Compliance Unfiltered is TCT’s tell-it-like-it is podcast, dedicated to making compliance suck less. It’s a fresh, raw, uncut alternative for anyone who needs honest, reliable, compliance expertise with a sprinkling of personality.
Show Notes: ROI Calculator Review for Assessors
Quick Take
On this week’s episode of Compliance Unfiltered, Adam and Todd get the chance to talk through TCT’s ROI Calculator for Assessors.
- Curious how much time you and your team are actually spending per assessment?
- Wondering why a certain part of your assessment process is taking so long?
- Trying to find out where both dollars, and hours, can be saved?
Then you’re in luck on this week’s, Compliance Unfiltered.
Remember to follow us on LinkedIn and Twitter!
Read Transcript
So let’s face it, managing compliance sucks. It’s complicated, it’s so hard to keep organized, and it requires a ton of expertise in order to survive the entire process. Welcome to Compliance Unfiltered, a podcast dedicated to making compliance suck less.
Now, here’s your host, Todd Coshow, with Adam Goslin.
Well, welcome in to another edition of Compliance Unfiltered. I’m Todd Coshow, alongside the Vince McMahon to your compliance royal rumble, Mr. Adam Goslin. How the heck are you, sir? I’m feeling great today, Todd. How about you? I can’t complain all things considered. And today, Adam, we’re going to get into it. We’re going to talk about return on investment. Specifically, we’re going to talk about the return on investment that assessors have the opportunity to see when utilizing a tool set like the TCT Portal. And in so doing, we’re going to utilize something called the ROI calculator.
Can you walk through what we’re talking about on this with the folks, Adam? Yep, sure thing. Well, just so that the listeners can, you know, we’ll go play along at home. So I’ll kind of walk through getting to the ROI calculator. So if you go into your web browser, I’m going to do this kind of slow, just so that people can actually, you know, follow along and whatnot. But go to your web browser, go to get TCT.com and hit the enter key. And when you do that, it’ll redirect to our marketing website. So you’ll be going to the
www.totalcompliancetracking.com website and then when you get there under the resources drop-down at the top of the page, if you scroll to the bottom and click on ROI calculators, once you get there it’ll bring you to, you’ll see two different calculators, we’ll do a separate pod on ROI just for applicants a little foreshadowing, yes exactly. But today since we’re going through the assessors click on the ROI calculator for assessors, there’s a button there that says run the numbers so when you click that what it does is it opens up an ROI calculator for assessors page, apparently it’s easier to read than say but yeah we’ll go ahead and kind of take a walk through you know the various items on here. Now When the listener gets to this page for the first time, we actually pre-populate the page with a whole slew of example values. So my recommendation to the listeners is, you know, I’m gonna walk you through, you know, the various elements and aspects of the page and how to use it, and all that fun stuff. You’ll know, what these items mean, you’ll know where these burns of time are, you’ll know on assessor engagements, that type of thing. I’ll also run them through how to, you know, go in, clear the values, make this page run with values that make sense for their organization, you know, etc. But for the sake of today’s discussion, we’ll just go through the sample values that we’ve got in here, but listeners will pick it up and then be able to go make this, make this their own, if you will.
So perfect. As we go down, when you get to that page, you know, the top of the page is kind of a summary section, if you will, which we’ll come back to. And as you scroll down, you’ll see a couple of buttons, use example values, clear calculate, I’ll come back to those in a second. And then you’re going to see a whole series of kind of assessor tasks. This is a section that we’ll kind of walk through. There’s various values that are filled in, we’ll walk through what those look like. And then down below that table are some of the assessment firm parameters. So let me go ahead and just get into this. I’m gonna basically start on the assessor tasks. So the way we’ve set up the ROI calculator is into kind of different phases or types of tasks that the assessor would normally do. And this is going under the guiding assumption that they’re running on kind of like in a manual process, or semi-manual process. So we know that there’s a fair number of folks out there that unfortunately are still dealing with spreadsheets, as an example for doing a lot of their, you know, kind of tracking and managing on engagements. So that would be an example of either manual or semi-manual style approach to managing engagements that a lot of these folks have in play. Thank you. The grid that we’ve got, so, you know, we’ve got a number of different fields in here. So, the first field is a description of the assessor’s task. And again, we’ve got these groups. So, the first kind of grouping of assessor tasks is, you know, them setting up their client and doing any maintenance style work on each client engagement is the section, the first section, if you will. To the right of those assessor tasks, we’ve got a column for the number of people that would be involved in that task, the number of weeks over which that task would be done, and then how many, on average, how many hours each week for the tasks that they would end up spending. And, those are really the three entry fields. I’ll come back to the remaining fields after we kind of go through this.
Well, what I recommend to folks after they kind of get familiar with the sheet is to go in and, you know, kind of clear out these values and then enter in these entry values that we’ve got on this particular sheet. So, the first line item under the applicant, you know, the configuring of each of their clients and any maintenance activities, the first item is labeled office configuring the collection instance, and internal systems for each unique applicant. You’ll notice on each line that there’s a little informational at the back end that gives you an overview or greater description, you know, of each of the kind of each of short descriptions that we had. So, in this particular case, I’ll read through this one. I’ll just explain, you know, kind of explain the other ones as we go, but for this line item, for each of their, and by the way, the term applicant, that’s something that we used because it gets too confusing if you try to call the assessors. customers. If you start calling them customer or you call them client, then the context of whose client are we talking about? Are we talking about TCT’s client? Are we talking about the assessor’s client gets confusing, etc.
The applicant in our world is the entity which is applying to be certified, you know, if you will, just to make things a little bit clearer. So for each of those applicant engagements, this is the time that the assessor would spend setting up that client’s instance where the data is going to get collected. It’s often a configuration of like a drop zone or a series of folders for them to go store requested evidence into that they’ll, you know, that’ll be publicly facing, aka web enabled, you know, but typically locked down. So a lot of folks will use whatever, Sharefile, SharePoint, Drop Box, you know, something along those lines too. SFTV server, whatever it may be, to go in and kind of collect up the files from each of their customers each time. So that’s the amount of time that you end up setting things up. From there we’ve also got a second line item which is pulling the evidence from that collection instance to internal systems. Somebody needs to go in and be pulling files, putting them over for internal use, things along those lines as they start to actually go in and do processing. That’s the amount of time that they spend basically shuffling that stuff around within their kind of internal systems. As you know, when you’re going through one of these assessor style engagements, then you’ve got applicant meetings. By the way, the numbers we’re going through, and the collection numbers that we’re going through, etc., these are intended to be numbers per client engagement, if you will. We’ll get back to the multiples of client engagements down at the bottom.
But these are numbers per engagement. What would you spend? So the next section is the applicant meetings. So in a lot of cases, the assessors have a certain number of weeks over which they’ve got to prepare for their customer meetings. They’re actually then having and holding the meetings with their client, etc. So we’ve got time blocks in there for each of those as well, because for the most part, especially when you’re using a manual or semi-manual style process today, versus taking advantage of the full automation of the TCT Portal, you’ve got that time that people will go through and prep for the meeting. That’s when they’re doing things like double checking. What all did we get in from people? What items were supposed to get submitted? What items actually got submitted? How did our QA department… do they have any feedback for you know for us that I need to get back to the team, etc. So that’s a lot of the types of things that’ll happen during the prep for the client meeting, the weekly prep meeting. And then there’s the time actually sitting on the blower going through things with their customer. Aside from that, then the assessor would have internal meetings that they you know that they often will have whether it is you know any preparation time that they need to do per engagement to get ready for their internal meeting ,so that they can report back to management, hey where are we at with this engagement? What’s the status? Etc, So there’s always a certain level of kind of prep time for their own internal assessment firm status meeting and whatnot. and then actually going to those meetings is the other category in there.
The next section that we’ve got is for evidence processing. So, you know, there’s a number of different events that occur underneath the kind of the header of evidence processing. So, we’ve got, you know, assessors that are reviewing evidence. So, the time that they have to spend, you know, grabbing things, going through files, you know, reviewing items, things along those lines would be the amount of time that they spend reviewing the evidence. The next line item is then the time that they have to spend rejecting the evidence. So, if they’ve got evidence in which didn’t meet muster, you know, if you will, they were provided the wrong evidence. Let’s see, I can give you a whole bunch of examples. They were provided the wrong evidence, they got part of the evidence, the evidence is close but doesn’t quite, you know, touch all the boxes. Their applicant organization sent them a comment saying, yeah, yeah, we do this but didn’t supply any evidence. There’s a bunch of different things that happen when you’re on these engagements and I know that the assessors listening are chuckling as we speak because this is a pain they know well. You know, so we’ve got time they have to spend on rejecting the evidence, and they’ve also got time that they have to spend accepting evidence. So, if the evidence is all good and everything, they’ve got time to spend accepting the evidence, writing up their report tax, migrating items over to their quality assurance, you know, team, things along those lines. Certainly as they’re going through and doing their activities each week, somebody’s got to go in and update the tracking sheet for who did what, and what’s done ,and where’s it at and all that fun stuff.
So, that would be another task that would fall into the mix. And then certainly another task that comes up is, you know, just answering your client’s questions, oddball questions that are coming in through email, text messages, they set up secondary meetings outside of your normal weekly meeting, you know, and, and, and. There’s additional time that basically gets evaporated with the, you know, with responding to their various questions as they go through the process.
The next task that we’ve got on the calculator is interview time, interviews and on-sites. So, you know, time that they spend interviewing each of the applicants that are part of the engagement. So, there’s the time that they spend during the kind of interview process, there’s also time that they spend conducting onsite activity. So when they’re going in to do the actual physical onsite inspections, walk arounds, etc. I mean, for some, for some engagements, it could be, you get everything done in a day, uh, for some engagements, it’s four days. So, just on average, what is your typical onsite timing look like? Yeah. No, does that vary a ton? Yeah, it really does. It depends on, I mean, it depends on several factors. If you think about it, if it’s a really small scope engagement. I was talking to one assessor as an example who said quite literally the activity they needed to do onsite, they would fly, they would get off the plane, they would go to the client site, they could be there for an hour and a half type of a thing, it was mostly glad handing. But you know, they had a couple of things they had to, you know, kind of poke in on, and then they would leave again. And in other cases, you know, you might have a, a really complicated engagement, where you’ve got multiple facilities that need to go and be inspected. It could take, you know, multiple days per facility. In some cases, depending on the engagement, maybe it’s a large retail, style establishment, where they’re going to go to corporate, do a series of things that corporate, and then we’ve got to go in and do sampling of the physical locations, they might have 247 locations. So we’re going to go into sampling of 20 of them, type of a thing. So those certainly could be days to weeks for the onsite. So it really, it really comes down to the, the time that the assessor needs, based on the scope of the engagement.
So that said, let’s go into kind of the next section, which is kind of QA and report generation. So during that particular phase, the quality assurance team is basically doing activities, reviewing assessor inputs, and doing evidence reviews. The additional time they may need to spend with any documentation and things along those lines. Another task that happens during that period is to prepare and then complete the final report for the client. Preparing the report, getting all the things in there, especially if you’re in a primarily manual process. I mean, as an example, the new PCIv4 Reports, I’ve been hearing, you know, many organizations are definitively into the hundreds of pages you know, in 2000 check boxes. You know a lot of content there that needs to get generated, many pages worth of things to go through, etc. So this is definitely not a cross your arms twinkle your nose and nod moment. Unless you happen to be using a super awesome compliance management system ,say what is that typically referred to as a plug, like an adulterated plug, oh, yeah, a shameless plug. Yes. Thank you. Thank you very much. That was the word I was looking for I couldn’t figure it out, adulterated, I was close. Oh, it works, it works. Yeah, so then we’ve also got the QA of the final applicant report. So there’s generating the reports, and then going through them again doing a sanity check making sure we didn’t miss anything blah, blah you know. So those are all you know activities that would then happen on each engagement.
And finally the last bucket that we’ve got is, you know archiving of the engagement upon completion. So whenever the assessor gets finished with the engagement for that client each year, then there’s a series of tasks that need to be done to go make sure we’ve got all the right things, and we’ve got the things stored in the right spots, and we’ve moved, migrated and deleted stuff, you know cleaned up, etc. So, there’s a bunch of closed down activities if you will, so those are the various line items. The one thing I’d say to the listeners is that here at TCT, you know back when we started the portal back in 2015. We started it with the notion of really paying close attention to and hearing the input, recommendations, and suggestions that we got from our customers or prospective customers. And I would say the same thing with this ROI calculator. As the listeners go through, play around with it, use it, etc. You’re like, oh man, there’s this thing that you don’t have a spot for that’s taking up a giant chunk of our time. By all means, go ahead and send something to us and let us know. Cause I’d love to get the feedback. I’d love to continue the improvement, if you will. So all that said and done, I’m gonna take a sip of coffee.
I’ve been doing a lot of talking today. I’m gonna join you here. All right, very good. So down below. all of those various items that we’ve got for capturing by task, the number of people involved in each task, number of weeks over which that task is performed and then how many hours per week per task. Down below all of that, there’s a section for the assessment firm parameters. So there’s three different fields to fill in. And this will be obviously custom based on the assessor that’s filling in this grid, and their business model and things along those lines. But we’ve got an average, the average hourly personnel cost. So if you were to look at all of the various folks on your team that would typically be involved in an engagement, then you could take it down to their hourly salary. So in the example numbers that we used, we just said, I don’t know, on average, people involved in the assessor team are probably somewhere in that 150 grand range, which with about 2000 hours in a year, you do the math and poof, you come up with 75 bucks an hour for some firms, could be a little less. And for some firms, it could be a little more, but that’s the whole joy of this particular sheet is you guys get to go fill this out for your company. The next one down is an average for the hourly personnel revenue. So what I mean by that is, if you were to take the average billable rate that you could bill out the people that are on the same team, what would they bill out at? Do they bill out at 200 an hour? Do they bill out 400 an hour? Go fill in the hourly rate that you would bill these people out at, and that’s the intent for that particular line item. And then the last element is, excuse me, the average number of engagements annually. So in other words, the numbers above we did kind of on a per engagement basis, but this gives some of the firms, they’re doing eight to 10 engagements a year, some firms are doing 120 engagements a year. So you know, it just gives you the opportunity to put in your aggregate number of engagements, based on the aggregate numbers that you put in up above. Sure. So this would be a good time for me to take a moment and just kind of talk about, when the listeners go to this page, you can see all of the kind of default values. Honestly, the numbers that we put in under the assessor task, it was assuming , I’ll call it a relatively small assessor team, smaller-style engagement at a smaller firm. That’s why we gave the three different fields. You guys can customize this up as you see fit, but we wanted to put in numbers that would give you an idea or flavor for what we were doing, why, what we were thinking, etc. In here, the sheet comes up with the values out of the gate, but if you were to go in and hit the clear button that’s on the website, what will happen is it will literally, completely clear all values on the entire page. Don’t worry if you’re like, yeah, you know what, I want to go back, I want to see those example values again. Then you can just click use example values and it’ll go ahead and fill them all back in again. It’s really the listener’s choice. You can start from a blank slate or you can just go through and tweak and modify the existing numbers that are currently on the sheet, and go ahead and once you’ve got everything entered in, then you can just simply hit the calculate button. What happens when you do that is, and I’ll stick in the kind of assessor task arena, what you’re going to see is you’re going to see that there are the three additional fields that I said I would come back to.
There’s a today number. In other words, under your existing engagement, the way that you go about doing what you do today is, how many hours are you spending on each of these various line items? At the very bottom, it gives you a sum total. In our case, we had a sum total of hours investment into the engagement of 380 hours. Keep in mind, this is across any of your administrative personnel, this is across your assessors, this is across your QA, you know, and any helpers that you got doing reporting activities and things along those lines. So this is the total of all of the hours of all those people.
The next column over is kind of our anticipated how many hours would you spend per engagement in TCT Portal. So as an example, we have the time for configuring up that collection instance and all your internal systems for each of your customers. Well, if you’re no longer doing that task, then your time drops to zero type of a thing. And then just to go down to, I’ll go down to another one, which will be indicative here. So I’m going to go down to the prep for applicant meetings. So in our example, we had kind of 16 hours across the course of the engagement spent prepping for meetings, where in TCT Portal, that’s gonna drop from 16 hours down to literally less than an hour in total because the TCT Portal is a live system. It has, you know, everything’s kept up to date as soon as things are occurring. I don’t need to go and do any preparation, I don’t have to run the numbers, I don’t have to check these 18 locations and, and, and, and, and, because you’re using the system. So, you know, really the prep for meetings is very, very fast as you go through, you know, it’s live dashboards, live status, etc. So you literally, your prep time is literally lopped off by leveraging, you know, some form of a compliance management system.
That makes a ton of sense. If there was one giant takeaway that you could give to the folks about the ROI calculator and how they could utilize it in trying to make sense from a business standpoint, what would you say? Well, I would say a couple of different things. One, I would absolutely, if you’re, if you’re struggling, I mean, the entire reason that we got into this space, right, it was literally to help people. You know, one of our tag lines, which we’ve said repeatedly is, you know, is that we’re making compliance management suck less. You’re not going to make it not suck completely, but we can certainly help. You know, at the end of the day, if you are, if your organization is going through a manual or a semi-manual process, you’re blowing time having to rework your internal systems because, oh, I don’t know, PCI decided to go from 3.2.1 to version 4.0 as an example. Leveraging a compliance management system, offloading that time from your organization, saving time on each of your engagements. I mean, we got into the space to help people. And it starts to become very evident as you’re going through and using the calculator. Right now, what we’re looking at, what we’ve been talking through are kind of the line item values. But there’s two aspects to moving into true compliance management and using tooling. One, you can see in terms of the summary numbers of the today to using TCT Portal year one, you can literally see the hours dropping. So I’ve got 380 hours today versus 200 and I’m just going to round it up, 208 hours in TCT Portal. So I’d encourage the listeners to go through, take a look, put their numbers in, see what these numbers are coming out as. Because one of the biggest challenges that the assessors face is just trying to convince, I think they’re up against a couple of different things, especially in assessment firms. The assessment firm folks are definitely a very interesting and eclectic bunch. But the one thing that they like is they very much like consistency. They’re not a gigantic fan of changing. A lot of them are very stuck to the way they’ve done things.
And as an example, I was having a conversation with one organization that has been literally doing PCI style engagements since PCI was born type of thing. And you can absolutely bet your bottom dollar that they’ve got spreadsheets, and by God, they’re married to those spreadsheets. And for a lot of folks that are working at the assessment firms, one of the biggest challenges is just getting those members of leadership to see the light about trying something new, trying a different process, being able to gain those efficiencies because you just think about it and we’re gonna go and we’re gonna talk about it here in a minute. But we’ll go and look at the overall numbers, type of a thing. But just moving from your manual process into a compliance management system is going to shave off a good chunk of time in year one, you can expect that you’re probably gonna end up being able to shave about 45% of the number of hours that you used to spend on engagements. Just the first year that you’re using it per client. Now, the cool part is, is that there are certain elements which actually you gain more efficiency on as you… start to get into year two and beyond. So year one, you’re taking one big step of savings. Year two plus, you take another step of savings. So as an example, the assessors going through and reviewing evidence, you know, year one, they’re gonna gain a certain amount of time going into it for the first year they’re going kind of going through the engagement. But in year two, now your applicant is starting to get used to the system, your people are starting to get used to the system. Everybody’s more effective and efficient at being able to do what they need to do, navigate, you know, the waters, you know, and whatnot. You’re gonna gain another incremental amount of time on the, you know, on the evidence review portion as you get into that year two and beyond.
So does that does that kind of answer your question? It really does. I appreciate that. Cool. So let’s round this up. Sorry, another sip of coffee. So at the high level, now I’m moving on the page back up to the very top of the actual page. And this is really that kind of overview area. So you remember we fill in all the items per task, per engagement, and at the very bottom we entered in some dollars in cost, dollars in revenue, as well as how many assessments on average do you do in a year. So this top grid literally now takes all of the numbers we use down to the bottom and kind of blows them out into an overall picture. So now you can see the percentage of time saved with TCT Portal year one versus year two plus, in terms of a percentage. You also get the opportunity to see personnel hours that are saved with TCT Portal. Now in year one with the numbers that we used, which were relatively conservative, we’re coming up with north of 5,000 hours for this firm. Now everybody knows that a warm body is about 2,000 hours. On average, we’re literally talking about the assessment firm freeing up two and a half bodies worth of time across the internal personnel just in year one that gives the assessment firm a lot of options at that stage of the game. Depending on the leadership, what they’re wanting to do, what does that mean to me if I’m leadership at an assessment firm? That means that I could go ahead and land, you know, maybe we were struggling with staffing and fearing having to go hire somebody. Guess what? If you shave off two and a half bodies, you can now take on the work but not have to hire the body. and you know and land a whole bunch more engagements, and not and not have to worry about it, you defray the amount of time that you can do the additional engagements you know bring in the dollars for the top line without increasing you know, increasing the the cost it’s a huge, huge game changer for the organization. You know, the reason that we requested the average cost per person, and billable rate is now I take that 5,000 hours and I start to play the you know the mind games of okay well what could I go do with this right. I could save, I could technically save dollar-wise if I were to you know kind of take a choice of reducing personnel if you will, I could save almost $400,000 for the company. However, if I wanted to look at it as the opportunity cost, if you will, of our manual or partially manual system, now I’ve got the option that I could go in and, on average, realize $1.4 million of additional revenue for the company. If I took advantage of the time now that I’ve saved. And really, this is, yes, the most optimistic view of what you could possibly do with those hours. But each of the firms are going to have to make their own choice.
Well, how do they want to handle this? Are our people burned out? Are we at risk of losing them? And now we can give them a sane life. Maybe that’s the benefit that comes to the company. They don’t have turnover in the assessors because now their jobs are easier and less stressful. Could they land more engagements and consume those freed up hours for leveraging internally? Could they, with those excess hours, go ahead and get those applied instead of using all of the time to convert to revenue, if you will. Maybe a portion of that time, now I go spend on internal training programs. Maybe bringing up younger assessors to the team, or newer assessors to the team. And spend some more time doing some training to make them even more effective. There’s a lot of choices of what you can do. The real goal or the real intent for this ROI calculator was really to open the eyes of the folks out there for, what are the possibilities of what could they realize with stepping into this compliance management arena is the one side of it. And the other, is this is a freaking awesome tool for those that have been struggling to kind of present to their team. This is why we need to give this a shot. This is a great tool for supporting the metrics that you will need to be able to leverage with the upper level management, the CFO, the CIO, etc, in terms of kind of taking your shot at moving the needle on adoption of new tooling. Because I know for a lot of organizations, it’s a struggle.
And that right there, that’s the good stuff. Well, that’s all the time we have for this episode of Compliance Unfiltered. I’m Todd Coshow. And I’m Adam Goslin. Hope we help to get you fired up to make your compliance suck less.
