As a compliance assessor, you’re like a trail guide for your clients. You know the terrain. You know the pitfalls and storms that are bound to come. But you can’t lead your clients safely through the treacherous terrain of compliance if you’re dealing with chaos on your end of the assessment.
Smaller engagements give you the luxury of running the whole show on your own and managing the project exactly how you want. But for larger engagements, you need to bring in a team of assessors from your firm to help out. And that’s when your troubles begin.
At first, everything looks clear-cut and in good order. Each person knows their assignment. But once the gun goes off, things get very fluid, and chaos starts to build. Now you’re not just trying to see your client safely to the end—you have to keep your own assessment team organized as well.
5 Snares of Your Compliance Team
Every engagement has its snares. If you’ve been at this long enough, you could be so used to the chaos that you don’t even notice them anymore. They’re just white noise along the way. That’s dangerous, because they’re negatively impacting your process and keeping your team in chaos.
Here are the five biggest snares to watch out for.
1) Unpredictable team makeup
Every compliance assessment is different, and there’s no telling who will be on your team from one client to the other. It all just depends on which assessors in your firm are available at the time.
This unpredictability makes it challenging to streamline your internal process, because your team will look different every single time. Different assessors have different skills, expertise and work preferences. You’re starting your engagement on slippery terrain.
2) Convergence and collision
That slippery terrain gets bumpy, fast, because your people are getting in everyone’s way. Each assessor does their own thing, because they’re used to being a lone wolf. And when you have a bunch of lone wolves working together, they’re going to converge and collide.
Let’s say you notice something strange in the client’s security test results, and that leads you down a rabbit trail that bumps into three other assessors. Your team, simply by doing what they do, is now stepping on each other’s toes to get their individual questions answered.
Infographic: 5 Ways Compliance Software Makes Assessments Easy
Lone wolves aren’t great at sharing information. Why should you be, when you’ve got your own assignment and they’ve got theirs? But when your paths overlap and criss-cross with each other, that lack of communication creates obstacles along the road.
Miscommunication creates frustration and resentment on your team. Now you’ve got disharmony brewing. Add to that the challenges of collaborating to keep a thousand different files straight and you’re just throwing fuel on the fire.
4) Aggravating Your Client
If your team doesn’t have your internal communications mastered, you’re going to be pestering your client’s people throughout the assessment. Multiple team members will issue multiple requests to see the same document. Sarah needs the inventory for validating whether the vulnerability scanning scope is accurate, Rashid needs it to compare the data flow to firewall rules and Emily needs it for reviewing the secure system configuration standards against the environment components. They’re all found in the same spreadsheet, and now your client is getting ticked off because he keeps getting interrupted to provide the same document. And this is the third audit this year!
5) Writing the Report
As multiple assessors contribute their own portions of the report, you need to deliver a final product has consistency and continuity. The mechanics of that process can look something like a three-legged race with four people tied together.
Quell the Chaos in Every Engagement
The snares are there in every engagement, but they don’t have to create chaos for your fellow compliance assessors. Follow these practices to successfully lead your team around each snare.
Be a trail guide
Your team needs somebody to be the point person and guide them from start to finish. It’s on your shoulders to keep the entire project organized. You need to know who’s doing what, when they’re doing it, and what they need to do it right. You’re the problem-solver, the cat herder and the bridge between your firm and the client.
To have your finger on the pulse of the assessment means constantly checking in with your team and asking key questions:
- What’s your status?
- What files have you received? Who else needs to know about them?
- What are your roadblocks?
- What did you discover that could overlap with others?
- What do you need from me?
- What questions do you have?
Being the trail guide also means you need to understand what everyone is going through. You’re not just leading them, you’re walking in their shoes. Frustrations and confusion are bound to come, and you need to be the human glue that holds the engagement together.
Unfortunately, you also have your own assignments, so that means you’re playing two roles at the same time. It’s a heavy load, but without a guide for your team the entire assessment will feel very frenetic.
Fortunately, compliance automation can take a lot of the burden off your shoulders, freeing you up to be more effective. More on that below.
Address the elephant
When you’ve got a team of lone wolves who have to work side-by-side for months at a time, you’re going to have an elephant or two in the room. Mike didn’t do what he said he would do, and Amanda had to deal with it. Sarah kept interrupting Sayed last week and now he’s behind. Sayed has been stepping on Amanda’s toes for the last month and now she’s seething inside.
Whatever the elephant might be, you need a way to deal with it openly, honestly and respectfully. Touch base as a team on a regular basis and make a point of airing your grievances in a professional and constructive manner. Find ways to improve your work together and support each other’s efforts throughout the compliance engagement.
If you’ve been at this for any length of time, you know what could go wrong during the engagement. As you get into the starting blocks, develop a plan of action that anticipates those challenges:
- What will you do when you start pulling on a thread that leads you down a rabbit trail?
- What’s unique about this client that could set you up for chaos?
- What rules of communication do you need to establish?
- How often will you and your team meet to keep alignment on the project?
- How can you create synergy on your team and for your clients?
- How will you deal with frustrations in a healthy way?
After the engagement, do a post-mortem and keep a record of lessons learned. Before you start the next one, use those lessons to prepare you for what lies ahead. What adjustments do you need to make? What went well last time? What’s likely to come your way this time, and how will you be ready for it?
Automate the assessment
If you’re using the right compliance automation software, most of these team frustrations go away on their own. The net benefit to you is less time making adjustments and resolving team issues, and more time actually doing the work you want to do.
TCT Portal compliance software is the compliance trail guide’s most important tool. Here’s why:
- The central repository ensures that everyone knows where everything is.
- Real-time status and tracking eliminates confusion over who has done what.
- Document-to-requirement mapping automatically indicates if another assessor has requested or received a file that you also need. No more pestering clients multiple times.
- Reporting is a snap. Multiple people can easily contribute to the same report. When you’re done, click a button and the software generates it for you.
“TCT has been such a lifesaver for us, because it’s a huge timesaver. Our job is extremely complex, and we’re not accustomed to having any kind of a tool that will produce the report that we have to create. With TCT, I can collaborate on an engagement with other team members with one tool that we’re all able to use simultaneously. Once you start using TCT Portal, you don’t want to use anything else, because it’s so easy.” – Sherri Collis, principal consultant for Online Business Systems
Handpicked related content: Why Compliance Auditors Say TCT Portal Is a Lifesaver
Struggling to manage your lone wolves while also being the trail guide to your client needs? There really is a better way. TCT helps streamline the compliance management process, so you can focus on providing your expertise—not wasting time playing point and resolving team issues.
Find out what TCT Portal can do for your assessment firm. Get a demo today!