Reading Questions:
- What is the difference between a regulation, a standard, and a maturity model?
- Under what conditions might each of these be important to a company?
- Why might a company not try to meet all of these in its operation?
The activity for this week is to finish your audit plan project with your team.
Michael Gibbons says
1. What is the difference between a regulation, a standard, and a maturity model?
A regulation is a rule or directive maintained by an authority. A standard is a level of quality or what can be referred to as industry best practices. A maturity model is a level or measuring how mature an organization is in adhering/practicing a set of standards (aka framework). Maturity models can be a nice way to gauge how your organization compares among other organizations in a specific sector or in general. In theory, they are great tools for self assessment of where we are now and where we want to go.
Michael Gibbons says
2. Under what conditions might each of these be important to a company?
Regulations can be important for an organization to follow because the authority that enforces certain regulations always has the authority to stop operations if certain levels are not met. For service organizations, meeting certain level of standards might give them competitive advantage or how an organization differentiates itself.
Michael Gibbons says
3. Why might a company not try to meet all of these in its operation?
While I can’t think of a specific example of a regulation that a company might ignore, if the cost of the penalty is less than the cost of the control to implement and the control is not going to help the organization meet it’s objectives, a company could choose to pay the penalty and ignore the regulation. With standards and maturity models, they require time, resources (people, money, equipment, etc.) and sometimes they can be cumbersome to maintain.
Paul Needle says
During the financial crises banks received several cease and desist orders from regulators that often times came with CMP’s – Civil Money Penalties. The CMP’s were specifically cited by regulators as un-insurable to make sure that the individuals at fault were responsible for the penalties. Seems like incentive enough for me.
Donald Hoxhaj says
1. What is the difference between a regulation, a standard, and a maturity model?
A Standard is a form of legislation or a law that requires the entities within it to abide by whereas a regulation ensures that the laws or standard are being complied appropriately. Standards may or may not be written by government bodies. The main difference ultimately lies in the compliance of it. A Standard may not be followed by people but a regulation is mandatory and has to be followed. If the government has enacted and chartered a law or a regulation, it has to be followed and the government has all the powers to enforce it. On the other hand, a maturity model is a constant change process and tests the ability of an organization to constantly change its systems for improvement. The compliance of maturity model lies in the hands of both the creators and the followers of the model in order to achieve the best results.
Michelangelo C. Collura says
I know it’s a bit late in the week, but I would ask the professor for clarification. In this post, a standard is labeled as a required action from firms, but a regulation is to ensure that those standards are complied with. I believe a standard is not required – rather, it is best practices or the way of doing business, but it is not mandatory for firms to abide by them. Of course, if they don’t, they will probably lose market share.
Donald Hoxhaj says
2. Under what conditions might each of these be important to a company?
Regulation, Standard, and Maturity Model have different purposes and compliance regulations. Example, a Standard might not be written by a government body and since it specifies more on job related things such as how to do a particular job and performance indicators, an organization might want to just take references and try to have a better standard for its internal regulation. However, Regulations have no control and companies need to mandatorily apply the regulations in their internal affairs. These regulations are in a way enforced and any deviation from these regulations or failure to adhere might lead to disciplinary consequences. Therefore, in order to comply by the law and duties, a company might want to necessarily oblige to regulations of any kind set by the government. Finally, a maturity model dictates the capabilities of an organization to constantly improve its internal processes. If an organization wants to improve quality of life for its employees, it might set up a maturity model practice and it is up to the cooperation between employees and the management to make a maturity model a success.
Michelangelo C. Collura says
Good analysis. The regulations can be considered a form of punishment then; do a ‘bad thing’ and face negative consequences. Conversely, a standard would be positive reinforcement; do a ‘good thing’ (i.e. adhere to best practices) and your company benefits. A maturity model would be useful in helping the firm to enhance this good and diminish the bad.
Donald Hoxhaj says
3. Why might a company not try to meet all of these in its operation?
A company might definitely not try to have a standard in its internal regulations or operational practice because it might have a better standard for work or employee working hours or compensation. An organization might simply want to learn from the standard, but have its internal regulation or maturity model to build a better system of working culture.
Pascal Allison says
Regulation is an act, law, or rules set to control an organization activity. Authority, regulatory agency, or establishes these controls. Standard is a sets requirements, stipulations, procedures, practices, or faces that can be used unswervingly to safeguard processes, assets, and services for a purpose, while maturity model which measures the organization’s maturity level and reveals the areas of enhancement. It helps to assess the current efficiency and effectiveness of an organization and supports finding out area for improvement.
Regulation and standard can be easily differentiated when viewed from the compliance standpoint. An organization can choose to conform to standards, while regulation is not by choice because it is mandatory. Standards are developed by organizations while the government establishes regulations.
Pascal Allison says
Regulations are important to every organization, and there is not a specific time for adherence. It important that an organization adheres to regulation at all time. Failure to adhere to regulation could lead to a lot of costly events.
Standards are used mostly for quality controls, competitive feat, product performance, etc. Thus, standards are important to an organization when there is need to maintain and improve quality, remain or beat the competition, and improve or maintain a product level.
Maturity model serves as a determinant for improvement in an organization. There is always a need for improvement. Where does the organization stand in term of performance? Is there is a need for improvement? What is needed for improvement? How much is needed for improvement? These questions can be answered applying the maturity model tool.
In short, regulation, standard, and maturity model are needed at all time and under all condition as long as the situation exists. The government or authoritative agency set regulation agency which means they set the condition, the organization set standard which means those standards are needed under a specific condition. If it is to improve or maintain quality or remain competitive, the standard must be kept. A maturity model is needed under all conditions. There is always a need for improvement – quality, employees, etc.
Duy Nguyen says
1. What is the difference between a regulation, a standard, and a maturity model?
• A regulation is defined as a rule or directive made and maintained by an authority or the process of regulating or being regulated. A standard is a level of quality or attainment and a maturity model in this context is defined as a methodology used to assess an organization continuous improvement in a particular disciple.
Duy Nguyen says
2. Under what conditions might each of these be important to a company?
• A maturity model could be used to assess and be implemented for continuous improvements to an organizational set standard under industry regulations.
Pascal Allison says
Under normal circumstances, a company should always conform to regulation, uphold the standards, or implement a maturity model. There will be times where it will be costly to conform, uphold, or implement these than to recover, organizations could choose to recover, but reputation must also be considered. Ignoring all consequences, the only time a company might try not to meet this operation will accomplish a business goal and remain in the competition.
Heiang Cheung says
1. What is the difference between a regulation, a standard, and a maturity model?
Regulation are set by different authority and government agencies and are must followed or you could face a penalty. Standards are more like a level of quality and there’s really no penalty for not following standards. A maturity model measure the ability of an organization for continuous improvement in a particular discipline.
Heiang Cheung says
2. Under what conditions might each of these be important to a company?
All three are important to a company, companies need to follow regulation because it could hurt them financial due to fines. Also, not following regulation can have you business shut down. For example, Google not following the censorship regulation in China got them kicked out. Standards are important because this affects the quality of work your putting out. If something is called a standard everyone expect to have at least the standard not less. Maturity models are used to assess improvement in the company because you want to see growth.
Heiang Cheung says
3. Why might a company not try to meet all of these in its operation?
A company might not conform to these because it might cost too much to operate under these standards and it might hinder their operations. For example, when UBER first came into Philadelphia they were not allowed but they kind of forced themselves in. They were getting fined left and right but was able to handle all the fine because they were worth billions. Also forcing themselves in helped persuade the officials that there are high demand for their services.
Michelangelo C. Collura says
What is the difference between a regulation, a standard, and a maturity model?
To begin, a regulation is what it says – some guideline that is enforced by rules, whether within a firm or by an authoritative body like the state and federal governments. A standard is more like an accepted practice. It is not enforced by rules, though a standard may be referenced when crafting regulations. They might be considered a precursor or a supplement to a regulation.
A maturity model incorporates both standards and regulations to best refine the practices of the firm. In IT governance, a firm will use such a model to determine what level of record-keeping capability they show. This is broken into five levels, with the lowest being essentially a lack of governance, and the highest being transformational governance, whereby the firm routinely incorporates it into its business practices. Excellence is achieved by adhering to the eight GARP principles of accountability, transparency, integrity, protection, compliance, availability, retention and disposition.
Michelangelo C. Collura says
Under what conditions might each of these be important to a company?
Regulations would always be important, as a company might face fines, audit or even litigation if they routinely disregard regulations, particularly when public safety is a concern. Standards would seem like a no-brainer for a firm, so they are also very important. In some cases, a firm may be disruptively innovating, so standards may seem less important to them, but I believe they would remain important no matter how a company tries to do business. With a maturity model, a firm will look at it when they fear a failure in governance, or perhaps just losing a competitive edge as a result of poor governance. It would be used in specific circumstances like this, rather than a constant reality of the firm.
Michelangelo C. Collura says
Why might a company not try to meet all of these in its operation?
They may consider the cost to be too high, or perhaps they aren’t too concerned with a certain principle. For example, compliance may not be as big a concern for a restaurant business as it would be for a bank, so they may place lass emphasis on it during a maturity model analysis. I think the main consideration however would be for the cost of change. If a firm determines its governance to be sub-standard (i.e. worst), then they may simply want to get to essential (i.e. moderate) rather than perfect. This would be due to the cost of implementation, the shift in culture required at the firm, and the potential for disruption to operations with such a dramatic change.
Lezlie Jiles says
Hi Michelangelo,
I definitely agree with your comment about the cost being too high. The funny thing has I had a conversation with a friend about some of the smaller restaurants not being concerned with compliance because of the cost associated with it. We also discussed the belief that they are a small organization and less likely to be breached. I believe the decision for a company not to meet all of these in its operation is truly driven by the cost associated.
Paul Needle says
Certainly the FDA can come in and shut a restaurant down right on sight. I think the level of oversight is probably lacking. My guess is there are many more restaurants than banks. I am also going to make the assumption that there are more people working for the FDIC than the FDA (or at least in proportion to size). This is a complete guess but having the ability to shut a restaurant down immediately seems like a pretty high cost when following or not following a regulation.
Jonathan Duani says
I think you also need to think about the health department. If you are serving food at a restaurant, even if it is expensive most restaurants want a grade “A” from them and will spend the money to do so or else they will see a decline in income.
Lezlie Jiles says
1. What is the difference between a regulation, a standard, and a maturity model?
A regulation is a statute or directive that is dictated and upheld by an authority. Whereas, a standard an idea or measure that is used to quantify a level of quality. A maturity model is the measurement of an organization’s ability to always develop. The difference between them is a regulation is authoritative, and a standard and a maturity model is a measurement of an acceptable quality.
Lezlie Jiles says
2. Under what conditions might each of these be important to a company?
A maturity model is important to an organization because it reveals whether or not the organization has the ability to progress within their industry. While standards and regulations are tools to assist an organization with their progression. Standards and regulation are essentially instructions for meeting a determined level of quality. An example would be Starbucks where regulations are used to dictate food preparation, and standards are used to measure the quality and taste of their coffee. These standards are not necessarily mandated but are acceptable practices set by their trade. The maturity model looks at Starbucks as a whole and reveals if they could continue to meet the set standards and regulation while growing within their industry.
Lezlie Jiles says
3. Why might a company not try to meet all of these in its operation?
A company may not meet all of these in their operations because they are not legally required to, or the return on investment is not sufficient enough. For instance, a standard is a measurement of acceptable quality, so it may not be regulated by any laws it just wants the industry expects. Take Starbucks for instance, their coffee is well crafted with designs and the taste of their coffee is distinctive. They maintain a higher quality of coffee at a higher cost, but it is not required. This is their organization set standard. Whereas, it is regulated and upheld by the organizational authorities. Nevertheless, Dunkin Donuts’ maturity model differs. Their organizational set standards only require them to have a good tasting cup of coffee and a lower cost.
Tamekia P. says
1. What is the difference between a regulation, a standard, and a maturity model?
Regulation – A regulation is something that must be done. Example – compliance with SOX 404, protocols for PII (Personally Identifiable Information) or procedures deemed mandatory by the organization.
Standard – Could be considered organization’s best practice. There are rules/guidelines that should be followed but a standard would allow for exceptions. Compliance is not mandatory.
Maturity Model – Measuring of the maturity of the organization’s process on a given scale. Mature processes typically have shorter completion times, reduced number of errors and require less complexity compared to new processes.
Tamekia P. says
2. Under what conditions might each of these be important to a company?
Regulations will be important to a company 100% of the time. There will be resources dedicated to ensuring compliance.
Standards become important to a company when they discover areas that could use defined protocols. The protocol could be used to reduce costs, increase efficiency or drive consistency across the organization.
Maturity Model – an established company determining where to focus its energy may want to perform assessment of the maturity model. This may help them determine core competencies or areas for improvement. This assessment could be used in decision to off-shore processes.
Tamekia P. says
3. Why might a company not try to meet all of these in its operation?
A company may not try to meet all of these in its operation because of cost or time necessary. Regulations have to be followed so that becomes the bare minimum. Next, standards would need to be developed and enhanced. Depending on the age and state of organization, it may not make sense to perform a maturity model.
Paul Needle says
1. What is the difference between a regulation, a standard, and a maturity model?
A regulation is rules and administrative codes issued by governmental agencies at all levels. It’s not technically a law however they have the force of law since they are adopted under authority granted by statutes. They often include a penalty if violated.
A Standard will provide specifications, guidelines or characteristics that can be used consistently to ensure that materials, products, processes and services are fit for their purpose.
A Maturity Model will assess the quality to which a standard or regulation might be followed. It’s more of a qualitative measurement of people, processes, technology, etc.
Paul Needle says
2. Under what conditions might each of these be important to a company?
A regulation can be extremely important to a company particularly if there are penalties involved. Civil money penalties issued after the credit crises for lenders reached upwards of $100 Million if regulations were not adhered to. A standard can help guide a company in knowing what they should be doing as status quo in a particular industry. The Maturity model will help determine if standards and regulations are followed on a regular basis.
Paul Needle says
3. Why might a company not try to meet all of these in its operation?
If the regulation does not come with any financial or legal ramifications than a company may look into the financial implications of not adhering to the regulation. Overall most companies will want to follow all regulations. Standards might be applicable to most companies in an industry, but one company might not fall into most. Again, if it is financially disruptive to follow a standard that is set forth in their industry than a company might not follow the standard. This could come at the cost of their reputation or quality of service but again that would have to be considered when looking at the financial viability. The maturity model would only be necessary to monitor the level of standards or regulations or some other level of service. IF the company doesn’t care about levels of quality than the maturity model might not be applicable as well.
Jonathan Duani says
1. What is the difference between a regulation, a standard, and a maturity model?
In a company a regulation is a rule or a policy that is put into place that must be followed at all times. For example, if there is a password policy place where a user will need to change their password bi-yearly. It is not something that can be bent and is something that will always be the law not matter what. A standard is something that is put into place a level of service. For example, there is a lot of standardization around equipment or SLAs. This will allow users to expect a certain item or something done in a certain time. Finally, there is a maturity model. This model is used to track an organization through a change or discipline.
Jonathan Duani says
2. Under what conditions might each of these be important to a company?
I think that in a company all three of these conditions are important. You would use a regulation in order to institute laws or policies that are very important for the day to day operation of the company. For example, a regulation could be something that is included in the NIST guidelines that if it is not followed correct could result in an audit, fine or complete shutdown of the company. For a hospital for example, something like HIPPA could fall into this category. A standard is something that is important because it affects the quality of the work that a company is known for. For example, if a company sets a standard of a specific device that will be deployed to new employees, all employees will expect this device and when its changes and its not the normal it could cause some confusion and uproar. Finally, a company will look at the maturity model in order to track progresses of the company because they want to see how the company will mature throughout its tenure.
Jonathan Duani says
3. Why might a company not try to meet all of these in its operation?
The biggest thing I think that causes a lot of companies to cut corners in a lot of areas not just with this is but with a lot of things comes down to money. Implementing a lot of the regulations could be very expensive and if there are not fines or any repercussions that are attached to them it could be easier for a company to not meet the requirement. A company could not follow a standard if it is a special case or if they find that something will fit better in a scenario. I see that a standard is more of a guideline of what should be done 99% of the time however there are one offs that could change that. Finally, monitoring changes could be very expensive, take a lot of time and use a lot of man power which a company might not want to do or could afford at the current time so implementing a maturity model could not be feasible.
BIlaal Williams says
What is the difference between a regulation, a standard, and a maturity model?
A regulation is a legal restriction created by the government to promote a certain type of behavior. A regulation is supported by fines and threats of certain sanctions depending on the regulation.
A standard is a level of quality that is accepted as the norm. Once a standard is developed all similar actions can be judged against it.
A maturity model is a tool that can be used to asses the effectiveness of an action by continually monitoring these actions and looking for areas of improvement.
BIlaal Williams says
Under what conditions might each of these be important to a company?
Each is important to a company and they all build off each other. Certain regulations are formed because of standards in an industry. For instance, financial regulations such as Sarbanes Oxley are developed from auditing standards in the financial industry. A maturity model can be put in to place to monitor actions to make sure the organization is following the regulation.
BIlaal Williams says
3. Why might a company not try to meet all of these in its operation?
If an organization feels it can cut costs by not following a regulation, it might try to bypass it. That is why penalties are included in the regulation to create the incentive for organizations to follow it. This is a similar case with standards, however if a certain quality is expected in the marketplace, not adhering to standards can cause an organization to fail. Maturity models are beneficial to an organization and can help it to ensure its performance is continually improving, and these are practices which are typically used by more successful organizations. However an organization can bypass its use if they fail to see the benefits are feel it’s too costly to implement.