Figure 12).

Structured changes and management commitment are required to ensure that these existing products, services, and processes meet customer requirements. Once either the DFSS or DMAIC technique has been effectively implemented, variability is then measured continuously to ensure that progression is being made towards the end goal of the Six Sigma standard (Kwak and Anbari 2006).

Compliance-Innovation can be delivered using the central principles of Six Sigma and drive major improvements in quality management.

6.2 Quality Incarnated – Compliance-Innovation Powered by Six SigmaWe propose that Six Sigma could become an enabler of the Compliance-Innovation paradigm. By operating Compliance-Innovation activities at a viable sigma level, and with a view to continuous improvement in the long term, organizations can ensure that they reach optimal levels of quality i.e. conformance to requirements. By setting challenging yet attainable goals, employees will be motivated to enhance quality standards and push out any imagined performance frontiers, while thoroughly meeting regulatory, innovation, and commercial requirements (Linderman et al. 2003).

A Six Sigma driven approach to Compliance-Innovation can help a company achieve competitive advantage through the continuous improvement of two categories of quality management practices: core and infrastructural as presented in Table 2.

6 Embedding Six Sigma Quality into Compliance-Innovation continued

Figure 12: Key Steps of Six Sigma using DMAIC Process

Define

Measure

Analyze

Improve

Control

Six Sigma steps Key processesDefine the requirements and expectations of the customerDefine the boundariesDefine the process by mapping the business flow

Measure the process to satisfy customer needsDevelop a data collection planCollect and compare data to determine issues and shortfalls

Analyze the causes of defects and sources of variationDetermine the variations in the processPrioritize opportunities for future improvement

Improve the process to eliminate variationsDevelop creative alternatives and implement enhanced plan

Control process variations to meet customer requirementsDevelop a strategy to monitor and control the improved processImplement the improvements of systems and structure

Source: Kwak & Anbari, 2006; pg. 709

Table 2: Core and Infrastructural Quality Management Practices

Infrastructural Quality Management Practices

Top Management Support

Integrated CKMS

Smart Regulation

Customer Relationships

Change Management

New Incentive Frameworks

Core Quality Management Practices

Centralised Compliance-Innovation Strategy

Data-driven Decision Making

GRC Support for the Innovation Value Chain

Cross-functional Collaboration (CIQL)

Source: Adapted from Flynn et al. (1995)



6.2.1 Core Quality Management PracticesCore quality management practices can be defined as those which “are expected to lead directly to improved quality performance” (Flynn et al. 1995 p. 660). Based on our primary and secondary research, we identified the following four core practices.

Centralised Compliance-Innovation Strategy A recent study by KPMG (2011a) revealed less than 10% of companies achieved full convergence between GRC and business strategy. This is a worrying statistic, as without an integrated approach to GRC and innovation companies have an incomplete view of all organizational risks and opportunities and, therefore, their decision-making processes remain suboptimal. Formulating a centralised Compliance-Innovation strategy must consider all contextual requirements such as commercialisation and sustainability to help management prioritise Quality throughout the organization and, in turn, drive competitive advantage. In addition, such a strategy can build higher levels of employee commitment, and help focus efforts for the Compliance-Innovation paradigm.

Data enabled decision-making Data enabled decision-making (i.e. for evidence-based business decisions) contributes to efforts to embed quality into all action plans. Decision makers can be empowered with self-service tools to roll up/drill down and pivot data according to their information needs i.e. parameter dimensions and data granularity: timeframe, location, and workers responsibility etc. For instance, high level CKMS dashboards can provide decision makers with an eagle-eye view on whether the company is meeting all its quality goals. Six Sigma statistical tools such as control charts can help managers quickly identify, remedy, and prevent quality variability. The filtered data presented through the CKMS dashboard allows managers to assimilate and transform critical information into knowledge, which can then be exploited through decision-making processes.

GRC Support for the Innovation Value Chain It becomes increasingly challenging to manage the Innovation Value Chain where an organization’s innovation portfolio is spread across numerous departments (McKinsey & Company 2007). As a result, integrated GRC activities are essential to coordinate and govern the whole Innovation Value Chain and create consistent risk assessments of all submitted business cases. This means that by involving the GRC department in innovation activities, a firm can improve its decision-making processes regarding the primary stages of the Innovation Value Chain i.e. idea generation (in-house, cross-pollination, external), conversion (selection, development), and diffusion (spread). The infrastructural practice of using a CKMS can help this process further by holding all innovation ideas, strategies, and contextual requirements in one central repository 16.

Cross-functional Collaboration (CIQL) Cross-functional collaboration is needed to build an integrated approach to Compliance-Innovation across the organization. By designating responsibility for quality management of problem-solving and opportunity-chasing to cross functional teams, a company can create a consistent approach to Six Sigma powered

Compliance-Innovation and build collaborative decision-making processes. This cross-functional team, the Compliance-Innovation Quality Loop (CIQL), needs a consensual definition of quality for Compliance-Innovation activities, and must also manage any conflicting perspectives within the Innovation Value Chain.

“We have people from around the business who are looking at designing our products and looking at putting our products into the market, and we’re trying to keep these guys up to date with relevant information in their areas so that they can be confident that they’re doing the right thing…The product spectrum is so diverse and you have people that in theory would never talk to each on a business perspective because their products are so different, but the same principles apply.”

Colin Thirlaway, Global Product Compliance Leader at Stanley Black & Decker

6.2.2 Infrastructural Quality Management PracticesInfrastructural quality management practices are those “which comprise the environment that supports effective use of the core quality management practices” (Flynn et al. 1995 p. 660). Our research indicated that six infrastructural practices were needed to ensure successful implementation of the Six Sigma powered Compliance-Innovation:

Top Management Support Six Sigma powered Compliance-Innovation must be fully supported by senior management to ensure employees are committed and motivated towards achieving quality (Antony and Banuelas 2002; Flynn et al. 1995). Similarly, executives must provide adequate resource backing to ensure that the expectations of quality standards placed on cross-functional activities can realistically be met. Another critical task is the design and delivery of effective and honest communication plans to ensure that necessary information flows to those with responsibility for measuring performance and outcomes of Six Sigma products, services, and processes. This can help facilitate change and ensure that a culture develops where Six Sigma goals are viewed as worthwhile, and with measurable benefits (Kwak and Anbari 2006).

“The problem is that the term compliance is embedding some ideas going back to the old times… and in most cases companies have done this for years then it’s just seen as administration. But if compliance is more strategic it means that the whole regulatory and political environment is considered in your design - becoming more sustainable, more socially responsible, more environmentally friendly. This is a really important decision and the board and top management of companies have to take it into consideration. Companies that are greener do better, and those that have sustainability in their strategic approach are doing better than other companies.”Guy Van Doorslaer, Secretary General of several European manufacturers associations in the engineering industry


2 Limitations of G

RC3 C



5 Quality

7 Conclusion


6 Six Sigma Q

ualityExecutive Sum

mary


Integrated CKMS The Six Sigma method can be boosted further within the Compliance-Innovation domain by using integrated CKMSs to ensure that critical tasks such as the monitoring of process variability, knowledge sharing, communication, event tagging and risk assessments are carried out effectively using one central platform. CKMS tagging helps make sure that all knowledge and information is organised centrally, by allowing users to complement all content with supporting attachments, reports, responsibilities, contextual and geographical information etc. In particular, mapping contextual knowledge can ensure new/existing workers can get up to speed quickly by reducing the need for information foraging, and also prevents knowledge from leaking out of the firm.

Smart Regulation The global avalanche of regulation has forced businesses of all sizes to deal with an increasing array of compliance requirements. Despite the increased production of regulation there have been relatively few amendments in the manner in which regulation is consumed. According to the OECD (2000, 2012) the design of a regulatory policy may place an excessive burden on the regulated party, with complex regulatory structures increasing the cost of compliance for businesses due to the difficulties in managing the administrative workload. Smart Regulation, defined as the use of semantic annotation technology to transform the content of regulatory documents into machine-readable language is, therefore, urgently needed to streamline the compliance process, and to ensure that businesses can focus on value-adding activities such as quality management and business sustainability.

Customer Relationships As customer requirements are a central component of Six Sigma and determine how quality standards are defined and met, it becomes crucial for business to establish and maintain open channels of communication with key customers. These communication channels ensure that customer needs are accurately defined, such as those relating to design specifications and tolerances, and ensure that variability can be reduced in the long run by effectively designing products, services, and processes for Six Sigma goals (Flynn et al. 1995). By entering into continuous feedback sessions with customers a business can meet quality standards in a more flexible and sustainable way, and subsequently build stronger loyalty and satisfaction levels among their customer base.

Change Management Consecutively, a culture must also be fostered where resources are organised in a disciplined way to ensure that the organization develops sustainable Six Sigma capabilities; otherwise, the Six Sigma driven approach to Compliance-Innovation is unlikely to thrive (Powell 1995). Change management techniques such as project champions, communication plans, and education sessions can help successfully

disseminate and implement the Six Sigma effort (Antony and Banuelas 2002). Differentiated training schemes can be provided according to the business actor’s role, with various coloured belts used to symbolise an employee’s Six Sigma knowledge and experience i.e. yellow, green, black, master (Kwak and Anbari 2006). In addition, project management techniques are needed to organise, coordinate, and manage the varied stakeholders and activities affected by Six Sigma.

New Incentive Frameworks New incentive frameworks driven by Compliance-Innovation and Quality goals are needed to build commitment across the organization. By rewarding workers for such collaborative efforts as knowledge sharing and cross-functional decision making, managers can build a culture that aims to meet both internal and external requirements. The divide between the goal-oriented incentive schemes of different departments would also need to be addressed - for instance where the marketing department is rewarded for short-term commercialisation, while GRC is incentivised to focus on long-term sustainability. By creating a new balanced incentive scheme, managers can quell prior departmental allegiances as the responsibility for end results is shared across multiple functions. Incentive schemes can also emphasise an increased focus on quality, while still recognising the need for sustainability, idea generation, speed-to-market, and growth.

Six Sigma can only be implemented effectively if there is a mechanism in place to ensure clear delineation of roles and responsibilities. This means that certain members of staff must be made accountable for sustaining and improving quality standards through, for example, measuring quality deviations across workflow activities. A CKMS can provide one such mechanism where each business actor’s role and responsibilities are clearly visible on the shared IT platform, including any deviations from agreed targets (e.g. risk analyses across markets), and supporting information is made available to facilitate decision-making for continuous improvement.

Therefore, we argue that taking a Six Sigma perspective on Compliance-Innovation allows firms to radically alter their approach to compliance and innovation. By utilising Six Sigma’s intensive statistical and data-driven methodology, Compliance-Innovation activities can direct unbridled attention towards conformity to requirements: knowledge commercialisation and business sustainability. We believe this can in turn drive the next major improvement in quality management, where rigorous decision-making and knowledge management processes are employed to deliver strategic growth.


7 Conclusion

However, since many investments were made tactically rather than strategically, integration of key related activities such as governance, compliance, and risk functions, was lacking. (Price Waterhouse Coopers, 2012).

Many firms host siloed structures and data duplication that adversely affect the information management practices within their GRC functions (OCEG, 2012a; Price Waterhouse Coopers, 2012). Substantial expenditures required to maintain siloed GRC systems, as process inefficiencies rise with increased business complexity (Ernst and Young, 2010), can be more productively exploited if perceived as sources of further and enhanced productive services for their organisations.

A similar picture emerges when considering innovation processes. McKinsey (2012) report that half of organizations segregate innovation across distinct innovation functions. This implies that numerous innovation models are being employed across business units with little, if any, integration across projects. Again, a lack of consistent governance among innovation activities is identified as contributing to poor performance tracking and bounded decision-making across siloed innovation structures.

Such siloed orientations and practices are at odds with a world where knowledge integration is increasingly the basis of competitive advantage. Integration of GRC and innovation activities and knowledge provides businesses with greater insight into the innovation process, allowing them to be more confident in their decision-making. Integrating processes can open up opportunities for the GRC function to assess new ideas (for product, process, marketing or even organisational innovation). Firms can scan their environment to acquire new compliance-related events or information, assimilate it, and apply it within the context of current market and technological knowledge bases for productive opportunities e.g. by assessing the potential revenue and cost streams from entering into a new market within the context of its strategic imperatives.

Compliance-Innovation offers a quality-based orientation to drive intensified efforts towards conformity to requirements by responding to business imperatives of knowledge commercialization and business sustainability in addition to risk and control activities. Involving the GRC initiative centrally in innovation activities, a firm can improve its decision-making processes regarding the various stages of its Innovation Value Chain i.e. idea generation (in-house, cross-pollination, external), conversion (selection, development), and diffusion (spread). The infrastructural practice of using a CKMS can help this process by holding all innovation ideas, strategies, and contextual requirements in one central repository enabling continuous recording, updating, storage and retrieval of information and the generation of knowledge.

Attending to growth with sufficient focus is challenging in the face of increasing demands on Boards and Directors to address not only considerably more but increasingly complex types of risks. Further evolution of GRC is needed to create and sustain an enterprise-wide footprint with active pursuit of growth opportunities jointly through both GRC and innovation activities. In the absence of this development, strategic growth opportunities are being, and will be, missed. Our perspective on GRC demands an integrated Compliance Knowledge Management (CKM) approach, supported by an information technology (IT) infrastructure, adaptable to the needs of teams of Knowledge Workers. The impact of this approach would be to substantially increase the likelihood of capitalising on investments in the various aspects of the compliance function through recognising and acting on the cross-cutting activities and knowledge flows that relate to compliance and innovation processes.

Responding to the pace of regulation production many organizations reacted logically by developing their internal risk and control activities.


2 Limitations of G

RC3 C



5 Quality

6 Six Sigma Q

ualityReferences

1 Introduction7 C

onclusionExecutive Sum

mary

A consensual notion of quality as an overarching goal underlies the value proposition of Compliance-Innovation ensuring that knowledge workers are both united and supported in their quest to achieve conformance to requirements. Delivering innovation in how Knowledge Workers are supported and how their contributions at work are validated represents in itself a quality approach to human resources that may require innovation in business practices. Building cross-functional collaboration, for instance through Compliance-Innovation Quality Loops (implemented through Six-Sigma processes, for example) can drive systematic changes in the organization’s GRC and innovation practices through the process of negotiating innovation goals and organizational constraints.

We set out the concept of Compliance-Innovation as a means to address the current challenges and shortcomings of GRC and innovation management practices. Compliance-Innovation delivers the ability to integrate, build, and reconfigure knowledge assets from the GRC and innovation domains across the Innovation Value Chain to achieve sustainable competitive advantage.

Compliance-Innovation proposes to bring an explicitly greater commercial edge to GRC activities elevating the GRC to a more strategic role in the organization, where both the pursuit of opportunities and mitigation of risk are at the heart of all strategic thinking and action. Both the business and its knowledge workers benefit from changes in the knowledge that can be acquired and its fit with business goals facilitates focused execution. Enabled by appropriate IT platforms more effort can be dedicated to value-adding activities across the Innovation Value Chain, while reducing the time needed for administrative tasks that impose substantially higher cost (including time) without delivering comparable value to the customer i.e. rummaging for sought-after GRC or innovation information.

We contend that through knowledge-base integration of the GRC and innovation domains - using a platform as a central repository for such collective knowledge - knowledge workers can apply their cumulative absorptive capacity to acquire, assimilate, and transform key contextual knowledge. In turn, organizations can build stronger decision-making processes relative to the Innovation Value Chain by incorporating governance, compliance and risk management mechanisms throughout their innovation portfolio.

Compliance-Innovation is, therefore, a transformational concept that provides organizations with a means to develop stronger Innovation Value Chains through the integration of GRC and innovation knowledge bases, in turn leading to commercialisation and business sustainability.

Conclusion continued


References

Table of Figures and Tables

Figure 1: Absorptive Capacity driving strategic growth 5

Figure 2: Essential Activities to GRC Objectives 8

Figure 3: Processes with Greatest Impact on Innovation Performance 10

Figure 4: Organizational Barriers to an Integrated GRC Approach 12

Figure 5: The Information Systems Triangle 15

Figure 6: GRC Capability Model Component View 16

Figure 7: The Golden Line of Absorptive Capacity 17

Figure 8: Compliance/Quality axis drives customer loyalty 20

Figure 9: The Innovation Value Chain 23

Figure 10: The Compliance-Innovation Quality Loop (ICQL) 32

Figure 11: Key Steps of Six Sigma using DFSS Process 34

Figure 12: Key Steps of Six Sigma using DMAIC Process 35

Table 1: Business/Compliance Professionals Contributing to Research 6

Table 2: Core and Infrastructural Quality Management Practices 35


2 Limitations of G

RC3 C



5 Quality

6 Six Sigma Q

uality1 Introduction

References7 C

onclusionExecutive Sum

mary

Notes

1 While this matters for individual businesses and is our focus here it is also central in contributing to the innovation, development and utilisation of productive resources in ways that can boost the real incomes of increasing numbers of people across economies. Lazonick and O’Sullivan (2002) explore the relationship between corporate governance and sustainable prosperity and point to the need to invest in both broad and deep skill bases of employees.

2 Customers and buyers’ willingness-to-pay is a standard determinant of products that embody ‘quality’ attributes, as explained by Aiginger (2000).

3 When such qualities are associated with specific organisations and their products or services they enhance the appeal in the eyes of certain consumer segments and also for other stakeholders.

4 Including, for example, Total Quality Management, Lean, Just-in-Time/Toyota Production System, Benchmarking, Six-Sigma. We return to Six-Sigma at the close of our paper to apply some of our thinking.

5 Environmental sustainability and quality management initiatives have been deemed as analogous (Hart et al.1996): both view waste as a sign of process inefficiency to be eliminated. It has been argued that it is cheaper for businesses to build prevention mechanisms to deal with sustainability goals, rather than control the effects of poorly designed quality processes ex-post (Shrivastava 1995). In addition, sustainability could be embedded into pre-existing TQM processes where “continuous improvement methods (are) focused on environmental objectives”, with employees and ‘green teams’ actively involved in reducing resource inefficiency (Hart et al. 1996 p. 31).

6 Dyllick and Hockerts (2002) state that business sustainability is founded on an organization’s ability to maintain and improve the ‘triple bottom line’ of economic, environmental, and social capital. This means a firm must balance the short-term and long-term needs of stakeholders (direct and indirect) through the sale of value-adding goods and services, which are produced in line with the earth’s carrying capacity, and exert a maximum positive social impact.

7 The authors gratefully acknowledge the input of the interviewees and appreciate their contributions.

8 ‘The ‘avalanche of regulation’ is a term used to describe the increasing amounts of regulatory production being dealt with by modern compliance functions and the difficulties entailed in meeting complex, and divergent legal and supra-legal requirements.

9 Hagerty and Kraus, 2009.

10 As Knight, as early as 1921, pointed out, business is based on inherent and absolute unpredictability. Substantial analysis is and can be carried out in assessing options and computing risk profiles, yet people’s expectations and confidence is extremely precarious. Businesses implement strategies that balance their expectations, based on risk analyses, but not all uncertainty, even using the most sophisticated of models, approaches and data, can be converted meaningfully into risk. Selecting and implanting strategies that emerge as appropriate given expectations and business/consumer confidence results in business profits.

11 Norman Marks – “Risk Management is Not Just About the Downside” 20th November 2012, available at: www.theiia.org/blogs/marks/index.cfm/post/Risk%20Management%20is%20NOT%20Just%20About%20the%20Downside?goback=.gde_95089_member_187991872

12 The innovation process is also known as the ‘Innovation Value Chain’ which is explored further below.

13 For example Roper (2008; pg. 962) lists the five different types of knowledge sourcing activity shaping firms’ innovation as: 1) in-house R&D, 2) forward linkages to customers, 3) backward links to either suppliers or external consultants, 4) horizontal linkages to either competitors or through joint ventures and 5) linkages to universities or other public research centres.

14 Maltz et al. (2001) highlight that conceptual use of information has not yet been studied extensively in research into innovation.

15 As Drucker (1999) explained business performance and value creation in the 21st century would be driven by the productivity of knowledge workers.

16 The full complement of infrastructural quality management practices are dealt with in section 6.3.

References continued


Aiginger, K. (2000), “Europe’s Position in Quality Competition”, European Commission, DG Enterprise, Working Paper, Brussels, 2000.

Alavi, M., & Leidner, D. E. (2001). Review: Knowledge Management and Knowledge Management Systems: Conceptual Foundation and Research Issues. MIS Quarterly, 25(1), 107–137.

Accenture (2011). Report on the Accenture 2011 Global Risk Management Study, pp. 1–54.

Antony, J., and Banuelas, R. (2002). Key ingredients for the effective implementation of Six Sigma program, Measuring Business Excellence (6:4), pp. 20–27.

Ashkenas, R. (2012). It’s Time to Rethink Continuous Improvement. Harvard Business Review. Retrieved December 19, 2012, from http://blogs.hbr.org/ashkenas/2012/05/its-time-to-rethink-continuous.html

Barney, J. B. (1991). Firm Resources and Sustained Competitive Advantage, Journal of Management (17:1), pp. 99–120.

Belloc, F. (2011). Corporate Governance and Innovation: a Survey. Journal of Economic Surveys, 26(5), 835–864.

Berners-lee, B. T., & Hendler, J. (2001). The Semantic Web. Scientific American, 21(May), 34–43.

Blackler, F. (1995). Knowledge, Knowledge Work and Organizations: An Overview and Interpretation. Organization Studies, 16(6), 1021–1046.

Brynjolfsson, E. (1993). The Productivity Paradox of Information Technology. Communications of the ACM, 36(12), 67–77.

Butler, & McGovern. (2008). Adopting IT to Manage Compliance And Risks- An Institutional Perspective. Proceedings of the 16th European Conference on Information Systems, 2008, 1043.

Butler, T., & McGovern, D. (2012). A Conceptual Model and IS Framework for the Design and Adoption of Environmental Compliance Management Systems. Information Systems Frontiers, 1–41.

Cohen, W. M., and Levinthal, D. A. (1990). Absorptive Capacity: A New Perspective on Learning and Innovation, Administrative Science Quarterly (35:1), pp. 128–152.

Crosby, P. B. (1979). Quality is free: the art of making quality certain, New American Library, pp. 270.

Dahlgaard-Park, S. M., Chen, C. K., Jang, J. Y., & Dahlgaard, J. J. (2013). Diagnosing and Prognosticating the Quality Movement – A Review on the 25 Years Quality Literature (1987–2011). Total Quality Management & Business Excellence, 24(1-2), 1-18.

Davenport, T.H. and Prusak, L. (1998) Working Knowledge: How Organizations Manage What They Know. Boston MA: Harvard Business School Press.

Dyllick, T., & Hockerts, K. (2002). Beyond the Business Case for Corporate Sustainability. Business Strategy and the Environment, 11(2), 130-141.

Doyle, E. (2007). Compliance Obstacles to Competitiveness. Corporate Governance, 7(5), 612–622.

Drucker, P. F. (1999). Knowledge-Worker Productivity: The Biggest Challenge, California Management Review (41:2), pp. 79–94.

Eisenhardt, K. M., & Martin, J. a. (2000). Dynamic capabilities: what are they? Strategic Management Journal, 21(10-11), 1105–1121.

El Kharbili, M., Stein, S., Markovic, I., & Pulvermüller, E. (2008). Towards a Framework for Semantic Business Process Compliance Management. Proc. of the 1st Int’l Workshop on Governance, Risk and Compliance (GRCIS’08), 1–15.

Ernst and Young. (2010). The Multi-billion Dollar Black Hole - Is your Governance, Risk and Compliance Investment being Sucked in?, pp. 1–7.

Flynn, B. B., Schroeder, R. G., and Sakakibara, S. (1995). The Impact of Quality Management Practices on Performance and Competitive Advantage, Decision Sciences (26:5), pp. 659–691.

Freeman, C (1997). The Economics of Industrial Innovation - 3rd Edition. third edition. The MIT Press.

Gladwin, T. N., Kennelly, J. I., and Krause, T. (1995). Shifting Paradigms For Sustainable Development: Implications For Management Theory and Research, Academy of Management Review (20:4), pp. 874–907.

Gold, A. H., Malhotra, A., and Segars, A. H. (2001). Knowledge Management: An Organizational Capabilities Perspective, Journal of Management Information Systems (2:l), pp. 185–214.

Hagerty, J. and Kraus, B. (2009). in GRC in 2010: $29.8B in Spending Sparked by Risk, Visibility, and Efficiency, AMR Research, Boston.

Hansen, M. T., and Birkinshaw, J. (2007). The Innovation Value Chain., Harvard business review (85:6), pp. 121–30, 142.



2 Limitations of G

RC3 C



5 Quality

6 Six Sigma Q

uality7 C

onclusion1 Introduction

ReferencesExecutive Sum

mary

Hart, S. L., Ahuja, G., and Arbor, A. (1996). Does it Pay to be Green? An Empirical Examination of the Relationship between Emission Reduction and Firm Performance, Business Strategy and the Environment (5:1996), pp. 30–37.

Hart, S. L., and Milstein, M. B. (2003). Creating Sustainable Value, Academy of Management Executive (17:2), pp. 56–66.

Holland, S., Gaston, K., and Gomes, J. (2000). Critical Success Factors for Cross-functional Teamwork in New Product Development, International Journal of Management Reviews (2:3), pp. 231–259.

Janz, B. D., Colquitt, J. a., and Noe, R. a. (1997). Knowledge Worker Team Effectiveness: the Role of Autonomy, Interdependence, Team Development, and Contextual Support Variables, Personnel Psychology (50:4), pp. 877–904.

Kim, W. C., & Mauborgne, R. (2005). Blue Ocean Strategy: How to Create Uncontested Market Space and Make Competition Irrelevant (p. 240). Harvard Business Press. Retrieved from: books.google.com/books?id=BmPPAjGaDuQC&pgis=1

Kiryakov, A., Popov, B., Terziev, I., Manov, D., & Ognyanoff, D. (2004). Semantic Annotation, Indexing, and Retrieval. Web Semantics: Science, Services and Agents on the World Wide Web, 2(1), 49–79. doi:10.1016/j.websem.2004.07.005

KPMG. (2011a). The Convergence Evolution – Global Survey into the Integration of Governance, Risk and Compliance, 1–27.

KPMG. (2011b). Risk Management – A Driver of Enterprise Value in the Emerging Environment. Risk Management Survey, 1–30.

Kwak, Y. H., and Anbari, F. T. (2006). “Benefits, obstacles, and future of six sigma approach,” Technovation (26:5-6), pp. 708–715.

Lave, J. (1993) The Practice of Learning in S. Chaiklin and J. Lave (eds.) Understanding Practice: Perspectives on Activity and Context. Cambridge: Cambridge University Press, p. 3-32.

Lazonick, W. & O’Sullivan, M. (eds), (2002), Corporate Governance and Sustainable Prosperity, New York: Palgrave.

Leonard, D., & Sensiper, S. (1998). The Role of Tacit Knowledge in Group Innovation. California Management Review, 40(3).

Linderman, K., Schroeder, R. G., Zaheer, S., and Choo, A. S. (2003). Six Sigma : A Goal-theoretic Perspective, Journal of Operations Management (21), pp. 193–203.

Lovelace, K., Shapiro, D. L., and Weingart, L. R. (2001). Maximizing Cross-Functional New Product Teams’ Innovativeness and Constraint Adherence: a Conflict Communications Perspective., Academy of Management Journal (44:4), pp. 779–793.

Maltz, E., Souder, W.E., Kumar, A., (2001). Influencing R&D/Marketing integration and the use of market information by R&D managers: intended and unintended effects of managerial actions. Journal of Business Research 52, 69–82.

McKinsey & Company. (2007). How companies approach innovation: A McKinsey Global Survey, 1–13.

McKinsey & Company. (2012). McKinsey Global Survey Results - Making innovation structures work, 1–8.

Mintzberg, H. (1987). “The strategy concept I: Five Ps for strategy,” California Management Review (30:1)Fall, pp. 11–24.

Nidumolu, R., Prahalad, C. K., and Rangaswami, M. R. (2009). “Why Sustainability is Now the key Driver of Innovation,” Harvard Business Review (87:9), pp. 56–64.

OCEG. (2012a). OCEG 2012 GRC Maturity Survey OCEG, pp. 1–48.

OCEG. (2012b). OCEG Red Book TM GRC Capability Model version 2.1, pp. 1–171.

OECD. (2000). Reducing the Risk of Policy Failure: Challenges for Regulatory Compliance, 1–91.

OECD. (2012). Working smarter in structuring the administration, in compliance, and through legislation, pp. 1–53.

Osterloh, M., and Frey, B. (2000). Motivation, Knowledge Transfer and Organisational Forms, INFORMS (11:5), pp. 538–550.

O’Sullivan D, and Dooley L. (2009). ‘Applying Innovation’: Sage Publications, Inc. 1-424

Peppard, J., Ward, J., & Daniel, E. (2007). Managing the Realization of Business Benefits from IT Investments. MIS Quarterly, 6(1), 1–11.



Penrose, E. T. (1995). The Theory of the Growth of the Firm, (Third Ed., ) USA: Oxford University Press. Original published in 1959.

Ponemon Institute. (2011). The Role of Governance, Risk Management & Compliance in Organizations – Study of GRC practitioners. Sponsored by RSA, The Security Division of EMC, (May).

Porter, M. E. (1985). Competitive Advantage: Creating and Sustaining Superior Performance. Simon and Schuster.

Porter, M. E. (1988). Managing value From competitive advantage to corporate strategy, Harvard Business Review (June 1987).

Porter, M. E. (1996). What is Strategy? Harvard Business Review, 74(6).

Porter, M. E., and Van Der Linde, C. (1995). “Toward a New Conception of the Environment-Competitiveness Relationship,” Journal of Economic Perspectives (9:4), pp. 97–118.

Powell, T. C. (1995). Total Quality Management as Competitive Advantage: A Review and Empirical Study. Strategic Management Journal, 16, 15–37.

Price Waterhouse Coopers. (2012). Broader perspectives; Higher performance. State of Compliance: 2012 Study, (June), pp. 1–24.

Reeves, C. A., & Bednar, D. A. (1994). Defining Quality: Alternatives and Implications. Academy of Management Review, 19(3), 419–445.

Roper, S., Du, J., & Love, J. H. (2008). Modelling the Innovation Value Chain. Research Policy, 37(6-7), 961–977.

Ross, J. W., and Beath, C. M. (2002). Beyond the Business Case : New Approaches, MIT Sloan Management Review (43:2).

Sandberg, J. and Targama, A. (2007). Managing Understanding in Organizations. London UK/Thousand Oaks CA: Sage.

Schroeder. R. (2010). Operations Management: Contemporary Concepts and Cases, McGraw-Hill Education, pp. 558.

Shrivastava, P. (1995). “The Role of Corporations in Achieving Ecological Sustainability,” The Academy of Management Review (20:4), pp. 936.

Sutcliffe, K. M., & McNamara, G. (2001). Controlling Practice in Organizations. Organisational Science, 12(4), 484–501.

Tarantino, A. (2008). Governance, Risk, and Compliance Handbook: Technology, Finance, Environmental, and International Guidance and Best Practices. Wiley.

Teece, D. J., Pisano, G., and Shuen, A. (1997). Dynamic Capabilities and Strategic Management, Strategic Management Journal (18:7), pp. 509–533.

Tiernan, C., & Peppard, J. (2004). Information Technology: Of Value or a Vulture? European Management Journal, 22(6), 609–623.

Trevor, J., and Kilduff, M. (2012) Leadership Fit for the Information Age, Strategic HR Review, (11: 3), pp.150-155.

Uren, V., Hall, W., and Keynes, M. (2006). Semantic Annotation for Knowledge Management : Requirements and a Survey of the State of the Art. Web Semantics: Science, Services and Agents on the World Wide Web, 4(1), 14–28.

Wang, R., & Strong, D. (1996). Beyond accuracy : What data quality means to data consumers. Journal of Management Information Systems, 12(4), 5–34.

Ward, J., Daniel, E., and Peppard, J. (2008). Building Better Business Cases for IT Investments, MIS Quarterly (7:1), pp. 67–78.

Zahra, S., and George, G. (2002). Absorptive Capacity: A Review, Reconceptualization, and Extension, Academy of Management Review (27:2), pp. 185–203.

Zollo, M., & Winter, S. G. (2002). Deliberate Learning and the Evolution of Dynamic Capabilities. Organization Science, 13(3), 339–351.


OfficesBrussels California Cork New York London

Ireland (head office) T +353 (0)21 435 1990 E [email protected]

US T +1 530 216 4455www.complianceandrisks.com

Documents

White Paper Compliance-Innovation April 2013