Collecting compliance information from suppliers and subcontractors is a costly, time-consuming, soul-destroying task. NIGEL DALTON-BROWN from metaSC summarises the issues and risks around supplier compliance and discusses the emerging COIN (community of interest) approach to compliance management.
It seems impossible: how can a facility manager slash administration costs and yet improve compliance and reduce risk? It isn’t so difficult if you apply social networking ideas to the business environment and build a community of interest (COIN) network.
Compliance management solutions that take a COIN industrywide approach can slash the cost of collecting and reporting on compliance across the industry.
DICING WITH COMPLIANCE – A RISKY BUSINESS
Patrick O’Donnell, associate director at CBRE, neatly summarised the need to collect compliance information recently when he stated: “In this day and age, the exposure to significant costs and liabilities necessitate some form of active control over the personnel who are allowed on site to work because they put the building, the owner, the tenants and any visitors at risk.”
Poor supplier compliance management puts facility management companies and facility managers at risk of prosecutions, fines and even jail terms. All organisations have a legal obligation to ensure the safety and health of subcontractors in the same way they do for their own employees. The Workplace Relations Ministers’ Council intends to replace “the outdated concept of ‘employee’ with a broad definition of ‘worker’, which includes employees, independent contractors, outworkers, apprentices, trainees and volunteers who work in employment-like settings.”
The financial and personal consequences of poor compliance management can be extreme. See Table 1 (below) for the maximum penalties for breaches of the OHS Act.
While the maximum penalty is generally imposed on repeat offenders, it is also imposed on breaches that cause serious harm to employees or persons (subcontractors) at work. Table 2 (below) provides a summary of some WorkSafe prosecutions during 2009.
Two earlier FM magazine articles have touched on this subject of risk and compliance. “Contractor injury claims are often the most expensive claims you will experience,” wrote Bryce Check and Marianne Lim, “Minimising Risks and Claims”, April–May 08. “The industry average public liability customer claim is valued at about $10,000 to $15,000 while the average contractor claim is valued at $100,000 or more.”
Adam Saunders’ article “Construction and OHS: how they affect you”, Dec–Jan 09, outlines on the OHS implications of ‘construction works’ and the responsibilities of the facility manager.
WHAT IS COLLECTED?
For a facility management company that has hundreds, if not thousands of suppliers and subcontractors on its books, the job of collecting and verifying the compliance information of each single supplier and subcontractors employee is, as it sounds, very tough. However, since it is mandatory, someone ends up having the job of being on the phone, calling and chasing up for the expired or missing documents. So what kinds of documents need to be collected?
The compliance matrix separates compliance documents into:
3. equipment and
As an added complication, many of these documents have expiry dates and need to be checked on a regular basis, and some are issued by third-party accreditation bodies and insurance companies and need to be checked for fraud.
Suppose, as an example, that we have the luxury of a full-time staff member – we’ll call him John – who is responsible for collecting and reporting on compliance.
Every day, John comes into the office and starts uploading documents into the system that the contractors have faxed or emailed in. Not all contractors fax in the right document, or even the current one, so John spends the majority of his time calling up the contractors, asking for the correct, missing or renewed document. Some might be busy or unavailable so John has to call and call again.
In the meantime, since it is a volatile industry where contractors come and go, John needs to contact new contractors, getting them to fax or email documents in. If John gets through the list for the day, he then looks at the database or Excel spreadsheet, looking for any expired or missing documents. When he finds them, John then sends a specific email to each contractor regarding the missing or expired documentation. If there is no response within a couple of days, John has to call them up. In the occasional free time he has, John does a double job of filing away each contractor’s compliance documents as a back-copy. John is also expected to run random checks against fraud, calling up issuing authorities to check the validity of certificates and compliance documents. This tail-chasing exercise continues for John day after day.
The time wasting occurs for the contractor as well. Contractors are continuously being asked by their customer to fax or email in updated compliance documents. They have to be provided for every proposal. Every time any work needs to be carried out, the facility manager should check that all relevant staff have current licences before they start work on site.
THE COIN APPROACH
The approach above means that documents are being logged multiple times, increasing the chances for errors. Almost every supplier’s and contractor’s document is being logged hundred of times. Once we add staff-related compliance licences, the volume rapidly gets out of control.
A medium-sized company can easily have 443 compliance documents, 337 relating to staff.
With 100 customers, those documents are logged 44,300 times across Australia. That’s 43,857 times too many. This is a conservative figure; often each facility manager has their own database so this can easily be increased by a multiple of ten, that’s one medium-sized company generating almost half a million records. COIN-type solutions like iCiX (The International Compliance Information Exchange) turn the responsibility for loading documents on its head. Much like Facebook and LinkedIn, the company above loads all 443 documents on to the COIN network once, and once only. It also contacts all 100 customers, inviting them to join the community to view the documents.
Effective COIN solutions also have automatic triggers so that the compliance manager at the company receives an automatic reminder two to three months before documents expire. This gives them time to renew the document and upload it on the COIN network. For John, his task has suddenly become much easier. He no longer has to chase and upload documents; his suppliers are doing it. Nor does he need to check for expired documents, the system does it for him. As all John’s suppliers have posted all their compliance documents on the system, with expiry dates, John can generate real-time reports in seconds – reports which previously they took days to generate and which were out of date when they were produced.
This is just the start for John; COIN network solutions, by their nature, are based on communications, so they provide additional features such as:
• incident and claim management
• workflow for work requests.
To paraphrase Patrick O’Donnell of CBRE, the COIN approach “has saved us the task and drudgery of keeping track of subcontractors’ compliance, both to their statutory responsibilities and to our specifications. It has eliminated this incessant tail-chasing exercise, enabling us to concentrate on reducing our risk, which is of great benefit to the owners, our tenants and our directors.”
THE OLD WAY AND THE COIN WAY
In the old days, if you wanted to update your friends, you wrote and posted one letter per friend. In return, you received as many letters as friends back in return. Things improved slightly with email; you wrote one letter and copied it to all your friends, but it was still a ‘send many, receive many’ process.
Social networks changed this. You create a presence on Facebook or LinkedIn and post your information, news and updates. Your friends get alerted to any changes and they log on and take a look; COIN networks use this ‘post once, viewed by many’ approach. Now you write once, post once, and the system takes care of the rest.
Nigel Dalton-Brown is general manager of metaSC, a division of IPcubed.