Compliance Unfiltered is TCT’s tell-it-like-it is podcast, dedicated to making compliance suck less. It’s a fresh, raw, uncut alternative for anyone who needs honest, reliable, compliance expertise with a sprinkling of personality.
Show Notes: Overcome Your Draining Compliance Process
Quick Take
On this episode, the CU Guys explore how automation can streamline compliance processes, cutting costs and time.
Discover strategies to reduce manual efforts by up to 50% using a dynamic ROI calculator. Perfect for compliance officers and IT leaders in organizations, this episode reveals how to transform compliance from a drain into a growth advantage.
Tune in to learn actionable insights and empower your team with technology-driven solutions.
Read The Transcript
So let’s face it, managing compliance sucks. It’s complicated, it’s so hard to keep organized, and it requires a ton of expertise in order to survive the entire process.
Welcome to Compliance Unfiltered, a podcast dedicated to making compliance suck less. Now, here’s your host, Todd Coshow, with Adam Goslin.
Well, welcome in to another edition of Compliance Unfiltered. I’m Todd Coshow alongside the bustle in your compliance, hedgerow, Mr. Adam Goslin. How the heck are you, sir?
I’m good today. How about you, Todd?
I can’t complain. I can’t complain.
I’m excited, because we’re going to help the folks out today. Today, we’re going to talk about organizations that go through compliance and are asking the question, why is our compliance program so draining? What are some of the basics that organizations need to consider in terms of improving their posture, Adam? Well,
When you’re talking about organizations going through it and, you know, for the listeners that aren’t informed, you know, my first background in security and compliance was literally doing exactly what these companies are struggling with, but it was 20 years ago. And you know, leveraging compliance automation, you know, on your compliance engagements is a huge step forward. A lot of folks are dealing with, oh, God, it’s a myriad of things. Dealing with spreadsheets. Somebody gets, somebody, typically somebody, either somebody in IT or somebody in leadership, you know, get some, you know, bug up their ass and they’re like, oh, you know, we could just go ahead and build a system that could handle all this stuff. And so they somehow concoct some homegrown thing. I don’t know. I’ve seen it all, man. I’ve seen access databases. I’ve seen, you know, you know, coding teams that coded something together to try to hold it all together. I’ve seen combinations of systems with, you know, drop zones, et cetera. I mean, I’ve seen it all. And at the end of the day, you know, if you’re in the one thing I get to hear from folks is, well, that doesn’t, that quote, that doesn’t cost us anything. Well, it does. Even if I’m just using spreadsheets, I mean, I’m pissing away and asked on a time that I could, that I could otherwise reclaim, you know, so that’s money down the drain.
The other thing you’ll think about, they’re like, well, we pay for our devs anyway. So, you know, who cares if they’re going and doing this? Well, are you, are you more cost effective to have them spending time doing management maintenance on internal systems every time your compliance, you know, compliance standard changes, or are we better off to have them focusing that very valuable time on, oh, I don’t know, products and product improvements and things along those lines? I’m pretty sure that your, that your head of, head of product will probably disagree with management on that one, you know, but, you know, that’s, that’s one of the things that, you know, that’s one of the things that, you know, that happens. The, the other side of it is, and, and, and this is just a kind of a different root problem, is it, it, it, it’s striking how many folks that are in middle and upper levels of management in an organization that they don’t, they just don’t know, they don’t understand how much, just how much time is getting blown on, you know, blown on engagement. So it’s, it’s, it’s also, you know, it, it, it is a fervent desire to finger air quotes, not spend cash, tends to drive part of it. Meanwhile, the system’s actually costing them money. And the other side is just how much, you know, time we’re, you know, kind of just pissing down the drain every time that we’ve got to go through and do, do our compliance stuff. So those are a couple of the, you know, a couple of the basics that, you know, that folks need to, need to be considering when they’re looking at their own compliance. Yeah, as it relates to that, um, so we actually put together a tool.
I’m going to, I’m going to kind of walk, walk folks through it. But so that you can play along at home if you will. Um, so if you go to the, uh, the TST website, um, you know, total compliance tracking.com, go to, uh, resources, ROI calculators. There’s a calculator, ROI calculator for organizations. That’s actually what we’re going to be kind of walking, walking through. So once you hit it, you’ll get to a page where, you know, you’ve got, I’m going to recommend, cause I’m going to come back to it in a minute. There’s a little display, you know, thing that’s up at the top. This ROI calculator is already pre-populated with some sample numbers for a, you know, kind of small to mid sized organization, um, that’s struggling with compliance. And so, uh, we’ve already got all sorts of numbers and everything in there, but for the sake of this discussion and the odd event that I forget, um, remind me to come back to the, uh, kind of to this top grid.
So the way that this, uh, the way that this system works is as you scroll down the page, you’ll get to a point where there’s a bunch of different, you know, kind of sets of questions. You’ll see a whole bunch of numbers and everything, you know, kind of show showing up, but, you know, a couple of things that I wanted to kind of walk the, walk the listeners through is that this grid, it’s, it’s intent is you can enter in values that are reflective of what happens on your side with your, with your, uh, compliance. Not every organization is the same. Uh, every single one does things differently, has different levels of capability, has different numbers of people that are involved in their engagements, et cetera. So if you find that one of these line items, Oh, well, this isn’t applicable in our case, great stick zeros in, you know, type of a deal. So, you know, as, as you go through, then you can, you know, kind of customize up all of the, you know, all the numbers, uh, on the page, there is a calculate button, um, that you can go in and hit. So if I go down and make any tweaks to those, if I’m zeroing items out or I’m updating them, et cetera, I can just hit calculate to, you know, recalculate everything that’s on the page. Um, the other, the other thing that’s important, um, is that, you know, in some cases, organizations will go kind of go through what I’ll call rounds of compliance. So a, our PCI thing we do in August in our sock thing we do in December and our ISO thing we do in April, you know, and whatnot. So they really go through effectively like three different rounds of compliance in a year. We’ve got the capability to make adjustments there as well. We’ll come back to that here in a little bit.
Um, so you’ve got the, you know, you’ve kind of got a lot of options within here, but the whole point of the, uh, of this ROI calculator, you know, really is to be able to get a real firm idea of in your case, um, you know, what are you spending time on right now and what would it look like if you’re,
if you were leveraging, you know, leveraging the automation from, uh, you know, from quality compliance management system. So, um, now I’m going to get started with, you know, there’s certain things each year and for the sake of this discussion and most of the conversation, I’m going to go into the guiding assumption. It’s, you know, just one round of compliance, if you will.
Um, so to that end, um, you know, there’s, uh, the first kind of section within the, did the detailed grid, uh, is a section for each year setting up and maintaining your, you know, kind of your compliance. So, you know, the, a couple of pointers that I’ll give to folks. Number one, we’ve got some brief, uh, kind of brief description. So I’ve got creating an annual storage system and maintaining it, um, is the first line item is a little, uh, kind of I, uh, italicized I there. If you hover over that, it’ll give you a more detailed description of what is this thing? What is this item? What’s its intent things on those lines, uh, way off on the very right-hand side, which I’ll skip to real quick. There’s another eye over there. And that’s basically the explanation of, you know, where we’ve got calculated hours for if using the TCT portal, you know, what, why did we calculate the numbers that we did for year one and year two plus, um, that’ll give you a better idea of kind of how we came up with those numbers and why. So it’s kind of got the justifications for the, for the thought process here. Um, in the middle of the, you know, kind of the grid, we’ve got three different columns and this basically allows the users to go in and, you know, say how many people are doing this particular task over how many weeks would they typically do that task and then how many hours a week on average, are they spending doing that task? Uh, and so they’ve got the capability to, you know, to kind of enter in the numbers that make sense. Like I said, if one of these isn’t applicable, you can simply just build zero, zero, zero. And then when you hit the calculate button, you can go. But, you know, if I have, you know, one person’s developing and maintaining the system, but, uh, I’ve got a group of two people that have to spend a couple of weeks, you know, managing and maintaining paperwork on the, on the process, et cetera, um, then I’ve got a separate line item for that. So, um, these line items are, you know, I’ll go through all of them for the annual kind of the annual tasks. So the second of them is developing and maintaining, um, their process of how are they collecting evidence? How are they tracking their compliance? Literally the, the guide and guidebook for, you know, the folks that are on, on their team. So, um, initially I’ve got to go in and develop it every year. We’re going to make tweaks and modifications as things change, you know, things along those lines. So there’s time that’s spent on that. Um, I’ve got retooling costs every time that the, you, we talked about it earlier, every time that the, you know, that the compliance standard changes. So we went from PCI three to one to PCI four.
Then we went from PCI four to four Oh one, uh, there was some, uh, rumblings out there about a PCI version five coming probably like next year to a theater near you every single time that these things go in and change. Well, guess what? Whether I’m using a spreadsheet, whether I’m using a homegrown system, I now have to spend my time overhauling, you know, my, my tooling. I have to go in and update, you know, update my, you know, procedural documentation, things along those lines. So, you know, those are some of the, you know, some of the elements that come into play there.
Um, you know, if you have, you know, more than one standard or certification you go up again, so let’s say the organization’s going up against PCI and they have to map out against ISO or Sock or HIPAA or NIST, CSF, whatever. You know, they, we’ve got to go through an exercise of, you know, mapping out evidence against those, you know, kind of those secondary standards. Uh, but they need to spend time on. And then invariably, and then invariably, um, every single time that you wrap up an annual engagement, um, just, it’s just the nature of the beast, right? You’ve got, um, everybody is up to their eyeballs in trying to get things done. Um, you know, they’ve been at the, toward the tail end of the engagement, everybody’s been spending a lot of time working on their compliance related, you know, stuff, et cetera, and everybody’s really getting a lot of pressure to go back to, um, you know, to go back to, uh, their normal day jobs. And so invariably, uh, the, the, the last several weeks of, you know, of the engagement, it’s just an absolute crap show of people, you know, dropping files here, dropping files there. Did they put them where they were supposed to? Of course they didn’t. Um, sending you pertinent, you know, pertinent details on emails, text, voicemails, leaving notes on your desk, uh, telling you in a meeting, telling you in a hallway, you know, editing that, you know, but invariably you end up with just shit spread all over the damn place. And if I want it to be organized for the next time around, so it’s not a complete groundhog day. What’s that? Right.
I was just, I mean, keep you going. That’s what I was going to ask.
Like, why is it better for the organization to leverage the same system internally, you know, year over year in your spot on right now?
Yeah, if you can get everybody on the same page, just using the system, now you start to not have these tests at all. But it’s too damn easy when we’re doing spreadsheets and da-da-da-da. One of the questions I get repetitively is, well, okay, so I got this spreadsheet-based system and I’m going through, I’m doing that. Nobody’s following the rules, et cetera.
So how in the hell is telling them, well, don’t use the spreadsheet, use the compliance management system, how’s that helpful? And what I tell them is this, it’s a training, yes, it’s a training exercise, but now we have something that we can actually enforce, right? So what I would tell the compliance teams is I would say, look, it’s really simple. Your stuff is overdue, it is not yet submitted until it’s submitted in the system and the system’s the only damn place we’re going to go look at stuff. So if you don’t have it attached in there, if you don’t have your written explanations, if you haven’t punched the button to move it up my way, you haven’t finished yet, period. And I don’t care if you went and put it over on the file server, on the SharePoint, or you email it to me eight times, no, this is going to be very simple and very standardized, submit your crap through the system of record, you know, and off we go.
Well, I was going to ask, how does that align with using the same system that they use with their compliance consultant or their assessor?
Well, when you have the same system, so obviously they can’t just set their consultants and assessors loose on the deluge of crap spread all over the damn network. That’s not going to work, but it makes the overall engagement substantively more streamlined when I can integrate into the actual workflow, getting my consultants and getting my assessors, just they’re the next stage in that workflow. Because what typically happens is, and God, I still have flashbacks of all the pain that I used to go through. So I used to have to manage and maintain and prep for my internal meetings while updating my internal status sheet, et cetera. And then I would have to go ahead and load the stuff to some dump zone for the assessor. Then the assessor would have their own sheet, right, where they’re updating things, et cetera, depending on when they looked at what the current state was, et cetera. I would spend time prepping for the internal meetings and updating my tracking sheets and whatnot. Then I would turn around and spend time tracking and managing to what the assessor said they currently had in hand and bouncing that up against reality. So I was spending time prepping for multiple meetings weekly. And as you get toward the tail end of compliance, it gets more and more and more as well.
Maybe we decide to ratchet it up and we move from one meeting a week to two a week, from two a week to three a week, type of thing internally for the assessor. Maybe it starts off with, eh, we’re going to meet up every couple of weeks. And then you’re meeting up once a week. And as you’re really getting to the tail end of, hey, we just need to get this done, maybe you’re going twice a week with the assessor, you know, type of a deal. So now I got five of these FM meetings that I’ve got to go and, you know, I’ve got to, you know, call it, you know, call it hurt all of the compliance cats to get all my crap pulled together. I’ve got to update my tracking sheet for what I sent over the assessor. I’m reconciling with wherever they think shit that, you know, and, and, and, and it’s just, it is a whirlwind. So eliminating all of that bullshit and just using the same damn system, oh, it will save. Now here’s the best part. It’s beneficial both to you and to the assessment firm, you know, type of deal. So yeah, certainly one of the things that I would say to the, you know, to the folks that are listening to, you know, kind of, you know, me bringing up battle, you know, battle stories and all that fun stuff. You know, the one thing I’d say, say to the listener is, you know, if you’re, if you’re at an organization where, you know, where the, you know, your current assessment firm is, you know, forcing you to use, you know, quote their tool, you know, type of a deal and it’s not, you know, and it’s not your tool, you know, at the end of the day, this is your compliance. This is your compliance engagement, you know, the assessors, a vendor, et cetera. If you’re struggling with that, honestly, reach out to TCT, I’ve said this to a lot of people before, there’s nothing in it for us.
There’s no, I don’t have some, you know, backdoor deal where I get kicked back or something from, you know, I’m just trying to help people in the compliance space. So nothing in it for me other than just trying to help, you know, help folks that are assessing compliance, help folks going through compliance, we’d be happy to give you an introduction to, you know, an assessment firm that doesn’t suck to deal with that is perfectly willing to, you know, go ahead and leverage the same system as you, you know, in terms of going through it.
And while I’m on this topic, one thing I wanted to make sure that I mentioned was that keeping in mind that you, you as the organization going through compliance, you, I strongly encourage companies, I call it owning your own compliance data. What I mean by that is you need to have this system for yourself, for your own purposes, something that will stick with you, that you license, that you can use for your company but make things change, right? Maybe the awesome person at the assessment firm left. Maybe the assessment firm got bought out by a big behemoth assessment firm and they’ve decided to, you know, jank your rates, you know, through the ceiling. Maybe your, you know, favorite person over at the assessment firm has floated off and now they’ve replaced it with some newbie that, you know, that, you know, needs too much hand holding and it’s not worth it. There’s a billion reasons why shit goes sideways. But bottom line is, is that own your own damn data, get your own system for managing your compliance, make it work for you and as a vendor, you know, get an assessor that’s, that’s, that’s capable or willing to be able to leverage that same system. It’s going to yield benefits for both of you.
And certainly if you’re in the notion of having to switch anyway, well, shit, reach out to TCT, we’ll be happy to connect you up with, you know, with somebody that’s already used to using the TCT portal, they’ll be happy. To, you know, to, to go ahead and be integrated into kind of the end-to-end workflow through the same system that answer that answer your question there.
Yes, it does. Thank you.
All right, so let’s move on to kind of the next bracket of stuff. I think we’ve gone through a lot of kind of topics in depth. So I think the rest of this should flow, we’ll call it flow fairly smoothly.
But the compliance startup tasks, doing your initial task assignment determinations, there’s a certain amount of time that has to get put into that when you’re doing it kind of with your manual system. The notifying everybody on your team. Hey, heads up, I finished the notifications and now here’s the shit that I need from you, type of a deal, sending all of those out to everybody, kind of for the initial pass. So here’s the stuff that I need from you. Those are tasks that you’d have to do kind of in a manual system. And again, I’m gonna leave the, I’m gonna leave the kind of the numbers on here, kind of as generic, certainly for the folks that are kind of playing along at home, if you will, they’re seeing the numbers that we’ve got kind of in here for number of people, number of weeks, number of hours per week, it’s out of room, they’re able to see, how much time do I spend today? And toward the right, how much time am I spending on that task in my first year leveraging the compliance automation of the TC portal? And then how much do I expect that’ll take in year two and beyond?
Because for some, in some instances, there’s some pretty substantive gains that end up, that end up coming. And actually the next item I’m gonna talk about is one of those. So I’ll kind of talk about that in a little greater depth, and then we’ll stream through the remaining. But, so when you’re in your compliance cycle, these are internal tasks that, you and the team need to be doing. First up, control owners generating their evidence, taking their assignments and gathering up the information, screenshots, policy docs, config files, whatever, gathering up the stuff that’s needed for that particular control, and getting that pulled together. In the case that we’ve got, we’ve got six people doing about 12, doing it across about 12 weeks. I aggregated it out to maybe four hours a week, because at some points it can be heavier, at some points it can be lighter. We tried to put in numbers that weren’t, I didn’t want to over-blow the numbers, so I tried to be reasonable slash conservative in my mind’s eye with how many hours I put by line item. But at six folks, 12 weeks, four hours a week, I’m looking at almost 300 hours, 288 type of a deal. Now, when you’re going through your first year, and again, I’m gonna remind the listeners that little eye that’s way off on the right kind of gives an explanation. So this line item started out with 288 in year one on a compliance management report. Obviously the system’s not just gonna do crap for you, it’s not magic, but you are gonna end up saving some time. Why? It drops from almost 290 to 260, basically. Where are you gaining that time? Well, in the system, you’ve got detailed directional guidance, you’ve got clear explanations of what it is that you’re needing to do, what are the expectations of the evidence you’re providing.
So the control owners have the initial benefit of being able to leverage all of that directional guidance, et cetera, because it’s all in one spot. They’ve got that right at their fingertips.
So it will speed up the gathering of the evidence somewhat over them doing it manually, where they’re having to do a whole bunch of Googling and looking up and scouring around for what the hell do I need to provide, et cetera. But when you get to year two plus in the system, the real benefit starts to come into play. Leveraging these systems, you now have immediate direct line item access to what did I provide last year? So my 260-ish number drops to about 173 hours, across all of the people on my engagement. So you’re really starting to gain steam and gain the benefit of leveraging the capabilities of the system. And so as we got to go down the, I’m not gonna keep doing the readouts, line by line by line, but I just wanna really walk the listeners through that one, but I’ll keep going down the line. So you’ve got collecting up evidence. We talked about it earlier, where I have to go and gather up evidence across all of the control owner dump zones that I listed out, texts and tell me in a hallway and dropping it in the wrong spots on the file server, share file, SharePoint, and then, and then, and then. So, you know, gather, wasting time, hunting all that crap down, reading my email about where they put it, then having to actually go get it, et cetera. I’ve got organizing and storing the evidence. No, I need to spend time. Now I’ve got all this stuff that was spread out all over the place. Now I need to put it into some reasonable centralized form. Now I’ve got the organization of all that evidence that I need to do manually. We talked about maintaining our compliance tracking sheet internally, the time that I would spend prepping for internal meetings. Oh my God, I wish I had that time back because I would spend two, no shit, two to four hours before each status meeting, just trying to figure out what the hell is everything yet. The time I would spend in the internal meetings, having to, throughout the timeframe, update the team on, you know, hey, I’m still, you know, in the beginning, maybe I had eight items I needed from Bob, you know, and then, you know, I’m in week three and now he’s down to five and, you know, now he’s down to four and now I’m still pounding away, trying to get the last to crowbar, the last two out of them. But I have to constantly be manually sending out, I’d be sending out emails and text messages and smoke screens and, you know, going and bitching it as manager or whatever it may be, you know, to say, hey, give me the, give me the stuff that we need here, right?
I’ve got time that I need to spend going through and reviewing evidence as I’m, you know, as the evidence submissions are coming in, I’ve got a sanity check and review it and go through it. I also have the task of rejecting evidence back.
So when I go in and I review it, now there’s a problem. Well, now I got to sit and spend the time and, you know, you know, maybe I got to go and make a word doc and I have to, you know, circle this and that, the other thing, I have to, you know, compose the response and send it through an email again, you know, that type of a deal. So spending the time to, you know, just reject all that crap takes a bunch of time.
When it comes to those organizations that, you know, do have some form of either a compliance consultant or an assessor, there’s interaction time with them on these engagements as well. Uploading evidence to, you know, to the consultant or assessor, loading it typically into their system, you know, type of a thing is, you know, there’s that bucket of time. Just like I had to, I was telling you earlier, I had to prep for the internal meetings while I got a prep for the assessor meeting. I don’t want to walk in there, you know, just trusting whatever they said, because most of the time they didn’t have their stuff updated. Yeah, go.
Yeah, no, that actually kind of leads me to another point, like, um, what type of options for helping organizations shield their like internal conversations? Are there from the assessor? Do you know what I mean?
Yeah, I do. Um, so, you know, that’s one of the, one of the main concerns that I’ve heard out of organizations going through the compliance. They’re like, man, I do not want, and it, it could be, it could be a benign comment from somebody, you know, that’s just kind of having an open dialogue, you know, type of a deal between internal team members, not realizing that, oh, by the way, the assessor is going to have the capability to see all this back and forth and la, la, la.
So we’ve got it with the TCT portal. We have several, several options. Um, you know, we can basically, uh, swing online dual tracks. So one’s an internal track and one is an external track. Um, so on the internal track, that’s where you can have just free form dialogue, backs and forths, you know, workflow comments with, you know, no questions, a bad question type of a mentality. Um, you know, that type of thing, but you know, you can, you can have all of that interaction, but once the, you know, once the, uh, the, the item moves up and kind of to quote to the assessor’s hands, it now becomes visible for the assessor where, uh, they’re not seeing all of the internal back and forth. They’re only seeing the final version of the attached evidence, any explanations, you know, and whatnot. Now they can go through and do their evaluation. So, um, you know, we’ve got a lot of capabilities within the, within the system to provide that shielding, which typically makes the, that’s one of the biggest concerns that I’ll see out of organizations kind of going through compliance is, you know, how do I, how do I shield somebody from saying something they shouldn’t or being a little too open, you know, a little, a little too open, or maybe even just saying flat out something is wrong, you know, uh, you know, in the comments causing issues with the assessor. It’s, I’ve seen it happen too many times.
who makes this.
So, did I check the box on that one for him? Yes, you did. Thank you. All right, cool.
So, we talked about the prepping for the meetings and then actually sitting in the FM meetings, you know, type of a deal. So, you know, one of the coolest parts about, especially in the meetings thing, I told you I wasn’t going to go through line by line, but like the prep for meetings and the meetings themselves, that’s a huge effing drain, you know, as you’re going through the process. But, you know, the one thing you’ll find with the use of the technology is you’ll find that you have a lot better capability to streamline. The amount of prep time, you know, drops to, you know, it drops to an absolute fraction of what it was, you know, because I’m using a live system. The dashboards are live. Everything I’m seeing is live. This is the current status. All I have to do is hit the reload button at the top in my web browser and poof, I’m seeing the, you know, the latest and greatest, you know, state of the state. So, the time I would have otherwise spent scouring, you know, all of my stuff and blah, blah, blah, I don’t need to do that anymore. So, the actual holding of the meetings, those meetings start to become more and more efficient as you go through it. You know, back in the day, your meetings would take, you know, whatever, the meetings would take, you know, come an hour to get through where now that I’m using live dashboarding, you’ll see that time drop in half and quite frankly, you may even be able to bring them to 15-minute freaking meetings, right, you know, type of deal.
So, there’s a lot of areas to kind of gain benefit. Now, the one thing that I wanted to kind of highlight down at the bottom of the page is that we have an average hourly personnel cost. So, on average, you know, how much, you know, how much do the individuals on your team involved in your compliance thing, how much are they getting paid from a cost perspective? So, you know, average person, we’ll call it 2,000 hours in a year. So, just do the math. What’s the annual, what’s their annual salary over the 2,000? Well, if you got an hourly rate, keep in mind, some of these folks are going to be, you know, high-end, you know, network administrators, some of these folks are going to be developers, you know, et cetera. So, just figure out what’s a good average for, you know, across your, you know, kind of your group. But this is just so you can get a ballpark of approximate hourly cost.
Then look at the, you know, the amount of revenue, the hourly revenue that you could pull in, you know, with those resources. So, if you were to do a project for, you know, for a customer, what’s your bill rate? I mean, what would you typically bill out at? Is it, you know, is it 100 bucks? Is it 150 bucks? Is it 200 bucks? You know, 400 bucks, whatever, you know, in some way, shape, or form, the value of your, you know, kind of your time in the marketplace, you know, for your organization. You can fill that in for yourself.
And then there’s that multiplier I was telling you about with the rounds of annual compliance. If your rounds of compliance are similar, oh, hey, go throw two rounds of compliance in a year type of a deal. But if one is more onerous, one is less onerous, you can just run the, you know, run the numbers separately for your more and less onerous, one, and then just do the math to, you know, kind of, kind of go in and add it up.
Actually, I have kind of a question around there. This seems pretty straightforward. It seems like something that you’re very comfortable talking about.
I guess my question is, why do a lot of management not seem to have a handle on the blown time on compliance engagements? What is the barrier to entry there?
Well, it’s less a barrier to entry and it’s more, from my perspective, it’s more of an awareness factor. I mean, just let’s just look at the reality, right? I’m in upper level management and I swing through the, you know, I go whatever, I go swing through my compliance officer’s, you know, office, hey, good luck with, you know, your compliance this year. Let me know when you’re done. They walk away. I mean, quite literally, that’s like, that’s basically the net equivalent of what kind of fucking happens on these damn things, right? They don’t have any damn idea how many dimensions of Dante’s hell that these people are army crawling through, you know, they just don’t. So, you know, it’s really easy for, you know, for, you know, for some member of management to just kind of breeze by, you know, tell them the team to get her done and, you know, go off and do whatever, right? And that’s where, that’s where the stark difference comes into play.
The vast majority of them, they don’t, go have a conversation with the people that are supplying evidence, go have a conversation with your, you know, your compliance team, you know, who, whatever group it is that coordinates your annual compliance, sit down and have the conversation with them as a, I mean, honestly, this is primarily directed, I’m that would primarily be driving the ship here, but it’s not to say, you know, if the, if the members of management are willing to go have the dialogues and have the conversation and really understand what the hell’s going on in their, in their organization, they too could sit down and use the, use the IRI calculator, et cetera. Quite frankly, the numbers that are on here are more, they’re more driven to the eyeballs of that mid and upper level management, you know, as a, you know, wake up call, if you will. So, you know, as you go in and you fill out all these parameters, you can hit the calculate button and then I’m going to scroll all the way back up to the top, the thing that I skipped. Okay. So with the sample numbers that I threw in here, with the sample numbers that I threw in here, I ended up, you know, basically with the grid, you can see, you know, the percentage of time that saved when you’re using TCT portal, how many hours, how many personnel hours did I save? You know, how much in terms of personnel cost did I save? So we had a average cost down below, you know, we can, we can literally put our eyeballs on. What do we, what do we think we saved in terms of personnel cost, you know, as a result of the use of the system. And if the, with any organization, when they have this time savings, it gives them choices. I’m going to go under the guiding assumption that if they’re able to save this time from their people internally, then they’re going to want to turn back around and monetize it by, you know, making, you know, doing some revenue generating, you know, stuff.
What’s the, if they use all the time savings for revenue generating, well, then how many dollars could they be, you know, could they be peeling in that they’re not, that this almost like the opportunity cost of leveraging, of doing things the way they’re doing it right now would be the way I would look at it. So it’s got the year one numbers, and then it’s got the year two plus numbers.
And the beauty of this particular page is this, is that these are numbers that you put into the thing that makes sense for your engagement that are reflective of your reality. And, you know, it’s just a helpful tool to be able to, you know, kind of go in, run the numbers, get the, you know, you know, get, get, get the calculations. So it’s a, it’s a real helpful thing.
Absolutely. Well, I guess, how can compliance frontliners arm themselves for the discussion with the uppity ups, right? To have like a better measure of success on that. Because I know like a lot of folks that are listening to the pod are those frontline folks that work real hard day in, day out to make sure that their organization’s compliance is where it needs to be.
And this is one of those conversations that as you put like, that, you know, the management comes by and goes, Hey, how’s it going? Great. Let me know when you’re done. And so it’s like, if they need a tool set to help them complete this, how do they have that conversation?
Yeah, well, first and foremost, I would strongly recommend that the front liners go through and, you know, kind of use this, we built the tool to be able to help them. So, you know, sit down with this tool, get familiar with it, look at the descriptions of the, you know, of the line items, look at the descriptions of the savings calculations and how those are held. A clear understanding of, you know, kind of, this is literally a roadmap to blown time on your engagement. So, go through and get it all filled out, even if you’re guessing, you know, at things like personnel costs and personnel revenue. Do yourself a favor, guess lower than you think, you’d be my recommendation. You don’t want to walk in with, oh, I’m pretty sure our hourly personnel costs $250 an hour. Meanwhile, it’s only, you know, whatever, you know, $85 an hour type of deal. So, you know, don’t over blow it. Don’t over guess. Don’t try to make the numbers look bigger than they are.
The cool part about when you go through and you spend the time to kind of get you really get your arms around where’s our time going on these engagements and how much are we pissing down the drain. You know, the numbers are, you want the numbers to be reflective of reality. You want to, you know, kind of do the legwork here, et cetera, but literally this sheet with its numbers filled in, et cetera, that’s your damn roadmap to, you know, to go have the conversation with the, you know, with the higher end folks. You know, you want to be able to, one of the big things, especially that, you know, mid and upper level management that they will value is they value actual actionable input. You know, it’s something they don’t often get. You know, a lot of times the middle and upper level management folk, they’re making the best call that they can with limited information. You go walk in with like, hey, I’ve got this ROI calculator thing. I’ve got it completely filled out. And this is actionable intelligence, you know, at this point in the game, you walk in with that. Yeah. You’re going to have a hell of a lot easier time, you know, having the discussion with them, getting the real key. You got to get the freaking light bulbs to start twinkling, you know, get them, you know, get, you want to, you want to drag them, you know, pass the breeze by your desk and tell you to get her done to where they’re actually comprehending, you know, the reality of the, you know, of the expenses and the time that’s put into these things. Because at the end of the day, the whole point is that your automation is saving you time and time does equal money. And especially to the, you know, to the, you know, the folks in the, you know, kind of the CFO, you know, CFO accounting office, et cetera, the CEO, COO. Those are the types of folks where, you know, when you come in with the right approach, then yeah, you’ll definitely see the light bulbs, the light bulbs twinkling.
outstanding. Parting shouts and thoughts for the folks this week, Adam.
Well, at a really, really high level, you know, we built the functionality so that we could help people, you know, be able to comprehend, you know, where their time’s evaporating to. Hell, even for the frontliners, I guarantee you, and I know that frontliners are sitting or listening to this, and they’re like, he’s not wrong, you know. And honestly, with a lot of these line items, they’re like, yeah, I do burn time on that. You’re just so used to doing it, right? You know, there’s a stark difference between, you know, all of this crap just getting flushed down the toilet bowl, you know, and actually being cognizant of what exactly it is that’s going down the drain. And so as you’re looking at these items, light bulbs are even going on for the frontliners. Shit, I didn’t even… Yeah, he’s right. I didn’t realize I was, you know, I was pissing away time on this and that and the other thing. Yeah, that type of a deal. So it’s, you know, when you’re in it, it’s sometimes…what’s that expression? It’s hard to see the forest for the trees. Forest for the trees. Yeah. I mean, you’re just…you are in it, you know? And you’re in it, and you’re just doing, and you’re trying to survive. And I totally, totally relate to that.
I was totally there as well, and that’s part of the reason that we decided to make TCT to help people make their compliance management suck less.
Absolutely, for those at home, take a look in the description of the episode that you’re currently listening to. There will be a link for you to find your way to the ROI calculator.
And Adam, that right there, that’s the good stuff. Well, that’s all the time we have for this episode of Compliance Unfiltered. I’m Todd Coshow and I’m Adam Goslin. I hope we helped to get you fired up to make your compliance suck less.
