Compliance Unfiltered is TCT’s tell-it-like-it is podcast, dedicated to making compliance suck less. It’s a fresh, raw, uncut alternative for anyone who needs honest, reliable, compliance expertise with a sprinkling of personality.

Show Notes: Compliance Management (The Little Things)

Listen on Apple Podcasts
Listen on Google Podcasts

Quick Take

On this week’s episode of Compliance Unfiltered, we tackle the old adage that life (or in this case compliance life) is all about the little things.

  • What are the skills you need to develop to thrive in the compliance space? 
  • How important is being able to spin multiple plates in the compliance space? 
  • Which specific skills can you hone in your compliance took kit?

Adam and Todd cover these skills at length, plus more! All on this week’s episode of Compliance Unfiltered.

Remember to follow Compliance Unfiltered on Twitter.

Read The Transcript

So let’s face it, managing compliance sucks. It’s complicated, it’s so hard to keep organized, and it requires a ton of expertise in order to survive the entire process. Welcome to Compliance Unfiltered, a podcast dedicated to making compliance suck less.

Now, here’s your host, Todd Coshow, with Adam Goslin.

Well, welcome in to another edition of Compliance Unfiltered. I’m Todd Coshow, alongside a man who is the sunshine in my compliance life, Mr. Adam Goslin. How the heck are you, sir? I don’t think I’ve ever been called that before, but congratulations. No, I’m doing good. Good to hear, man. Good to hear. So today we’re going to talk about something that is near and dear to my heart, and that is the little things.

I always say that details matter, and today we’re going to talk about the old saying, and that is the little things in life. But we’re going to chat a little bit more about what the little things are about compliance management skill sets that are different. So, for anybody that’s in compliance management, they obviously need a broad set of skills, right? You need technical details, knowledge of solutions, understanding the meaning of various requirements. You’ve got to understand what choices or options I have for bringing something to a point of being in place, or appropriately resolved. The compliance folks are generally speaking with just about everybody in the company, and so that includes a broad range of different people. And certainly, this is the tough part about being in compliance management. I was actually just having a conversation with somebody about this yesterday, they were saying that nobody in their organization really quite understood how much goes into compliance management. Because for a lot of the uppity ups, or a lot of the folks within the organization that are peripherally involved in the compliance efforts, it’s almost like compliance pops up and somebody sprinkles some dust, and we wave the wand, and poof we’re compliant, and it’s like, there’s a lot more going on behind the scenes, but unfortunately there’s just so few people that get exposed to that. There are definitively some little skills that make for more effective compliance management, that the compliance management folks should purposely focus on.

So what is it, what is the first of the little things skills to focus on? I mean, what’s kind of like number one? Well, I’m not sure I’d like qualify them as number one or two is more important. I mean, all these little skills we’re gonna talk about now are important. But let’s start with adaptability. When it comes down to it, there’s just a breadth of people that compliance touches, and that notion is overlooked. Being able to adapt your communication styles, because when you think about it, you’re on a compliance engagement, I mean, one minute you’re busy giving status updates to the C-suite, the next thing you’re having a conversation with HR, next thing you’re with one of the gear heads down configuring firewalls, and the next thing, you’re talking to somebody in legal, it’s all over the board. That adaptability of communication is an important skill, and it’s interesting for a lot of the folks in the compliance arena, that’s something they’re going to constantly get faced with. So, the challenges in communicating effectively to those different audiences, it’s almost like you’ve gotta put on a different coat. I’m going to talk to the C-suite, I’m going to get to this level of depth in terms of detail, I’m going to get to this level of depth in terms of technical mumbo-jumbo. So, adapting that delivery style to the really truly disparate groups that you’ve got, keeping in mind their relative interest in the details. But as you go higher up the food chain, they don’t want to, and they don’t need to know the depth of the detail. Generally they need status style information and delivery. But you’re basically neck deep talking to the person configuring your file integrity monitoring, that’s going to be a completely different level of depth conversation shift. So, being able to gear that differently based on the focus of the audience that you’re working with, is certainly one of the softer skills that comes into play for a compliance manager.

Now, does a good dose of patience come in handy? Now we’re obviously parents so this is kind of a dumb moment, but in this instance, does a good dose of patience come in handy? Yeah, for sure. The patience is actually something that’s a learned skill in this arena. When you’re in the compliance arena, you have a continuous changing landscape, so your team could be changing, you have staffing turnovers, you’ve got people that are getting promoted or new members of the team, or maybe you’re constantly dealing with new folks internally, new staff members at vendors, or even your assessor. Maybe you may stick with the same company, but it might be a different group of people the next go around, or one or two of the assessors may change out year over year. So, you’re almost invariably going to have to work with, and collaborate with first timers on every single compliance cycle that you’re going through. So the reality is, most of these guys and girls, they don’t walk in with some compendium of compliance experience here, you’re going to be training people, showing them things for the first, second, and third time, they’re going to forget how to do stuff, they’re going to forget what they learned last year. So, it helps up front to get your mindset into the mode of hey this is coming, and yes I’m going to need to answer the same question five times, and your going to have to adopt your patience hat while you’re going through that. I mean, for the compliance managers, what I’ll typically recommend to them is, just remember we all have to get there together. We’re all part of the same team. At the end of the day, you’re all trying to theoretically accomplish the same objective. But compliance is your world. And compliance is everybody else’s, I’m gonna call it part time job. When it comes right down to it, that’s a really important distinction for supporting compliance. That’s just reality, right? Some people are more involved, some people are a lot less involved, just because of the nature of their relative responsibilities to the requirements that your organization falls subject to. So just kind of keep in mind, the kind of patience related to the training side.

The other side of the patience is, and I often refer it to a compliance engagement as a fine exercise of herding cats, because that’s what it feels like. You’ve got a whole group of people with hundreds of different elements of evidence and requirements that you’re juggling. And, you’re constantly having to remind, and re-remind again, the different people that are on your team that hey, I need this, and here’s when I need it. And of course most of it comes in, but not all of it does. If you walk in with the right mindset that you’re going to be dealing with this, it just helps in the grand scheme of things. Because the other part is, over time, and this again is where some patience comes into play, you learn what works best for different team members, and how to get their attention. For some people emails perfect, but then there’s this other contingent, where really the thing that’s going to shake them loose, the emails are going into the round file, but a text message will help. Or in another case, scheduling 15 minutes with somebody to say, hey, I’d like to touch base with you offline from the main status update to just check on how your compliance stuff is going. It’s astounding how scheduling something like that will trigger movement from the folks that you’re trying to elicit information from. Getting a meeting on the calendar also helps. But, there’s also a point at which you’ve got your job to do too, right? There’s, trying to help get it there, but you’ve got to know when to escalate within the team, when you’ve done everything that you can but you’re still not getting the results that you’re looking for. Then you gotta know when to go escalate up the food chain to say, hey, boss, I need some help with fill in the blank getting their stuff. Most definitely. Bruce Lee said, be like water.

What about the capability to go with the flow here? It kind of goes hand in hand with the patience, but certainly as a compliance manager, having a measure of flexibility when it comes to what you’re doing. You’re dealing with other teams, whether it’s vendors or clients. The most important part is, just making sure that responsibilities are being done correctly. I see this a lot , I’ll call it newer or greener compliance managers, they’ve formulated a recipe in their head for how we do what we do, and this is the way we do it type of thing. And, you got to keep in mind that just because we have to meet this particular requirement, doesn’t mean it has to be done your way, or quite frankly, the way it’s always been done. In the compliance space, there are a lot of roads to get to the same spot. There’s usually a handful, to a couple dozen paths for fulfilling a particular compliance requirement. As a compliance manager, as you gain that experience, you’ll find a shift from basically using the recipe book, to really looking at the requirement, looking at the objective, making sure that it’s done correctly. At the end of the day, as long as it’s being done in a manner that’s appropriate for the requirement that your assessor is going to give you the sign of the cross on, then as long as we’re going to navigate in that direction, at the end of the day, it really doesn’t matter whether we’re using option one, two, eight, or 13 off of the list. Maintaining that flexibility is definitively going to help as you’re interacting with your team. The other side of that is, the team will both appreciate, and take some ownership over the fact that they have a voice in this, they have a say in this, they don’t have to just go do what you said, but they can be part of the solution. It often helps in terms of getting their buy-in.

Well, what about the organizational skills? Like what about those that come into play here? Well, in the grand scheme of things, one of the most important tools for a compliance manager’s toolbox is being organized, having information at your fingertips, keeping your finger on the pulse of the engagement, and knowing your status at a glance. Because as a compliance manager, you’re constantly working with, and serving the needs of those disparate groups we were talking about earlier, especially when it comes to certain messaging that you’re going to need to send leadership, there’s certain messaging that you’re going to need to have in hand when you’re talking with either your compliance consultant, or your assessor. There’s knowing where everybody on the team is at, what’s due, and when. So, whatever you are currently using for collecting and storing all of your compliance assets, the absolute best way to go through a compliance engagement, is get a single collection method for all of your information, and actually use the system that you have in place. So, as you’re going through the compliance engagement, especially for newer teams of people going through compliance, is give them training. How are they supposed to be provisioning their responses, evidence, and inputs that you require? Where should they be putting them? How should they be putting them there? And make sure that you not only train them on how to do it correctly, but also reinforce, as you’re starting to receive things. Because, if you don’t keep things organized, it’s funny how quickly things just get out of control. Now, as an organization, where we’re having to look at all these different spots, it’s a nightmare. So as a compliance manager, don’t accept people throwing stuff at you through emails and text messages, or updating you in the hallway, or dropping a piece of paper on your desk. Only take the files and the inputs that are going through that one sanctioned channel, with no exceptions.

It’s funny, I’ve had several clients that have come back to me, I don’t know, after maybe a year or two of working together. And, they’d say things like, man, we thought you were the biggest f-ing pain in the ass we’d ever met, because you wouldn’t let us do whatever we wanted, or just throw you this document, we had to go resubmit it your way. The funniest part about that is then they come back to me those years later, and they say, now that we’ve gotten through it, we’re past it, we look back, and we can see that rock solid historical record that we now have from what we did previously. It’s an awesome thing. But at the time, oh, it’s like, I’m just the biggest A-hole known to man. But successful compliance managers, they’ll learn to be hard asses on this issue, because at the end of the day, it’s going to really benefit everybody that’s on the team. And they really will see that benefit down the road, but they’re probably not going to feel it right at the time.

Now you mentioned herding cats earlier. I’m sure the ability to juggle numerous tasks simultaneously certainly helps as well. For sure. Building the ability to be a good multitasker. It’s funny, some of the best people that I’ve seen in the security and compliance arena, honestly are the ones that do possess that capability for truly being able to just keep track of a lot of stuff, juggle a lot of balls at the same time. But multitasking in the compliance arena, certainly is one of the essential tools. It’s not uncommon when you’re on a compliance engagement to have several dozen different people involved, numerous vendors that are involved in the process. Maybe you’ve got multiple facilities, maybe you’ve got multiple certifications, maybe the company that you’re currently working with, on top of all of that, is busily folding in a new acquisition every 18 months as well. These engagements get extremely complicated, period. There’s some factors that can make it even worse, but you don’t really have any choice as a compliance manager but to have several streams of activity going on at the same time, being able to manage those successfully is certainly a critical skill. One of the things we mentioned a little bit ago, having a singular place where everything is and goes, will absolutely help with the notion of going through the process, and being able to keep your eye on all of the cats that you’re actively herding.

So anything else that would be good to hone as a compliance manager looking to bone up their skillset? For sure. Maintaining a positive attitude, having a balanced positive attitude is a big deal. I don’t mean any offense to the security and compliance people in the world, but there’s so many of them that are just, they’re just kind of so dry and crabby. And, it does take a certain type of person to be able to embrace compliance, but for some reason, all the dry crabby people seem come out of the woodwork. When you’re leading teams of people, interacting with people at all these different levels, it just helps to maintain that positive attitude, and friendly personality. For a lot of them, my take is that, a lot of people don’t understand just how tough it is to be a compliance manager. And for many of the folks that find themselves in the compliance space, I almost feel like they’ve lost themselves. They’ve lost themselves in this challenge that they’ve elected to undergo. Don’t get wrapped up in the stress, urgency and deadlines, all of that daily pressure does have the tendency to drag somebody down. Just make it a discipline to take everything in stride. Don’t take things too personally. Get a structure for your work-life balance. Do some things for you. Don’t just bury yourself in your work. You’ve got to maintain that balance in order to be able to get back up the next day, and be ready to herd a couple of more cats.

Any parting thoughts and shots for the folks out there on this one? Well, the obvious statement is that the experience that a compliance manager gets over time, certainly arms that compliance manager in the one sense. And when I say experience, I just mean getting additional years of exposure to compliance, exposure to different certifications, exposure to different solutions, tool sets, all of the, I’ll call it compliance tactical experience that the compliance manager gets, all of that stuff helps. But some of these softer skills that we’ve been talking through today, those are really the skills that are truly going to make the difference between a good compliance manager, and a great one.

And that is the good stuff. Well that’s all the time we have for this episode of Compliance Unfiltered. I’m Todd Coshow. And I’m Adam Goslin. Hope we helped to get you fired up to make your compliance suck less.

KEEP READING...

You may also like