Organisations of all types face a world of increasing threats, both physical and virtual. These same organisations have significant responsibilities for minimising the associated risks to all stakeholders, including their employees, their shareholders, and the authorities.

According to Richard Ham, CEO and founder of  software firm FM Clarity, current approaches to compliance for buildings are unnecessarily increasing the risk. Ham will be speaking at Total Facilities EXPO in March at the International Convention Centre, Darling Harbour.

Currently, Ham said, organisations are subject to an increasing number of building compliance obligations, which vary depending on the type of business, building, and age of construction.

“It is not simply essential safety measures, e.g. fire, exit and egress, but also work, health and safety, energy management, disability access, et cetera,” Ham said. “Often, just achieving compliance can be a long and drawn-out process, particularly for older buildings. However, it is vital for stakeholders to exercise due diligence to avoid exposing their organisation to undue risk in both physical consequence and potential legal ramifications.”

While most legislation, such AS/NZS ISO 31000:2009 Risk management–Principles and Guidelines, does not demand immediate compliance from building owners and managers, it’s wise to have a management system in place and to actively strive for compliance.

“Generally, all organisations are aware of the business drivers related to compliance,” Ham said. “But many are unsure of the process or don’t have the budget or manpower to manage it effectively.”

Rather than managing compliance in a proactive fashion in an effort to minimise risks before the fact, Ham said, many efforts are undertaken only with the benefit of hindsight – when they are undertaken at all.

“I have seen a lot of organisations flying somewhat by the seat of their pants, managing activities by spreadsheet or by exception and hoping everything goes ok, until serious turbulence hits,” he said.

Historically, Ham noted, facilities departments have not had much of a voice directly to C-suite, which leaves executives in the dark as to many of the risks they face.

A more effective approach, Ham noted, would be to use the power of software to automate many of these processes.

“I think these things need to be bedded down within software and automated,” he said.

Facility managers could lessen risk by moving from the retrospective approach by implementing a system that proactively manages the risk and compliance within a facility management system. That sort of system would enable managers to “take the guesswork out of regulatory compliance and ensure that nothing is overlooked,” Ham said.

“When there’s a noncompliance, rather than it being uncovered retrospectively, managers and stakeholders are alerted in real-time, so that the issue and the obligation can be rapidly transferred to the responsible party and resolved, effectively transferring some of the risk,” he noted.

Risks are substantial for firms that fail to proactively manage building compliance. For instance, beyond the harm that could befall occupants, if a building caught fire and it was found that the owner was not exercising due diligence, that owner could face legal and financial repercussions, not to mention damage to their reputation.

Another issue relates to other forms of documentation management, Ham said.

“Ensuring that contractors have the appropriate insurances, licences, and safe work methods in place before they attend site is paramount, as well as, of course, obtaining council permissions and completion paperwork for works that require these,” he noted.

A great deal of the risk exposure relates to insurance in the event of a loss. Insurers may not cover losses in many cases, particularly if if was found the owner did not exercise due diligence. That could result in massive out-of-pocket costs, lengthy litigation and a huge drain on resources.

Overall, the building owner and manager are responsible for diligence in minimising risk.

“Ultimately, it comes back to whether the manager is doing his job effectively and proactively managing risk and compliance. This can be the difference between a safe and successful organisation, and one that goes bankrupt,” Ham said.