Compliance Unfiltered is TCT’s tell-it-like-it is podcast, dedicated to making compliance suck less. It’s a fresh, raw, uncut alternative for anyone who needs honest, reliable, compliance expertise with a sprinkling of personality.
Show Notes: How to Get Next-level Performance from Your Compliance Engagements
Quick Take
On this week’s episode of Compliance Unfiltered, The CU guys rev up their engines, and yours, over how to get optimal performance out of your compliance engagements.
- Curious about some of the compliance hurdles you’re likely to encounter?
- Wondering how to herd all your compliance cats?
- Interested in how to gain valuable insight into your team performance?
We’ve got you covered with all of these supercharged compliance answers and more, on this episode of Compliance Unfiltered.
Remember to follow Compliance Unfiltered on Twitter!
Read Transcript
So let’s face it, managing compliance sucks. It’s complicated, it’s so hard to keep organized, and it requires a ton of expertise in order to survive the entire process. Welcome to Compliance Unfiltered, a podcast dedicated to making compliance suck less.
Now, here’s your host, Todd Coshow, with Adam Goslin.
Well, welcome in to another edition of Compliance Unfiltered. I’m Todd Coshow alongside a man who will auto-tune your compliance engine. Mr. Adam Goslin, how the heck are you? Now, auto-tune in the singing perspective, or what? Because if that’s the case, we’re all in deep trouble. That for the listeners out there goes behind the paywall. We’ll talk about that later. Today, Adam, we’re actually having a conversation about that tuning performance, getting your next level performance from your compliance engagement.
So obviously, compliance engagements are tough. There’s a ton of obstacles, lots of things that can be daunting from the outset as people look up to that mountaintop. It’s at the stage for us on how we’re going to get the most out of that next level performance.
Yeah, well, I mean, for those that are listening that have been, we’ll call it been through the gauntlet, they’re all sitting there nodding their heads saying, yeah, managing compliance sucks. The reality is that it’s probably the reason why we made one of the taglines, making compliance management suck less. but It’s really, really hard, you know, especially if you’re doing it manually. I’ve lived and saw the light, you know, back when I was having to manage things with spreadsheets and drop zones and network locations and share points and internal systems, that so and so writes when they have enough free time to actually make improvements. I just got the hebejebes right now. Yeah, it’s enough to make anybody shutter. So, you know, there’s just a ton of stuff going on. Um, you know, you’ve got issues with accountability for people who are orchestrating, provisioning evidence, you’ve got a billion things you got to go track, you’ve got a ton of people involved. You’ve got multiple steps in the workflow. So many moving parts. It’s really, really difficult to keep track of things as you’re going through it. The worst part is that when you’re stuck in that hell, as the inevitable deadline approaches, we need to be compliant by blah, blah, blah, blah date, then the heat starts getting turned up. The management is breathing down your throat about, hey, where are we at? Are we still on track? Sales who’s just waiting to go and spit out all of the new shiny compliance paperwork so they can go talk to the customers again. I have an excuse to go talk to the customers again to try to go sell something else, whatever. They’re waiting on getting the piece of paper. You get the people on the team, they’re getting defensive when they’ve got competing priorities and they’re not able to get their stuff done. They’ve got these other internal obligations, but they also have the obligations for compliance evidence. You get a lot of finger pointing, blame shifting, CYA going on. I thought so-and-so was taking care of this. The next person saying that they swear upright and down that they finished this thing last week. Then somebody else is going, geez, I didn’t even know that I had stuff that I had to do. It’s brutal, man. Of course, when the heat starts turning up, now you get people just tossing crap over the wall. I’m going to go spend three and a half seconds and go pull some screenshot that’s within the realm of reasonability and whip it over the wall just so that they can move the ball to get the spotlight off of them. And lo and behold, that ends up getting rejected to go back down to them again, etc. Keeping people accountable and whatnot. And at the end of the day, in many cases, I’ve referred to this before, it’s a human glue. It’s like some poor soul has to sit in the center of this effing hurricane and just deal with this endless, ceaseless stream of crap. And it’s just, it’s tough to navigate those waters. So, that’s what we’re gonna be trying to talk about today, is ways that we can try to help people not have to live the hell that I used to live.
Man, I can imagine. Seeing what all is happening is certainly helpful. Yeah, I mean, no doubt. The reality is that, you know, the TCT Portal is purpose built for compliance management. It’s, you know, it’s intended to cover all types of compliance standards. So, the nice part about it is, it’s a clear pane of glass. It’s something that provides live, real time, at-a-glance style updates, you’ve got instant visibility into everything that’s going on. I don’t need to, you know, consult five oracles, wave some sage over my desk and, make sure that I turned the appropriate number of circles and had the right numbers. No, it didn’t stop you from doing it anyway. Well, you know that’s just fun, I get to leave the crow’s feet, and the toad bumps off to the side and out of it because we don’t have to do that anymore. It gives you the ability for really unmatched, unmatched accountability for the folks on the team, but it gives it some teeth. It’s really for an organization that goes from struggling through the way they’re doing it today and then goes into, you know, into something like the TCT Portal. It’s funny, because you watch people go through that transition and, you know, it’s almost like when they get into the portal realm, they look back and they’re like, oh my God, why in the hell didn’t I do this eons ago? Because it’s just so no brainer. The sheer garbage that it takes off of your plate. You’re able to elevate the team’s productivity.
Excuses become eliminated. There’s no more, I thought I did, blah, because you can see right in the history, did I do it or didn’t I? Did I attach something, but not hit the complete button to move it up the workflow? All of this is readily apparent, readily resolvable, and whatnot. And the coolest part is that visibility gives the opportunity for various members of the team to be able to be successful. I was talking about it a minute ago where, oh, gosh, I thought so-and-so had this or I didn’t even know I had anything, etc, you eliminate all of those elements. And especially the tool set of the TCT Portal is helpful for everybody on the engagement at the end of the day, but it really puts an incredibly powerful tool into the hands of those poor souls that are kind of the eye of the compliance hurricane, as I like to refer to it. Whoever’s responsible for managing compliance, it’s invaluable for them to be able to get through this while maintaining their sanity type of thing. I mean, the TCT Portal is a system. It was built by people that did what these people are doing. It’s a tool that’s built for those people. So it’s a very purpose-built system. And really, the big difference that I’ve seen out there in options and whatnot, man, I’ll tell you what, you can find a million people that they go, well, I’ve got a bunch of software developers, so I’m just going to go solve a problem. And they don’t have the context for what it’s really like to go through one of these things. And somebody throws a bag of money at a bunch of devs and says, well, let’s go solve this problem. And it’s like, yeah, can they do a decent job with it sometimes? Yeah. But at the end of the day, they haven’t walked in the shoes of the people that have to deal with this shit. And it lands kind of with that false tone in terms of what they present, where you can instantly tell the difference to somebody that has lived this crap and knows how it works and knows what you need to go do with it, etc. It’s kind of like a night and day experience, if you will.
That’s very, very true. Now, what about help with herding all of the so-called compliance cats? Well, the cool part about when you’re leveraging a system or systematic approach. Is that everybody knows what needs to be done, when does it need to be done. Every single item is either assigned to a specific person or a specific group of people, and it’s readily visible at a glance. To make sure that things aren’t slipping through the cracks, the compliance software sends out an email every morning to every person to remind them that they have an assignment, that in their workflow step that reminds them, hey, you’ve got five items, you’ve got 18 items, you’ve got 370 items, whatever. But the excuse that you hear about Georgie’s, I didn’t know I had anything, or oh, I thought I punched the button or whatever. Guess what, if they thought they did it on Tuesday, when they get online on Wednesday morning, boom, they got another email. So if they didn’t do it yet, you know that they’ve got this email sitting there. If they mash the button, and I thought I was finished with everything for that, well, you just got an email this morning, it says you still got one item in your hand. So maybe you just forgot to hit the complete button. But, if you can get the people, and that’s part of where the training of the use of the system comes into play, getting everybody on the same page, marching in the same direction, rowing in the same direction, etc. That’s where it all starts to kind of come together. Because, you know, the reality is there really isn’t a place to hide when you’re using TCT Portal, all of the excuses and typical BS as things start to heat up, etc, goes out the window. Then you just don’t have that at your disposal anymore. You know, you’re able to go in, go look at the system, it just takes you a couple of seconds to go in and get your arms around that, you know, as a participant. The other piece of this is around accountability, it also helps when you’re dealing with vendors and service providers, or from the perspective of the organization going through compliance, it helps them kind of understand where their assessors’ at in the grand scheme of things.
We were talking to an assessor, just earlier this week, and where they were saying that their clients really like the fact that they could tell where things are at with their assessment firm, you know, what’s done, what’s been reviewed and blessed, which items have gone up to QA, which items are completed, you know, the folks going through it. If that provides them a lot of sanity if you will, because they get anxious, right? We just went through 18 dimensions of hell, and we got all this stuff into the hands of the assessor. Now, for many organizations they’ll get back from the assessor, where are you at? You know, we’re supposed to be done. A lot of them look at these like kind of barometer readings, right? You know, well we initially anticipated that this was going to be done within six to eight weeks type of thing, and meanwhile these guys are five to six weeks into that six to eight week cycle, and they haven’t heard squat. Is it going okay, is it going poorly? How far are you through it? So it just gives the client even a a greater sense of what’s up. Just like we talked about, you know keeping the personnel accountable. This system if you get your various vendors and service providers integrated into the evidence provisioning process, as well. It’s the same script for them. They don’t have the excuse of jeez, I thought that was done. You can stay on top of the vendor service providers, and even your assessors. So that you can go ahead and navigate those waters, not have to deal with you know atypical excuses. And honestly, in the grand scheme of things, many vendors they’re probably one of the tougher groups just because you know, they’re busy too, and they need the reminders and whatnot. Sometimes you’ve got to stay up on them. So being able to kind of tell well, it’s still not done yet, go and hit them on the next, you know, whatever weekly call we’ve got to check on status etc. You know, you’re able to tell, did they do it or not? Yeah, no, and I mean having insight into team performance is a big plus, right? Yeah, I mean really, you know if you think about it, not only does the TCT Portal, afford the capability for people to tell what’s, you know complete visibility about what’s going on. I like to call it the double-edged sword side of the portal, is that it’s also highlighting when something’s not happening, right? You know you get all of the benefit and visibility and insights, without having to deal with all the other prior BS and nonsense that you deal with in terms of the excuses and finger pointing and blah. You know It’ll tell you things like, these are made up people you know type of thing, but you know, whatever Fred isn’t submitting his evidence on time, Velma is consistently getting rejected back down and sent back. Daphne has a pattern of reassigning tasks to other people at the last second type of thing. These are things that you can go in, see, look at. Not only do I have the full compendium of everything going on in my active engagement, but if you have last year sitting there, you can now kind of trend that over time and whatnot. You can look at that productivity over a period of time and see where maybe we’ve got to go ahead and make some tweaks or changes.
Certainly, there’s inputs that can be gathered or gained from the system about employee performance. I can tell you, I’ve been on engagements where invariably there’s one or two, you know, either people or groups out of the 10. 12, whatever, they’re all the frick over it. You know what I mean? They get their assignments blocked into their hands. They immediately go ahead and grab their evidence. They checked last year’s track to make sure they were submitting the right stuff. It’s pristine when they go ahead and send it in and I’ll be damned if it’s like, boom, they just put their stuff’s there and whoop, wipe their hands of it and all that fun stuff. But in the same, and I recognize that as I’m kind of looking at this engagement, but in the same sense, it starts to becoming glaringly obvious when every frickin’ time that we’re trying to gather up the stuff, you know, Fred is slacking and not doing the stuff he’s supposed to do. You know, so it provides a good amount of of data, stats, etc, that can be used for various purposes, you know?
Whether it’s trying to actively manage the current engagement, whether it’s, you know, looking at it more holistically for either employee or vendor performance and whatnot. In the long run, the cool part is that as people start to realize, understand, get their arms around, adopt, you know, they also realize that, hey, what I’m not doing is also keenly visible. It starts to push them in the right direction of, you know, of making those improvements. And it’s funny, throughput and efficiency on a compliance engagement, you see that going up and up and up, especially as they, you know, continue to season their approach, season the seriousness that they take the adoption of their, new process for going about managing compliance.
Now, here’s a question that I’m curious about. How about like, for the leaders that want better insight into resource allocations. You know, eventually you’re gonna get that kind of that, what did you call it, the leadership flyby where they’re gonna wanna know what’s going on. Yeah, well, for leaders that are looking for, you know, additional insight about resources, let’s talk about resource allocation for the sake of this one. One of the big problems, I’ve seen this play out time after time after time is that the folks that are in either upper or mid-level management, the way they approach, oh, it’s compliance time. Yeah, I can’t tell you how many times you could just hear it in the tone of the people that are kind of involved, right? Oh God, it’s compliance time again. Oh, we’re gonna need to dive through the fire hoops and this is just something we’re gonna have to suffer through and blah, blah, blah, blah. You see it in their approach, right? And similarly, as they go in and they look at the organization, a lot of organizations, it’s not like they pre-plan. And you and I, I think you and I spoke about this on a prior podcast as well, but they don’t pre-plan out, I know that I need to earmark, fill in the blank hours each week for Bob to go get his stuff done for compliance, right? It’s not something they went through into the mix necessarily. It’s kind of loosey goosey. And the general mantra is, for most of the people involved in the security and compliance arena, is that somehow magically they will just materialize time, and make it happen on top of everything else that they’re doing. That’s generally the mantra for a lot of people on these compliance engagements, because there’s several people that have less, in terms of the overall total deliverables. So the leadership just expects they’re gonna fold it in. But for the capability, I mean, a tool like the TCT Portal really enables that upper and mid-level management to be able to tell different things, right? Like which items are outstanding for my department? Which of my direct reports are overloaded right now? For anybody that I’ve got heavily loaded on my team in terms of the compliance allocations, do I need to be able to make changes to their present priorities? So that they can be successful, is my department on track? Am I about to go have one of the execs breathing down my throat about, what the F, you know, what’s the status of each of the people that I’ve got that I’m responsible for. So you’re able to see all of those things through this systematic approach where, you know, in days gone by where folks are using, that manual approach, yet they had all sorts of places to hide. I’m a big fan of the herding cats mentality, you know, on these engagements because, that’s kind of the struggle, right? You know, you’re able to see full scale history, who did what, when did they do it, all that fun stuff. You can look for people, you can look for groups, you can look for teams, you know, etc. Who did something this week type of thing. It sounds, you laugh, but honest, legit, I’ve literally been trying or manage through one of these things. And that’s the question I asked myself. Hey, last week when we were talking on Friday, you know, these three people were sore, left, right, up, down, sideways. They were gonna be doing stuff. Did any of them do anything? Type of deal. It’s at your effing fingertips. And so, you know, now you can identify problems. And here’s the thing for the bosses. And this is the one realm of encouragement. A lot of people that are listening, maybe like, oh God, you know, Adam’s just encouraging these managers to go beat people’s asses you know, but that’s not it. That’s not what I want. That’s not what I’m seeking to have happened. Now, it may be justifiable that it happens, you know, but maybe the issue isn’t that Fred’s just dropping the ball, maybe their leadership has him overloaded with too many other business priorities. He doesn’t have enough time to be able to get to this stuff. You can look at TCT Portal and see he’s got twice as many tasks as anybody else on the team, yet he’s got five other top priorities. Whether it’s executive level management or quarterly priorities, blah, blah, blah, are trumping the waning time that I’ve got remaining in this quarter to go get my stuff done. And so is it really Fred’s problem that he’s falling behind? I would say no. I would say that’s a fault of leadership, not having enough foresight to allocate the appropriate amount of time to Fred, so that Fred can actually be successful with what they want him to go do.
The portal allows you to see what’s up, what’s going on, figure, you know, look at the whys behind it. It may, like I said, it may very well be that you just have people that are, you know, that are slacking, that aren’t performing and whatnot. But either way, you get the insight. You get the insight on here, on these teams. Often, it’s a small group of people that end up doing a large volume of the work. And so having the capability of insight into what’s the reality of what’s happening, and for managers, especially mid-level managers, to take the availability of that data seriously, it’s going to make it better for the organization. It’s going to make it better for the executive leadership. It’s going to, heck, whether the frontliners like it or not, it’s actually going to make it better for them as well, because now their leadership is in tune with what’s going on, etc., all the way around. It’s just a really good idea.
Now, we’ve spoken about a prior, right? But How about better handling, you know, like we talked about that kind of leadership drive-by? Oh, um, yeah, the leadership right? Yeah, where they were, you know, so and so just swings by the desk, Yeah, yeah, yeah, exactly. Yeah They come in you know, oh by the way, the funniest party is that the executive leaders they sit there and they don’t realize what 18 dimensions of hell their helicopter in where are we at? What’s the status, you know, did we finish all our stuff? But It sounds like a simple question, and quite frankly if you were leveraging the TCT Portal it would be an easy question to answer Um, but when you’ve got, you know, five or six locations you’re getting crap through email, text messages, hallway updates, an excel spreadsheet.
You’ve got a SharePoint site, these three vendors have their own special portals to go put crap into. You’ve gotta look in so many effing spots, and by the time you finished, it’s already out of date. Because one of the first things that you check, five more people went and you know shuffled things in the meantime. So, you know, it’s fun when you know, it actually makes it a hell of a lot nicer To have the helicopter coming in going, hey, where the hell we at? Because you can immediately go look at the system. Most of the time, the execs don’t want to be up to their eyeballs in detail. They don’t need to understand The sheer hell that the eye of the hurricane person is going through. But what they do need to be able to see, is high level status information. The cool part is, we talked about the multiple hours just to answer that question in the past. When you’re in something like the portal, you’ve got a dashboard, it’s got the active live status, I literally can screenshot the damn page and go send it to fill in the blank to answer their question.
Or quite frankly, if they helicopter in, just maybe you may want to make your life a little bit easier. They come and look right here. You see the dashboard? Yep, that’s where we’re at. We’ve got this percentage, and this is how much has been moved up, and this is where they’re at in the grand scheme of things. Literally just go point at it and nine times out of 10, they’re probably going to helicopter away. Because they were just curious, they were going to go walk into some meeting where they’ve got to go talk about something and need to know what they’re talking about. So yeah, it’s definitely made a hell of a lot easier. I love that helicoptering in and out thing. You can rest assured that I’m going to be using that in the future. Well, it’s yours, my friend, Grazie.
Parting Starting shots and thoughts for the folks this week? You know, as we’ve drilled home in today’s discussion, you can’t afford to be, you know, enduring a compliance engagement for so many reasons. You can’t afford to be enduring a compliance engagement that isn’t living up to expectations. There’s just too many risks. There’s risks to the internal personnel, them getting frustrated, you know, them getting overwhelmed. There’s risks with your vendors, you know, that’s coming into play. There’s their obligations to, you know, those who expect you to be compliant, that comes into the mix. In the grand scheme of things, it makes life so much better when you just have a system that is giving you the accountability you need, the tracking that you need, the history that you need, the capability for performance, the evaluations and, evaluating the performance of the people on the team. Being a better boss, all of that, it just flows right out of the portal. There’s a huge, huge opportunity for organizations to optimize the time for their team. You know, and we talked about that as well on a prior podcast, where we talked about not looking at the system for compliance as a cost, but looking at it as a time savings mechanism. The reality is ,you can reap some really serious, both productivity and cost savings benefits. When you go ahead and really take it seriously, the opportunity that you’ve got to leverage a kick-ass compliance system.
And that right there, that’s the good stuff. Well, that’s all the time we have for this episode of Compliance Unfiltered. I’m Todd Coshow. And I’m Adam Goslin. Hope we help to get you fired up to make your compliance suck less. Thanks for watching!
