It’s no secret that the annual compliance cycle is one hell of a stressful gauntlet to run through. Making it worse is the fact that it’s not a days-long or weeks-long period. Your annual compliance push likely extends through an entire quarter of the year, and bleeds into the quarters before it and after it.

Compliance isn’t just stressful on your compliance team. It can hit pressure points throughout your organization — especially when it impacts your annual and quarterly goals.

The one thing that can really alleviate the stresses of a compliance engagement is the notion of proactively planning ahead of time. Let’s take a look at several best practices that can make your compliance engagement a lot less stressful for everyone.

Related: Stressing Out Over Compliance Management? Here’s How to Keep Your Cool.

How Compliance Impacts Your Annual Business Goals

If this is your first foray into compliance, you may be surprised how much of an impact your compliance engagement has on the company’s ability to meet its annual goals.

Organizations typically have annual and quarterly goals for the business. Those goals have implications throughout the organization, and staff in every department are called upon to help the company hit its targets.

When you get into the thick of a compliance engagement, you have a heavy drain on people resources and various priorities that compete with those organizational goals.

Let’s say your company’s target date for compliance certification is October 1. Your team will likely be putting the final touches on things in September. In July and August, they’ll be eyeball-deep in the mass of evidence collection, provisioning, and interviewing with the Assessor. That means the serious prep work will start in June. That’s your starting point.

Now consider the implications to the company. You know that you’re going to spin up your compliance activities at the end of Q2 and you’ll be working full steam ahead through Q3.

The people on your compliance team will be dedicating much (maybe most) of their time to compliance-related activities for more than a quarter of the year. Their time will be severely limited for the work that’s required to meet their assigned company targets.

How do you stay on target with your business goals while also accomplishing critical compliance objectives?

Featured eBook

Straight Talk on Getting Your Sh*t Together for PCI DSS

This kick-a$$ ebook helps streamline your compliance the right way.

Get the Ebook

Plan Out Your Annual Calendar

If you plan ahead, you can hit your business targets and meet your compliance certification requirements — without killing your personnel.

Coordinate with leadership at the executive level and the departmental level to build a plan of attack. Start by making adjustments to the timing of corporate objectives. Proactively planning with an eye to the compliance season will greatly reduce stress — not only on the compliance team, but on the company as a whole.

In our example time frame, consider which resources will be needed and when. Things will start up in late Q2. The third quarter will be a nightmare, but activity will wind down at the beginning of Q4.

Now you know which people will get hit with what demands, and when. This gives you the information you need to start making resource allocation adjustments at the departmental and executive levels.

Carve out holes in the company calendar for compliance activities. For example, you might decide to shift the goals for Q3 and sprinkle them throughout Q2 and Q4. Heck, maybe it makes more sense to suggest that timely completion of compliance IS the Q3 goal! Now you’re staging the company for more productivity, more success, and a lot less stress.

Operational Mode Is a Low-Stress Way to Prepare for Your Annual Compliance Audit

Allocate Compliance Effort Realistically

A lot of companies have no clue how much time individuals will need to dedicate to the annual compliance effort. If their day job has an allotment of 40 hours per week, you can’t just tack on compliance activities here and there. You could be adding another 25 to 30 (or more) hours to their work week — over the course of months.

Instead, do some resource allocation ahead of time.

Look at the key personnel who will be heavily involved in compliance management. Bucket them into different categories: heavily involved, moderately involved, and mildly involved. Adjust the day-by-day resourcing expectations appropriately.

Count on the following resource allocation levels specifically for compliance activities (at a minimum):

  • Heavily involved in compliance: 50-75%
  • Moderately involved: 25-50%
  • Mildly involved: 10-25%

When you walk into the year with the notion that certain people will be unavailable during certain times of the year, you can plan for it and keep your business goals on track.

If this is your first or second year managing compliance, don’t expect to make an accurate estimate of time allocations. In fact, don’t be surprised if they’re wildly off. Track the actual time spent on compliance and make note of it so that you can adjust next year as needed. I would recommend leveraging your weekly compliance regroup to poll everyone on the hours they put in the prior week so you have something in hand if you’re not using time tracking software internally.

You may discover that a 50/25/10 percent allocation to compliance activities breakdown doesn’t fit your team. Maybe one or two team members need to dedicate 75% of their time during Q3. In another organization, it might be less.

Resource allocation isn’t an easy path to navigate, so give it time. It could take five compliance cycles or more to get it just right. But getting it even partially right will set your organization up for greater success — and less stress — in accomplishing your company’s goals.

Related: How One Company Took the Stress out of Compliance Management

Establish Vacation and PTO Policies

When you’re dealing with an entire quarter (and more) of your year, you’re bound to have vacation requests and other paid time off needs. Mishandle this and you can grind your progress to a halt. On the other hand, over-restricting PTO could create a toxic environment.

It can be a bit of a struggle to manage PTO when you’re in the thick of the compliance push. But if you’re planning out your whole year, you already know when you need your people most.

Early on, allocate ahead of time how much effort you’ll need from each person on your compliance team. Lock in the annual onsite timing with your Assessor early so that personnel can work that into the overall plan. Make policy decisions well in advance and communicate them as early as possible so people can plan their vacations appropriately.

Be sure to develop a PTO policy that’s fair to everyone on your compliance team. Do what you can to figure out how to give people the family vacations they need without negatively impacting the organization — because they will certainly need that time to take care of themselves. If possible, lock in their planned vacation timing so you can work that into the overall gameplan.

Also allocate for some amount of sick time. When stress is high, people are more likely to get sick. It doesn’t have to be a down-to-the-minute plan, but build in some amount of buffer to cover for sick team members.

As a general rule, I will typically plan their compliance allocation as being 10% higher than my estimates, simply to have some wiggle room when the unexpected becomes an eventuality.

Make Compliance Management Suck Less

Compliance season can create a lot of stress on your entire organization — especially if it impacts your goal achievement and day-to-day productivity. But companies that plan out their compliance engagements successfully reduce the negative impacts on the business.

Compliance management sucks, but you can make it suck a lot less. Need more insights to improve your compliance management efforts? Subscribe to the blog.


Get equipped with insider expertise

Subscribe to the TCT blog


You may also like