Don’t be a Compliance Sheep.
Being a Sheep Sucks.
Be a Compliance Engineer.
As you traverse the compliance countryside you quickly notice that there are a lot of sheep out there. Bad things happen to sheep. Sheep get herded, penned, sheared and occasionally eaten. They also have the world-wide reputation for being terribly susceptible to groupthink. Being a sheep sucks. Regrettably, nobody intends to be a sheep.
“No compliance officer basks in the adoring glow of C-suite gratitude.”
In many organizations (should I say most?) the compliance manager/department catches all the blame for failures and little reward for success. It one of those duties where success is inherently unremarkable to the rest of the organization. A client recently told me that “no compliance officer basks in the adoring glow of C-suite gratitude. It just doesn’t happen.” Encouraging vendor compliance can be especially challenging because now you’re also dealing with the loss of the positional authority that you have with internal mandates. It’s an environment that blindly compels the standard “police officer” approach – doing what everyone else is doing. Sheep.
What are the sheep doing these days? They are slowly upgrading from spreadsheets, phone and file cabinets to cloud-based systems. It’s a step in the right direction, but it’s only a small beginning to a solution. You need to understand that your challenges with vendor compliance are not where you store your data, or how you access it, or even how you perform due diligence. Your biggest problem is that you have not changed your perspective. Your approach is wrong. The information that you are collecting and analyzing with your new web-based platform is the same stale data that you dumped into your spreadsheets – only now, you get to see it through a colorful graphic. Additionally, you’re still thinking like a police officer – waiting for a failure to happen and then reacting, after the fact. How can you get an edge working like this? You Can’t.
The current hot trend is the outsourcing of risk analysis; and there are some good services available. This seemingly attractive option is problematic for an inescapable reason, a system of rankings or scores usually defers to an “ideal case” that doesn’t actually exist. An ideal case that is often based on the same rear-view data that you’ve always used. The dirty little secret of prediction is hard to swallow – the stronger the confidence in success, the more catastrophic the failure when it eventually comes around. More importantly, predictive analytics tend to systematically remove subjective data. If you’re scratching your head, subjective data includes indicators such as reputation, relationship, news and certain business indicators – oh, and your gut feeling. Four equally-weighted ideas should stick here: real-time information, relationships, reputation and continuous monitoring of it all.
Change your perspective.
The most effective vendor compliance teammate thinks like an engineer, not like a police officer. Failure is never an event that just happened. An engineer sees failure as one possible result in a process (that presents recognizable indicators) over a period of time. An engineer looks at the process (from design to implementation to end-state) and all the key factors that affect that process. Then, they actively monitor the process for variation in those indicators, rather than waiting with the sheep for a failure to happen. Therefore, compliance engineers actively communicate with and monitor their vendors in real-time, rather than audit them after-the-fact. They make it easy for their vendors to actively manage and share the required information. Finally, they utilize a system that reports on that vendor’s reputation in the marketplace – the subjective data. There is a way to easily capture all of this information and put it to good operational use. This is the difference between Trust Exchange and everyone else.
Ask us how you can take control today.