Compliance Unfiltered is TCT’s tell-it-like-it is podcast, dedicated to making compliance suck less. It’s a fresh, raw, uncut alternative for anyone who needs honest, reliable, compliance expertise with a sprinkling of personality.
Show Notes: The Perils of Report Writing for Assessors and How to Overcome Them
Quick Take
On this episode of Compliance Unfiltered, the CU Guys dive into the intricate world of report writing for compliance assessors.
- Discover why this seemingly straightforward task is fraught with challenges, from the complexities of manual processes to the orchestration required for quality assurance.
- Learn how the TCT portal is revolutionizing the way assessors handle report writing, saving valuable time and enhancing efficiency.
Whether you’re a seasoned assessor or new to the field, this episode offers insights into overcoming the hurdles of report writing and maximizing your ROI.
Tune in to explore how technology is making compliance management more manageable and effective, all on this week’s Compliance Unfiltered!
Read The Transcript
So let’s face it, managing compliance sucks. It’s complicated. It’s so hard to keep organized and it requires a ton of expertise in order to survive the entire process. Welcome to Compliance Unfiltered, a podcast dedicated to making compliance suck less. Now here’s your host, Todd Coshow with Adam Goslin.
Well, welcome in to another edition of compliance unfiltered. I’m Todd Coshow alongside the fabric softener to your fresh load of compliance laundry. Mr. Adam Goslin, how the heck are you, sir?
I’m doing good as long as we have that, like, no static cling in there, then we’re golden.
Tell you what, you’re putting a bounce in all sorts of things. So today, Adam, we’re going to chat very openly about, um, you know, assessors and, you know, saving time, writing reports, and the ROI that that actually brings to the table. Now, why is report writing so time consuming for assessors?
Well, I mean, in a traditional sense, the assessors, they typically start off with some type of a template or something that is kind of a single artifact. Only one person can really work on it at a time. They spend a lot of time having to kind of customize up their language, et cetera. You know, when you’re doing it in kind of a full manual arena, it’s made tremendously more complicated. It takes a lot longer to be able to get through, you know, given, you know, you don’t want to be stepping on toes of others, et cetera, then it’s kind of like, it’s kind of almost like a hot potato. You know, you got to hand the hot potato around for whoever’s got to go make updates, and then when I got to go send it to QA, I’ve got to go ship it off their way, but I can’t be making any changes to it, et cetera. It’s all handled through, you know, human orchestration, coordination, all that fun stuff. So, you know, report writing becomes, you know, it becomes a task that, you know, really, you know, takes the typical organization, especially those that are in a full-scale manual or semi-manual, you know, style process, a fair amount of time to be able to get through and navigate. So, it just, it takes a while. I mean, you got to remember, I mean, I was helping out with, you know, with engagements. I was helping out with, you know, being involved in, you know, with assessors and, you know, QA, you know, style procedures for, God, I’m probably closing in on two decades of this at this point in the game. So, it’s, you know, it’s been a complication that’s been out there for, we’ll call it some period of time.
Well, I mean, that kind of naturally leads to the next question, which is, are there other complications of the writing and review process that come into play?
Well, I touched on it a minute ago, but especially the QA, the Assessor to QA process, if I’m in a manual situation, I’ve got to pass things over to my QA department. When I do that, then the Assessor’s got to take their hands off and stop. If QA includes multiple individuals, QA’ing maybe different portions of the same report, now I’ve got delays as everybody’s kind of handing this artifact between the various folks in QA so we can gain all of the inputs. Meanwhile, the Assessor’s kind of deadlocked because they’re waiting for it to come out of QA. It’s just an orchestrational pain in the ass, to be brutally frank, so it’s tough, man. It gets complicated, especially, and right now we’re just talking about a single report. There’s engagements where you’ve got one organization has a multitude of reports. One organization has a series of reports that need to kind of integrate and flow into one another that are inheriting things from one another, et cetera. There’s a lot of reasons why the report writing arena and the consistency that you need between even within a single report, but especially as you start layering in additional layers of complication that really start to make it completely untenable for an organization to go through and do that manually.
Hm. Now, as you mentioned, you’ve kind of been in this arena for a moment or two, a decade with the TCT portal alone. Well, capabilities exist within the TCT portal to ease the burden on assessors for their first time engagement.
Yeah, and what we mean when we’re talking about first-time engagements is first-time engagements on the portal, right? At some point, it may be that you’ve been working on this particular engagement for years, but now you’ve got to go and work on it within the portal, especially if it’s a brand new organization that you’re doing a report on for the first time, you have no historical reference, et cetera. So the capabilities that exist within the portal, things like being able to default your report text against a particular standard to get those to a starting point. One of the things that we’ve seen several organizations be able to leverage extremely well is the TCT portal capabilities to go in and use some type of like a mass find replace capability off that default report text. So imagine that I had a phrase in my default report text that said the assessor went in and they reviewed this firewall, the firewall type that the clients has, and you’ve got a tag in there for firewall type, and now I can go through, take that default report text, and everywhere it says it has a tag for firewall type, well, now I can flip in their Cisco Saas or their watch guards or whatever, or Fort nets, whatever it is that they’re, you know, that they’re leveraging. Now you’ve got the capability to leverage a combination of both the default report text and the tagging that they’ve got within the system to very quickly go through and customize this default report text so that it is client contextual and yet will allow you to do it in mass. So when I say that, so imagine that that firewall type, you know, tag, imagine that that is something that’s included in the default report text in 87 spots. Well, back in the day, then, you know, I’d be going through and trying to, you know, go through, replace those, et cetera. We’ve got all of that integrated and the cooler part is that when it comes to the mass tag replacements, the assessors have the capability to do those kind of in mass. They can go and load up a whole list of find replaces that they want to go in and run. So what we’ll see some of the organizations doing is almost like pre-loading up the, we’ll call it the answer key or whatever for this tag and the switch to this, this tag and switch to this and let’s pretend they have this offline list that then they basically copy, poured into the, you know, poured into their find replace interface. They can go ahead and effectively whatever. Let’s say I’ve got 123 tags that I want to go through and replace, you know, I’ve gone, I’ve thought them through, et cetera. They can literally load up all of them, hit the go button and poof, those will just stream right across the, you know, right across the engagement and then they can go back through and just kind of do a, you know, do a final review.
But, you know, all of those, you know, all of those features and functions go a long way to streamlining the, you know, the time for, you know, for those assessors, you know, and honestly somebody with the, you know, with the inherent capabilities of being an assessor, you know, their time is astoundingly valuable to the organization that certainly could be far better used than laboriously pouring over report tags. That’s for damn sure.
It certainly sounds that way. Now, once the organization has been on the TCT portal and gotten used to it, what other benefits exist in like year two and beyond?
Well, there’s several capabilities for the system. There’s also some inherent capability that starts to build as a result of using the system. So first, we have the ability within TCT Portal to port that report tax from the prior year to the current year. And a couple of things to keep in mind with that capability to port the tax. So as an example in the PCI space, we were on PCI 321 and now we’ve moved over to PCI V4 and now we moved to 4.01 as an example. When the assessors have the desire to port their report tax from prior year to current year, it’s not only the ability, yes, I can port from a 4.01 to a 4.01, but in the same sense, if in the interim, the standard changed and went from 321 to 4.01, we’ve got mappings in the background so that they can use that capability to not only port prior year to current year, but also prior version to current version. So all of that happens kind of automatically as you’re going through the process. Certainly here at TCT, we’re not making decisions on behalf of the assessment firms. We’re here to serve them and give them capabilities that’ll make their world better. But that said, some organizations are like, no, we’re not gonna be porting the report tax in the prior year. We don’t want to basically port that over. Instead, they do have the capability to go in, reference and refer to the report tax from last year. And regardless whether I’m porting it, whether I’m referencing it, whatever, both of those capabilities now are facilitated because I have the prior year track within the TCT portal. So as I start to go in, leverage the portal, I get through my first years with my existing sets of clients, things kind of get even better when you start getting to year two. The other kind of benefit of being able to have all of this information just at my fingertips is that now when I’m sitting here in year two, let’s say there was some type of, I was literally on a call or a discussion earlier today where I was having a conversation with somebody. We’re like, well, why are we doing it this way? Blah, blah, blah, blah. We were able to go back to the prior year track within the portal, look at how things were conditioned and why we’re able to see all of the historical comments from the assessor, from the company subject to compliance and realize that there were some special circumstances which meant we were gonna handle or disposition this particular item in a particular way. Having all of that data and information right at our fingertips meant that instead of us all scratching our head, having to schedule a call with six people, you know, blah, blah, blah, blah, blah, blah. Instead, we were literally able to go in, go look at the circumstances that are all clearly detailed out from the prior year and go, hey, yeah, yeah, that’s right. We did it this way because of this, et cetera, and boom, we’re off and running again. You know, back in the day, that would have been calendar days of delay. That would have been trying to get on people’s schedules. Of course, the meeting gets rescheduled three times because people are busy.
And then, and then, and then, and then, and now I’m just lopping all of that BS out of the mix and I’m just keeping my arms and legs inside the vehicle at all times. So it really makes the subsequent engagements. It gives them a real leg up in terms of being able to go through and go through and quickly process through items, et cetera, within the TCT portal.
I mean, that makes sense. Now time savings on report writing translates to directly to ROI for the assessment firm. Tell us more on why that’s such a critical piece here.
Yeah. So I’m going to just for the sake of the listener, I’m going to kind of walk through where, where they are, where the assessor ROI calculator is so that they can, you do can play along at home. Um, so, uh, if you go to the TCT website, again, the short form to get to the website is get TCT.com that’ll redirect to totalcompliancetracking.com and go up to the resources, go to ROI calculators, which will bring you down to, uh, there’s two different ones, there’s a ROI calculator, ROI calculator for applicants, one for assessors, click on run the numbers by the assessors, and you’ll literally be looking at the, the, the ROI calculator that’s here now on it, you know, I’m going to back it up a little bit. Uh, I just, well, I wanted to get that out of the way, so I didn’t forget to tell the listeners about it.But, um, when it comes to the assessors, um, you know, again, these are amazingly skilled individuals with a ton of knowledge that, uh, needs to be leveraged to the best of its capability. Um, you know, their time is unbelievably valuable. So any minutes I can save shear from the assessors, what does that mean? Well, if I’m able to, I’m just making these numbers up. If I’m able to take an engagement and bring it from, you know, uh, you know, from, uh, you know, whatever, uh, you know, uh, if I’m able to save a couple hundred hours on an engagement, well, guess what? If a standard engagement for an assessor is 600 hours and I’m able to drop that down to, uh, you know, down to 400 hours as an example, well, now I’ve saved 200 hours and engagement. Well, if my, if my standard engagement only takes, you know, only takes 400 down says 600, um, all I need to do is save that 200 across two engagements. And each assessor is able to, for every two engagements they were doing, they can now do three, you know, type of a thing. So, uh, you know, you just look at it from an organizational perspective. And if my assessors go from being capable of handling, uh, you know, on average, you know, 10 to 12 different engagements in a year and now with the efficiencies, I’m able to handle, you know, 14 to 18 engagements a year. Well, guess what? That’s all the last of these unbelievably specialized warm bodies that I’ve got to go ahead and get on my team. Uh, you know, I could go that route. I could extend our service offerings. I could land a whole bunch of clients and not have to hire people, you know, et cetera. There’s a lot of things that you can do with it.Uh, you know, which is, which is tremendously helpful. Now, as you go through and you’re looking at the ROI calculator, um, the, the, what we’ve got in here, when it first comes up, you know, kind of up at the top is some summary numbers based on example values we’ve got in there. So just scroll down below the clear and calculate buttons. And we’ve got this all broken out into, you know, different times that the assessors would spend on different functions. So as an example, um, you know, configuring and maintaining, you know, systems for each of the applicants.
Well, if you’re using the TCT portal, you don’t need to do that internally anymore. Um, you know, uh, applicant prep meetings. Oh my God. One of the things that, uh, that really helped with, uh, you know, with the, uh, you know, with the T use of the TCT portal is that I now don’t have to, uh, you know, spend as much time prepping for those every single meeting with the, you know, with my client, um, you know, the amount of prep time is slashed, you know, on those engagements .So because you’re using a live system. So as I go down into kind of the, you know, report writing, uh, you know, and things along those lines, I mean, generally speaking, um, you know, the, the going through and writing your report texts, doing your report texts for the first run through, you can expect from, you know, the way you were doing it to the way you do it within the TCT portal, you can expect that it’s going to get lopped in about half, uh, you know, for the report writing. And once I get to year two plus probably going to lop it in half again, because now they’ve got that leg up that we were talking about earlier, but within the ROI calculator, we’ve got it broken down to where by line item, you can call out how many people on average do I have on my engagements doing this function? How many weeks does it typically take? And how many hours per week per task is spent? Um, yeah, but you can customize all of those numbers up all the way down. You can also put in, uh, personnel costs, personnel, you know, kind of revenue. If you were to, you know, have them paid for by the hour and then how many engagements do you do each year? And then you can go in and calculate it. And then you go back up to the top and now you can see the sum across all of your engagements, how much time are you saving, et cetera? Um, you know, I, I would strongly recommend for the, for the assessors that, you know, are still, you know, either dealing with internal systems that they have to, that they’re internally managing and maintaining and blowing all of that time, or, uh, if you’re, uh, you know, uh, heaven forbid, uh, still using spreadsheets and things along those lines. Yeah, you definitely want to go sit down, uh, work with the ROI calculator for the assessors, play around with that a little bit, because that’ll, that’ll go a long way to kind of helping understand what the, what the requisite benefits are, if you will, of heading down this path.
Parting, shots and thoughts for the folks this week, Adam.
Well, I know I’ve kind of danced around it and been a little shy about it and everything along those lines, but honestly, stop screwing around with spreadsheets. Don’t waste your time writing, rewriting, rebuilding, blah, blah, blah, your internal systems, et cetera. There’s a real reason why we have dozens of assessment firms on the TCT portal. And quite frankly, we’ve had some that have gone and done experiments with alternatives and come back. So there’s a reason why we’re successful in this space. There’s a reason why we kick ass and since the very beginning of TCT, we’ve basically held one objective only, and that’s to make compliance management suck less.
And that right there, that’s the good stuff. Well, that’s all the time we have for this episode of Compliance Unfiltered. I’m Todd Coshow and I’m Adam Goslin, hope we helped to get you fired up to make your compliance suck less.
