Your first year as a compliance assessor is going to be a crazy one. You’ve got industry knowledge you need to gain and retain, internal processes to follow, a suite of proprietary tools and processes to figure out, client relationships to maintain, trends to follow, rules to master, and a ton of paperwork to keep up with.
Feeling in over your head yet? You’re not alone.
This first year will set the tone for the years to follow. While you’re in for a deluge of information overload, you can use it to take you to the next level as an assessor. Here’s a set of best practices every new compliance assessor should follow in the first year.
I’ve seen new assessors who think they know more than they do. Self-confidence is one thing, but arrogance will hold you back every time. It’s also dangerous for everyone involved: you don’t want to make assumptions or mistakes when you’re vetting someone’s security. It’s got to be right.
Regardless of how much you already know, you’re entering a new world and you’re going to learn a ton. Enter every engagement with appropriate humility. Open yourself up to absorbing and learning as much as you can. Commit yourself to that process and it will serve you and your clients far better.
Know Your Client
Every engagement is unique, and no two clients are alike. Study the scope of every engagement before going in, and make sure you clearly understand what the client does. You need to understand the compliance standards that you’re validating the client against, but you also need to understand the client’s business.
There’s complexity in every engagement. You need to understand the certifications, but you also need to have a firm grasp on the scope of the target organization. You don’t want to be 2/3 through the engagement, only to find out that you neglected an entire area of the organization.
Handpicked related content: 4 Things to Remember About Your Compliance Clients
Know Your Firm
Your success as an assessor will depend on how well you can work within your firm. That means understanding the organization’s processes, inside and out. It’s these processes that guide everything you do on an engagement. The more you can navigate through them seamlessly, the better you’ll establish yourself in your firm.
Spend every free moment studying your processes until you know them forwards and backwards. Take every opportunity to learn from your mentor. Ask lots of questions, absorb everything you can as you shadow them.
Your first responsibilities will probably be reviewing documentation and doing administrative tasks. It’s boring work, but it’s incredibly valuable, because it’ll help you learn the certifications inside and out. That sets you up for greater success when you start engaging with clients more fully.
Share Your Observations
Being the new guy means you can spot things your associates don’t notice. They’ve developed blinders and they don’t see the stuff that gets in the way of a more efficient engagement. You’re in a position to notice what isn’t working and to ask good questions:
- Why do we do it this way?
- Is there a reason we don’t do X or Y?
- How much time do you think we’re chewing up by doing it this way instead of that way?
Spot opportunities to improve the process, but do it from an attitude of humility and learning. Your fresh perspective can help your organization to streamline its processes and strengthen its bottom line.
Track Industry Trends
Keep an eye on industry trends and learn the new tricks that attackers are using. Find out about the latest best practices for organizations. Follow industry thought leaders on LinkedIn and Twitter, and aggregate news articles online. Join online groups and follow the certification bodies.
Find a Friend
Try to find someone in your organization who is similarly minded to yourself — whether it’s your mentor or someone else. Foster a friendship with an experienced assessor who has been in the firm and the field for some time and is open to sharing knowledge. If you can find someone like that, it’s gold. Those people know all sorts of tricks and tips they can show you.
Probably the most important element when you’re paired with a mentor is not what do they do, but why do they do it. Understand the whys of what they’re doing. Why is this acceptable, but that isn’t? When you notice their eyebrows go up, something piqued their interest. What was it? What dots are they connecting?
Note these questions when you’re with the client, and ask them as soon as you’re done, when they’re still fresh in your mind.
Also get close to your QA personnel and spend time talking with them. Learn as much as you can from them, because there’s a tremendous wealth of knowledge pooled in the QA department. Some new assessors get defensive when QA finds room for improvement, but it’s actually a terrific learning opportunity that can help you take your game to the next level.
Get Your Arms Around the Tools
If your assessment firm is still using spreadsheets, file shares and Word documents to manage compliance engagements, you have our sympathies. It can be a nightmare trying to figure out these tools and getting them to work seamlessly.
They aren’t easy to use, and you may be learning on the fly how your firm’s tools and templates work. Often, the only way to get your arms around it all is to go through it first-hand and gain that tribal knowledge that everyone else on the team already has.
Hopefully, you’ll have some sort of training upfront. Take it to heart and pay close attention. The more you can retain about those tools, the easier it’ll go for you in an engagement.
Ramp Up Faster
The more insight and information you can get as a new assessor, the quicker you’ll ramp up and rise above the firm’s expectations. And the greater impact you can make on your client’s compliance efforts. Don’t snub the opportunities you have to learn during your first year — it’ll pay dividends before you know it.
Subscribe to the blog below for more content on leading a successful engagement.