Usually, achieving compliance takes far longer than you expected. You were supposed to crank through compliance in eight months — and too many months past the original date, you’re finally, blessedly getting the Assessor’s signoff.
The people most engaged in the process fell behind on their normal responsibilities, and your team is itching to get back to their regular job. Not so fast, Jack.
The best advice I can give to someone who just got past the finish line is this: do not take your foot off the gas. Immediately start planning the next compliance cycle. Trust me, it’s a hell of a lot easier to keep going than it is to stop altogether for a breather.
Certainly, it’s important to recognize the blood, sweat, and tears of the folks who helped to make compliance happen. Throw a compliance party and take a moment to celebrate your achievement. You all deserve it.
That said, get back in the game immediately, while everything is still fresh.
Here’s some good news: you don’t have to keep running full tilt the way you just were. You’ve crossed the first finish line and now you need to shift to the marathon before you — maintaining what you’ve achieved. But you do need to keep moving, or you’ll cramp up, stall out, and fall flat on your face.
Here’s what to do immediately following your first time achieving compliance.
Related: Your First Compliance Audit: Will You Crush It or Get Crushed?
Clean up Your Mess
If your mother told you to clean up your room before going out to play, you can thank her now. She prepared you well for managing compliance.
I haven’t watched your team go through compliance, but I’d be willing to lay down money that you’ve got a rat’s nest of disorder in the wake of your compliance engagement. Considering that last mad dash where you made it to the finish line, I’ll bet you don’t have all of your information where it needs to be.
Before you get too far past your celebration, go back and gather up all the answers to the Assessor questions, the final versions of evidence after all of the back and forth, and the details of the communications that went flying between parties. Make sure it’s all consolidated and organized in a central location, where you can easily find it again — you’ll thank me later.
You don’t want to lose track of that important data — and you will, if you don’t clean it up now.
Learn from the Previous Compliance Cycle
Do a post mortem and identify your lessons learned from this last round. What went well, what didn’t? How long did it take each of your team members to complete their work? How many hours did they put into it?
Use that historical data to plan out your next compliance cycle, so you can optimize your efforts and run more efficiently than the previous year.
This task also helps you to allocate a percentage of time for the personnel you pull from various departments. Know ahead of time how much of their FTE you’ll need. Work with their supervisors to plan it out so that the business isn’t hindered by their split time.
If you’re using TCT Portal for compliance management, the system keeps track of open assignments and presents it to you at a glance — just like that.
Plan Your Upcoming Compliance Cycle
Work with your vendors, Assessors, and Consultants to create a road map of the coming year. Establish dates and priorities now, so you aren’t caught off-guard down the line. Ask:
- When will we focus on on-site visits and interviews?
- When should we begin requesting documents from vendors, and in what order?
- When do we need to assemble our compendium of compliance evidence so the Assessor can review it with plenty of time?
- How can we make things easier for our vendors and Consultant the next time around?
- Is it acceptable to the Assessor to spread the one time tasks throughout the compliance cycle?
Start with the next signing date and plan backwards. But remember that there’s a whole slew of activities to go through after you’ve put a bow on the evidence you’ve collected. Compensate for the time it takes to complete reviews, do QA, and go through other hoops.
I usually plan to wrap up evidence collection 6-8 weeks before the signing date. This allows time for the Assessor to perform their tasks, internal QA, and report writing (but check with your Assessor on their needs).
A large volume of items will come due on an annual cadence. Nothing says you have to gather all of those at the same time. Instead, put together a game plan to spread out the annual requirements over the course of the year to make your process easier to manage. Ask your compliance Consultant the best way to schedule out those annual tasks, and get the approval from your Assessor to make sure everyone is on the same page.
Related: How Long Can You Wait to Get Started with Compliance?
Maintain the Compliance You’ve Already Achieved
Compliance isn’t a set-it-and-forget-it kind of thing. For some reason, this notion seems to surprise more companies than you’d think. Once you’ve achieved compliance, it’s your responsibility to maintain it going forward.
You can’t push it aside and come back to it when it’s time to prepare for the next Assessment. That’ll be a recipe for disaster when personnel either neglect or forget to perform their tasks throughout the compliance cycle.
Depending on the certification you’re maintaining, you’ll have a defined set of activities that need to be done on a regular basis — daily, weekly, monthly, quarterly, semiannually, and annually.
If you stay on top of them all year long, these maintenance tasks are fairly simple and quick to do. The trick is to stay on top of them.
TCT Portal makes it easy to maintain compliance all year long. Once you achieve compliance, the system can switch into Operational Mode, where it uses automation to help you stay on top of your tasks in a timely manner.
If you didn’t use a compliance management system to get yourself through the previous engagement, now is a great time to do it.
Just Keep Moving
It can take a few years to get a compliance program humming along on all cylinders — usually two or three cycles. There are that many moving parts to compliance management. It could take even longer to hit your stride if your business is gaining new acquisitions every couple of years or if you have massive changes in staffing or vendors.
The best way to shorten the time to proficiency is to keep moving forward after the annual assessment.
Compliance management sucks. But if you follow these guidelines — and especially if you use an automated compliance management system — you can make it suck a lot less.
Featured eBook
How to Make a Business Case for Compliance Management Software
Discover How to Get a “Yes” from CFOs That Always Say “No”