Reflection on “Comply or Die, By Fretty, 2012”

The article “Comply or Die” discussed compliance based projects, where every time new rules or restrictions are added, project teams and organizations have to adapt, and to ensure that changes occur with the minimal disruption, organizations are launching more of these projects to align themselves surely with the new regulations and meet the new industry standards so that they can stay competitive.

It is worthy to mention that those endeavors represent very interesting twists from those which we consider traditional; change in compliance standards most of the time can be extremely disruptive to the firm, where the risks usually presented in meeting the deadline, while budgeting and bottom line often take second priority.

The article also discussed some industries where regulations changed and so the organizations had to adapt. Starting with the financial services, I found it interesting the fact that when you cannot measure against fines the organization doesn’t incur, you can however look to the competitors to see how and in what way they are affected on a financial level, as well as reputational damage, knowing that doing so can be very speculative.

Moving to the healthcare, I learned that regulatory compliance can mean uncertainty; new regulations are unclear usually at that time when compliance based projects has to be launched. Additionally, all organizations that put-up so much capital to meet the compliance should always have a strong back-up plan, and what helps in that is integrating key-stakeholders as well as the end users into a project task and the vendor selection process in order to ensure buy-in on changes.

Telecommunications was the last sector to be discussed in the article. In that particular one, there is no fine for failing to comply; however, not doing that can have severe consequences. It was interesting to see how the main challenge for the project manager lies within fine-tuning an actual deployment in order to fit the specific network configuration. Additionally, I found that most of the ROI calculations assuming that first-t- market is way more important than the short-term returns, but part of complying goes beyond being the first-to-market, being the first to the market and with the best quality.

Some of the lessons learned from this article are that financial institutions can be very paranoid about letting any data leave the firewall and go into someone else’s control, and when that happens, the compliance officers view that as an true opportunity to learn. Also, organizations must apply a cost-benefit analysis in order to determine if the project plan for improving the infrastructure makes any sense for the organization, and regardless of regulations and rules.

Personally, I rarely find any project starts without a business case that financially justify the final output. Even if the compliance based projects are technology upgrades or to keep up with the competitor; a strong business case has always to be available. In the past, I had to go through one of the projects in Kingdom of Saudi Arabia. In that particular project, a major change in the welding process was forced on us by the government, and that caused a delay for the project; it was very difficult to find and redo a welding certifications to the welders according to the new rules applied by the government. What could have helped in that project is the existence of buffers, and that is a crucial part of the risk management plan.