From Compliance To Organizational Effectiveness: A Framework for Change and a Lesson LearnedImage Banner

You are here

From Compliance To Organizational Effectiveness: A Framework for Change and a Lesson Learned

John Rose and Tony Thomas

Today’s challenge for executive directors involved in operating social service agencies, non-profits or even for-profits for that matter, has intensified immensely in areas of solvency, greater transparency and stakeholder expectations.  It requires leadership to weave together, the fabric of an organization that strives to achieve a higher level of performance by creating an organizational culture of a common mission, accepted values and customer commitment.  It is not enough today to operate an organization that is comprised of workers who are not totally engaged or a Board that is not providing intellectual capital as well as conducting community building. 

A customer base that is not “WOW-ed” by services and supports is not going to be satisfied.  Funders and stakeholders are demanding greater efficiency and effectiveness. Leadership is key in bringing an organization to a higher level of performance in regards to the quality of outcomes for its customers.  In reaching that ‘pinnacle of performance’, agencies must focus beyond compliance.  Compliance with state or federal licensing entities is only minimal performance and does not contribute to raising the bar on Organizational Effectiveness.

Obtaining the pinnacle of performance is inclusive of the development of an appropriate organizational culture and quality processes (which includes an engaged workforce) and operational efficiencies and established performance markers. Risk management plays a pivotal role in enhancing organizational effectiveness and efficiency. It is a process tool for establishing control among the thousands of operational activities that are inclusive in the process like, incident management, fiscal controls, staff hiring and training, vehicle safety and the list goes on.


Achieving organizational effectiveness is in many ways like preparing to climb a substantial mountain.  The leader of an expedition is one who generally has numerous climbs under his or her belt and is experienced in being able to address the obstacles that one may encounter on a summit bid.  The leader first must assemble a team, one who will have the passion and abilities needed for the journey and the Mission.  The Mission is important and those who are not committed to it may put the whole team at risk. 

What is the Mission of a mountain climbing team you ask?   TO GET BACK DOWN Safely!   The leader is the one, who after selecting the team and ensuring their competencies, must continually inspire them and ensure that they understand the objectives and the strategic plan.  Jim Collins, a climber in his own right, stated in an interview regarding his book “Good to Great”, “I would have one priority above over all others: to acquire as many of the best people as I could.  I put off everything else to fill my bus. The single biggest constraint on the success of my organization is the ability to get and hang on to enough of the right people”.  Organizational Effectiveness (OE) has been written about for a number of years.  While there are a few different models of OE, the Competing Value Framework (CVF) is the most referenced model.  I took the liberty to develop a graphic to illustrate that model:

Organizations exist for one reason only-their MISSION.  OE is about Leadership that has enhanced its organizational Culture through inspiration and team building, it has implemented and monitors ALL internal controls inclusive of safety practices and policies and it sets performance measures/GOALS to ensure it is meeting the demands of its customers.  We could do another article on each of these segments alone, but suffice it to say that this model is intended to ensure efficiency and effectiveness in organizational performance.

Organizations with WEAK ‘internal controls’ and WEAK ‘culture’, are more likely to be in ‘imminent danger’ of serious loss potential, ANE incidents and/or loss of funding.



In this article, we hope to share information and an organizational study on how important ‘risk management’ (Internal Controls) is to the overall performance of an organization and the assurance of its MISSION. 

Risk management is a structured process for controlling RISK (the chance of a personal or financial loss). Risk within NFP organizations is present in at least 3 areas: Compliance, Operational and Environmental.

Perhaps an even better definition of risk management is ERM (Enterprise Risk Enterprise Risk Management (“ERM”) is a strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio.

ERM represents a significant evolution beyond previous approaches to risk management in that it:

  1. Encompasses all areas of organizational exposure to risk (financial, operational, reporting, compliance, governance, strategic, reputational, etc.);
  2. Prioritizes and manages those exposures as an interrelated risk portfolio rather than as individual “silos”;
  3. Evaluates the risk portfolio in the context of all significant internal and external environments, systems, circumstances, and stakeholders;
  4. Recognizes that individual risks across the organization are interrelated and can create a combined exposure that differs from the sum of the individual risks;
  5. Provides a structured process for the management of all risks, whether those risks are primarily quantitative or qualitative in nature;
  6. Views the effective management of risk as a competitive advantage; and
  7. Seeks to embed risk management as a component in all critical decisions throughout the organization.


While there is a myriad of internal controls that an organization may consider and adopt, depending on its Mission, one example that most if not all NFP organizations will employ is Accounts Payable:



Perhaps the greatest risk challenge facing providers today, given the changes in HCBS-Community Rule, (Community Rule is about IS-Integrated Services and IS-Individualized Supports-coincidence that IS is at the center of R  IS   K?), will be supporting individuals to make Informed Decisions(PCP).



Organizations pride themselves on being the best they can be through achieving Quality Outcomes (meeting Performance Measures/GOALS). Let’s consider some definitions of quality:

  1. CMS (Centers for Medicaid/Medicare Services)-“quality is the degree to which services and support for individuals and populations increase the likelihood for desired health and quality of life outcome and are consistent with current professional knowledge”.
  2. Other definitions usually speak to customer satisfaction and organizational excellence. (G. Sluyter)
  3. “The Quality of the Outcome(Mission) is equal to the Quality of the Process(CVF), which is dependent upon the Quality of the Workforce(Culture), therefore, the QW is paramount to ensuring the QO”

“Insufficient and inappropriate DSP staffing will result in poor QO, increase in ANE as well as higher LOSSES for Providers” (JR)

  1. “Quality is not determined by measuring processes against rules and regulation, but rather by measuring life outcomes against what the person/family defines…what they state is important to them.”  International SD Conference   5/08
  2. ‘Quality can be defined as the  point of interaction between a DSP and the person supported’  NADSP

Perhaps the most important factor impacting quality is customer Perception. Perception is a process by which people translate sensory impressions into coherent and unified view of the world around them. Though necessarily based on incomplete and unverified (or unreliable) information, perception is ‘the reality’ that guides human behavior in general. 

In understanding the point that compliance is only the minimal level of Quality Performance, let me continue the analogy of a mountain climbing expedition. The leader is the person who has the skill, experience and the capacity to select and evaluate the team members.  The leader must assess their skills, and contribution to the expedition.  The leader will then keep the team engaged and focused on the Mission.  The Mission, you recall, for the expedition is getting to the top and safely back down.  The Mission for the Agency is getting to the top of the ‘Pinnacle of Performance’ and staying there!   The graphic of the mountain provides a clearer understanding of the challenge in ascending to the top.  The climbing team, depending on the mountain, may have 3 or 4 planned Camps on the way to the summit.  The illustration below shows the points on the climb for an organization in order to reach their Pinnacle. The three horizontal bars represent the three camps that climbers (organizational leaders) will attempt to reach.  Similar to the OE graphic, Compliance (Internal Controls) is the first camp (typically, QA committees are here and only address compliance-the first camp), followed by the Culture camp and then Performance Goals.  Reaching the Pinnacle of Performance (Organizational Effectiveness) requires that the NFP Provider Agency, pass through ALL camps.


From Compliance to Organizational Effectiveness

(Lessons Learned in Ohio)

Agencies serving persons with Developmental Disabilities are in a field that is changing rapidly and with new regulations coming at us at the speed of light.  With this change, comes a question---Do we just focus on the regulatory issues and rules??? Or can we go beyond our normal compliance boundaries to see our organizations in a different window??? I vote for the latter, and here is why. Moving beyond compliance and focusing on the parameters that are identified above in the Organizational Effectiveness section of this article will certainly guide provider agencies on a stronger path towards satisfying their mission. In other health care fields, we are seeing a shrinking (and consolidation) of the pool of available providers.  As managed care entities take hold in health care, they are limiting their contracts to agencies that have achieved the highest level of credentialing or accreditation and to agencies that can adapt to new funding models quickly.  Those organizations will get a bigger piece of the health care dollar.

DD agencies have been absent from the discussion, until very recently.  In Ohio, were I work, the DD services system has been intentionally left out of the Medicaid managed care discussion. I know other states have embraced this funding concept for all ABD (aged, blind and disabled) populations.  To that end, the day will arrive when a state legislature will look to managed care to do three important things: make cost predictable, make services costs less, and make the contracting for DD services unified. (A one size fits all mentality). The risk for Medicaid spending then shifts to the managed care entity and they in turn will contract with only a select number of providers to satisfy these three pillars of funding; to reduce their risk and, of course, earn suitable profits. 

Having your agency viewed by a managed care entity as a high quality provider is an end goal, even if you are not operating in a managed care environment for DD Medicaid dollars.  At our agency, we are embracing this future---- We are making our program think and act like a program that will survive a major transition to a more managed care world. We are seeking accreditation beyond our state DD licensure system (not a new idea but how many of us have done this?), we are looking at how hospitals work their internal systems and trying to compare those systems with ours, we are doing a better job of auditing our services, we putting more emphasis on helping those we serve connect with their communities, we are doing a better job of measuring data (not just major unusual incidents but data about quality of life for a person we serve).

If I had to give us a grade on these areas, some of our entities we would get a “D” and some would get an “A” and others we are in the B, C category.  While collecting and measuring data we have done for a long time, we only collected data that was mandated by our state to collect, and we only saw data as an end product, not as a means to a better understanding of quality and better life for those we support.  Getting better about collecting data is a good goal for a large residential program, it meets the expected norm. But using the data to make change and satisfy a new funder (aka managed care entity) still eludes us and is the goal we are truly seeking.  The journey is still in front of us!!!!

We hope your journey is equally as interesting!!


John Rose is Vice President at SEFCU Insurance Agency and can be reached at [email protected], Tony Thomas is the Executive Director of Welcome House, Inc. and can be reached at [email protected]. Mr. Rose and Mr. Thomas are both active members of ANCOR's Professional and Organizational Development Committee.