The Process Elements series: Enforcement

The carrot and the stick

Here we are, the last post of this series. At the end of this post we’d have gone through all the elements and considerations that go into defining and documenting a process. Today’s post will focus on enforcement.

If you’ve missed our previous posts find a small recap of the different elements below.

Process Enforcement

The practice of making sure that the process is actually being followed consistently by all process participants. A well defined process on paper, without the application and enforcement is nothing more than a waste of paper, ink, effort and time.

Before we continue, I just wanted to list what process enforcement is NOT:

  • Not a one man show/responsibility of one person
  • Not policing

I’ll skip the obvious preamble as to why enforcement is important and jump right into a few of the things we can do to achieve a state where the process is being followed.

Define Compliance metrics

When will the process be considered as being followed? Against what measure? The metrics and the critical steps need to be specified and ideally included within a section at the end of the process. I personally like to include a section which I name compliance and control metrics. Within this section, I identify those steps which can be checked.


  • Does the process require a checklist to be generated? The compliance metric could be to check that the checklist is present and populated.
  • Does the process go through a system? The compliance metric could be to check a sample of logs and changes that the process should have made.
  • Does the process generate any reports or documents? The compliance metric could be to check that such reports or documents exist.
  • Is the process bound by an SLA? The compliance metric could be to check whether the process is being completed on time.


It is very difficult to follow and appreciate something you do not fully understand. Training to the process participants should provided for those processes which are complex.

Ideally the training should be documented and if possible automated so that any new employees that need to follow the process in the future have access to the related training. An alternative, given that automating the training is quite time consuming, is to hold the same training periodically, for example once a year.

Internal Audit

When it comes to processes which are critical for the business, Internal Audit is your friend. Internal audit are there for the sole purpose of making sure that the business is operating according to the rules. Be it rules imposed externally through regulations or internally through policies and agreed processes.

In addition, they’ll also be highly appreciative of the compliance metrics defined within the process itself.

The results from internal audit could be fed in back to the process analyst to aid with the process improvement exercise as well as to the process manager to rectify any deficiencies.

The Process Manager

The responsibility of the process execution lies primarily with the process manager. The compliance metrics could be used by the process manager to check on a regular basis if the process is being followed correctly.

If training cannot be delivered to all the process participants, it is recommended that at the very least the process manager is trained, so that they can, in turn, answer any questions and train the process participants.

When designing the process it is worth spending some extra time working with the process manager discussing and identifying how they plan to enforce the process execution on a day to day basis.


We’re all human and we’re all busy. It is easy to forget the details, especially if it is a process you don’t go through on a daily basis. A quick and friendly reminder goes a long way to keep those critical processes followed.

You can just list a couple of points and send a quick email. In larger organisations you can also enlist the help of your internal marketing team.

Supporting Structures and Automation

It is the 21st century after all. Most of our work is digitized and goes through digital systems. Make sure to leverage the capabilities of these systems to ensure the process is being followed.

  • Does the system support having validations?
  • Can the system check the value of a field?
  • Can the system provide guidance as to the next step?
  • Can it monitor the timeliness?
  • Can it alert the users if a particular step is missed?

Leveraging these systems goes a long way in the implementation and enforcement efforts. Wouldn’t it be great, if users could not proceed to the next step before this step is completely finished and all the data is input? Wouldn’t it be awesome if as a process manager, I was to be alerted the minute someone skipped a step? Even better, what if I could be alerted on the timeliness of a process, before that timeliness is breached. What if I could be  alerted that a process is running late enough in advance that I could do something to rectify that?

Flash news, most systems can be configured so. Enlist the help of your IT or DevOps teams to configure these systems.

RACI Matrix

In the post tackling the roles and responsibilities within the process, we went through the RACI matrix and how to build it.

This tool is also great when it comes to enforcing the process, as the responsibilities and who is accountable is clear and public. If a step is failing, everyone will know whose responsibility that step is. Let’s be fair no one likes to fail, more so, no one likes to fail publicly. The RACI matrix, will ensure that the responsibilities are taken seriously.

Enforcement Policy

Last but not least, is an enforcement policy present? What are the business’ rules on enforcement? More importantly what are the consequences when the rules are not followed? Who should apply these consequences? All this needs to be specified within the enforcement policy.

Whilst the training, the reminders and internal marketing represent the carrot, the stick should also be present and is equally important. The enforcement policy gives both internal audit and the process managers the backing to actually enforce the processes.  


Whilst the above list is extensive, it is by no means complete. A number of techniques and methods can be leveraged to enforce processes depending on how the company operates. Whilst enforcement may be simple to define it is one of the most complex and difficult to execute and the approach that may fit one business may not fit another.

The end of a Series

Here we are at the end of the last scheduled post of this series. I’ve thoroughly enjoyed writing up these posts and in doing so, I’ve come up with a couple of follow up ideas on future posts directly related to processes. I won’t promise when these will be released as I’m due for some much needed vacation time, but I can give you a couple of hints.

  • Process Implementation through Change Management
  • Distributed vs. Centralised process governance

If these topics interest you, drop us a line or subscribe to the RSS feed so we can notify you when they’re published.