Compliance Unfiltered is TCT’s tell-it-like-it is podcast, dedicated to making compliance suck less. It’s a fresh, raw, uncut alternative for anyone who needs honest, reliable, compliance expertise with a sprinkling of personality.
Show Notes: Hit By the Bus Planning
Quick Take
On this week’s episode of Compliance Unfiltered, Adam and Todd have a chat about what happens when a member of an organization gets hit by the proverbial bus.
Why is it important for all organizations to prepare for this possibility? What should planning look like? Where should an organization start?
Answers to all these questions and more, on this week’s Compliance Unfiltered.
Remember to follow us on LinkedIn and Twitter!
Read Transcript
So let’s face it, managing compliance sucks. It’s complicated, it’s so hard to keep organized, and it requires a ton of expertise in order to survive the entire process. Welcome to Compliance Unfiltered, a podcast dedicated to making compliance suck less. Now, here’s your host, Todd Coshow, with Adam Goslin.
Well, welcome in another edition of Compliance Unfiltered. I’m Todd Coshow, alongside the gingerbread to your compliance latte. Mr. Adam Goslin, how the heck are you, sir? I’m doing good, Todd. How are you, sir? Man, I cannot complain. Today, we’re talking about dodging bullets, or in this case, buses. We’re going to have a conversation about what you like to call hit by the bus planning.
Now, what happens in an organization when someone is hit by the proverbial bus, Adam? Well, what people need to think through is what would happen if somebody in your organization got cut cream by a bus on the way to work tomorrow, or whatever, Monday, whatever it may be, your next work day. We all like to think we’ve got basic control of our lives, but the reality is that there’s an infinite number of possibilities that are outside of our control that could happen at any moment. We don’t know for sure if somebody’s going to be at work tomorrow. The daily plans can get immediately derailed. When I’m consulting with clients, I’ll often lead them through a hit by the bus scenario. What happens if a key person gets hit by a bus on their way to work? It might sound like a far-fetched concept. actually gets hit by a bus. One would ask themselves, what are the chances that that would actually happen? And funny enough, one of the people that’s associated with TCT itself went, we’ll call it, thank God they’re okay, but they went above and beyond and managed to actually get hit by a bus. It was, once I knew they were okay, it was literally one of the most astounding moments of my career, shall we say. Needless to say, we had a lot of internal fun, but yeah, they were on their bicycle heading to work and got literally hit by a bus and put out a commission for a while. So, you know, the reality is unexpected things happen every day a sudden illness, you know Put your HR person in the hospital your CFO is in a serious auto accident. Your IT director has an aneurysm House fire takes somebody’s life. Yeah, you never ever know, you know And if you aren’t prepared, you know, then your business could be materially impacted by you know, buy one of these events.
So why is it important for all? organizations to prepare for this possibility Well, you know the I like to call it my hit by a bus. I’ve typically will short form to HBB But they hit by the bus scenario You know, it’s a it’s a euphemism for anybody being instantly gone You know suddenly without warning And you don’t have any ability to contact them to get information to get insight to get answers You know and in this, you know, kind of hit by a bus scenario, you know What was it that this person knew for it really from years of experience and learned insights? You know, there are a few organizations that that will take the time to ask the question You know what happens if this person is no longer part of our organization without warning And it’s really something that every company needs to prepare for Because it could happen to any company at any time So, you know if you’re taking your if you’re taking your business continuity and your disaster recovery seriously Well, you know, then you also need to look at that hit by a bus scenario Well in a lot of cases you can’t just see it’s not a simple matter of stepping into somebody’s shoes You know within an organization and that’s no longer there. You know, you don’t have time on your side You’re it’s gonna take time to close up, you know, what could be years of knowledge gaps, you know and whatnot You know, if you lose somebody that that’s central to some, you know manual payroll process type of thing and your And you’re three days away from payday, you know, you could do you could be really screwed You know type of deal so, you know Excuse me when you, you know What if you lose somebody that was you know flipping a whole bunch of switches every week to keep your products operational? You didn’t have any idea what switch did they flip how’d they flip them? Where are these switches? How do I flip them? Uh, you know, what order do I flip them in? You know, what the yeah, what do these switches do when they get flipped? I mean you, you could depending on who you lost you could have all sorts of really horrifying scenarios, right? You could be missing your invoice saying you could be missing your you know Your, your payment process your products could be dead in the water, you know, there could be all sorts of different scenarios That that could take place Depending on who you lose Now That is a rattling thought.
Now, how should organizations go about planning for this? Well, the only way to mitigate the bus factor, if you will, is to develop some cross-functionality for every single area of your entire company. Everything, everybody, every vendor. Really what it takes is it takes looking at the organization with a different set eyeballs. Don’t go under the presumption that certain people are more critical than other people. Yeah, you’re probably right. You can probably pick out some of the key people. But you’d be surprised the pockets of singular knowledge that exist within an organization. It could be a critical vendor that’s an easy one to overlook. It’s a mid-range developer that happens to be the only one that knows fill in the blank. It could be somebody in your customer service department. So the reality is that planning takes time as you’re going through this process. And you need to prioritize the scenarios to work on first. And every department should be given responsibility for developing these plans so that they can share that workload across your organization.
Absolutely. So where do folks start? And what should they do? Well, the first step is to identifying your top individuals. So prioritizing the people to focus on first. So we need to determine the impact on the organization if this individual were to be suddenly gone, which person’s absence would have the greatest effect on the company. That’s really where you want to start planning. One of the things I’d recommend to organizations is incorporating this activity. as part of your interviewing process for your annual risk assessment. Asking the people you’re talking to, who are the top ex people in your company that you can least afford to lose, type of thing. You don’t want the number, like if I got a company of 50 people, I don’t wanna give them 25 picks, right? Instead, what I want is I want to give them maybe, they gotta identify three people. But interview all 50 of your people, give them three names that they can only pick three names.
These are the only three people that you can, kind of, that you could least afford to lose. And go ahead and get those numbers. And when you finish doing all your interviews, then tally up the names. Who got the most votes, etc. And then using that. matrix, use that to go through and identify who are those individuals that are likely to have singular knowledge or be super critical. And then what you’ve got to do is you’ve got to go in capturing the information. You’ve got to see a series of documentation and training that needs to take place. Capture the information that only these people know, get it documented, make it readily accessible in a central location. Once you’ve acquired that information, that knowledge, then doing cross training with multiple other individuals so that you’re spreading the notion of this singular knowledge and really spreading it out across the organization.
So is this totally a set it and forget it sort of thing, right? Like this is just something you do one time and you keep it moving, yes? I appreciate you teeing this one up for me. Oh hell no! You know, you don’t want to do this exercise once and move on. You know, an organization is alive. It’s constantly changing. There’s new people coming in. There’s people that are leaving. There’s new skills that are being developed within the company. You’ve got new service offerings. You’ve got varying levels of knowledge transfers that were kind of set forth and then actually happened, type of thing. You’ve got a whole bunch of different arenas within the organization that really need to get addressed. You want to go back. You want to review your scenarios, redo your interviews each year. Identify now who are my top people that where I’ve got that I can least afford to lose and why. you know, etc. But you want to go through that process, basically, each year, identifying any new gaps that you know, that may have come up since the last time that you, you know, that you went through and did that exercise.
Now, parting shots and thoughts for the folks this week, Adam, specifically, what challenges do organizations face headed down this path? Well, you know, the one thing that that folks need to be need to be ready for is that there are people within organizations that will determine their value. you know, to the organization by the knowledge that only they possess. You know, they use it as a shield, they think this is going to keep, keep them protected, keep them, you know, so that they can’t be replaced, you know, etc. And they hold on to this stuff tightly, you know, and, you know, while that approach has a certain logic to them, you know, the reality is, is that they’re putting the organization at risk, no single individual, you know, it should be more important than the overall organization, you know, and holding that information hostage can’t be permitted. You know, we just need to and, you know, for an, for an established organization, it may take a little bit of time to kind of go through the, you know, go through the process of getting everybody’s brains headed in the right direction. You know, but you know, even at TCT, you know, I’m, I’m not irreplaceable. You know, we have, you know, I deliberately built redundancy into the into the organization. So we’ve got, you know, different people that could step in, perform the, you know, the critical function to the organization so that, you know, we’ve got multiple people that have shared knowledge, you know, and whatnot. You know, we look at it as an obligation to the company and to and to each other to make sure that we’ve got, you know, those levels of redundancy, you know, for a small organization, it’s tough to get, you know, this full scale redundancy, but that’s really where, you know, you go in, you look at the, you know, you look at the people that have singular knowledge, and you do your best to mitigate that risk, whatever you can do to mitigate it is going to be better than where you were before. You know, do you know where, you know, where you’re most vulnerable, if somebody got hit, you know, by the proverbial boss, you know, what would happen if the wrong person was instantly gone? You know, you don’t want to sit around waiting to find out. because what you don’t expect to happen eventually will. So a strong recommendation, have organizations get into the mode of starting that contingency planning and start doing it today.
And that right there, that’s the good stuff. Well, that’s all the time we have for this episode of Compliance Unfiltered. I’m Todd Coshow. And I’m Adam Goslin. Hope we helped to get you fired up to make your compliance suck less.