Some disasters you can see coming for miles, if you’re watching for them. Hurricanes. Wildfires. Compliance chaos. As a consultant, I’ve witnessed my fair share of compliance disasters. I’ve seen client teams that were driven not by a desire to improve their security through compliance, but merely to satisfy a checkbox for their customers.
The assessment team wasn’t prepared for the client to blow off the importance of the engagement. As a result, the assessment was drawn out over an extensive period of time, and the assessment team hadn’t spent the time to properly document the client shortcomings.
At the end of the day, no one was happy. The assessor team was ticked because they were spending money left, right and sideways. They asked for more dollars, because the client kept dragging their feet. The client was ticked, because the assessor wasn’t driving the process as the client had expected, and because the assessor had the gall to throw in additional charges.
Handpicked related content: End Inefficient Compliance Assessment Engagements
The engagement quickly spiralled into a disaster, because the assessor approached the engagement in a reactive mindset instead of a proactive one. They went in expecting to adapt to whatever situation they encountered. In reality, they got blindsided by a client they couldn’t lead.
Had the assessor had their eye on the ball better, they would have been able to see that this particular engagement was a problem from the start. Instead, they got caught unprepared and spent the entire engagement trying to adjust to a scenario they couldn’t wrangle.
I’ve seen it happen to veteran assessors as well as less experienced ones. To successfully lead your client through a compliance assessment, you need to take a proactive approach to every engagement. Otherwise, both you and your client will get overwhelmed by the compliance chaos.
Through advanced planning, this assessment team could have gone into the engagement prepared and ready to tackle problems before they could take root. Here’s what they should have asked at the start of the engagement.
Who’s on my team?
The success of your assessment hangs on the people you’re working with. A group of new assessors who are still learning on the job will struggle with challenges that seasoned professionals can deal with in their sleep. Your team’s mix of skills and expertise plays a big role in the way you approach your engagement as well. Ask yourself:
- How experienced is my team? If you have rookie assessors on the project, it will have implications for your entire engagement. Think through those engagements and know early on what rough spots to anticipate.
- What are their skills and expertise? The more diverse your team is, the better. You’ll be able to assign people to their unique skills, boosting the efficiency of your engagement.
- Will I need to develop any team members on-the-job? If so, you’ll be stretched thin throughout the engagement. Consider ways to compensate for that.
- How much oversight will they need? You generally won’t send your team out to be lone wolves, but hopefully you won’t need to check in with them every day. Find the sweet spot to keep your assessment on the right path and moving forward.
- What’s the best way to communicate with my team? Some people respond more quickly to text messages than email. Others never look at their phones. If you can’t get your team to communicate responsively, you’ll be in for a bumpy engagement.
- How can I optimize the Quality Assurance personnel? Selecting the appropriate QA personnel can optimize the engagement also—when QA selections are made based on their relative knowledge of the client’s industry.
How committed is the client?
When you’ve got a client that’s only interested in achieving an objective for the sake of keeping their clients, they just want to see the results—they don’t want to do the work. If you spot the red flags early, you can take control and establish a set of expectations, processes and accountabilities to protect yourself and to keep the project on track. Watch for these early warning signs:
- Clients missing regularly scheduled regroup calls
- Recurring pattern of the client team missing deadlines
- Delivered evidence that only covers a small portion of the request
- Client assigns few or new personnel to the assessment, secluding their most experienced personnel (typically for business reasons)
- Delivered evidence is delayed by weeks or even months
If that describes your client, you’ll need to have a rock-solid process that allows you to proactively manage the client. Set down rules, assumptions, agreements—and consequences—that both parties agree to. Know ahead of time how you’ll escalate an issue if you’ve got an uncooperative client or a point of contact who goes radio-silent. More on that process in a minute.
How experienced is the client?
Even if your client takes compliance seriously, they can still throw a multitude of wrenches into the works. If they don’t know what they’re doing, they can gum things up pretty quickly, without trying.
A more experienced client can take on more complex items, and you can expect them to turn things around more quickly. A less experienced client will need more hand-holding, and more time to figure things out. As the clock ticks, you could be continually prioritizing and reprioritizing the open items that remain.
If you can see that coming, you can anticipate the tasks that will slow you down and what will require more of your attention. That gives you the chance to plan accordingly, to minimize the negative impact on your overall engagement.
Regardless of client experience, one element that will help speed every engagement is having direct and organized access to the evidence from their prior year compliance track. If that evidence is readily accessible, this allows even new players to reference prior evidence and gain traction and provide solid evidence substantially faster.
Do we have a mature process for communication and accountability?
It can be an absolute nightmare when everyone is willy-nilly flinging 500 items at you. If you don’t have a solid process for communication and accountability, you’ll end up backtracking, retracing your steps and taking numerous side paths that don’t lead anywhere. Nothing slows down your engagement and busts your budget quicker than an assessment with a fragile or inefficient process.
I can’t overemphasize the importance of what is effectively the middleware between you and your client—a trustworthy mechanism through which you can manage communication and keep people accountable. It’s absolutely critical. You can’t walk into an engagement, staring down 500 items, with a workflow requiring several stages of review, and hope that it all goes okay.
TCT Portal harnesses the power of automation to give you a robust process for every aspect of your client engagement. This compliance management software brings a backbone of communication, accountability and organizational power to your assessments that other solutions struggle to provide.
Every Engagement Under Control
There are all sorts of red flags along the journey that can warn you of brewing trouble. Spot the signs early, and you can take control proactively to navigate through the chaos. Miss the red flags, and you’ll be in reaction mode throughout the engagement, trying desperately to get back on the right path and steer the project back on schedule and within budget.
Find out how TCT Portal can keep every engagement on track and under control. Get a personalized demo today.