Anatomy of a hyperproductive compliance management team

John Weathington, Contributor
Good compliance management comes from good compliance teams -- it's as simple as that. The sum total compliance risk exposure of your company has a direct-line relationship with the quality of your compliance management team. This is where I see most companies get it wrong. Today, I'll show you how to get it right.

    Requires Free Membership to View

    Login

More compliance resources
Why it may not be ideal for your lawyer to be your compliance officer

Leveraging your business intelligence resources for compliance
Good compliance management teams have the same characteristics as other good teams. They are sometimes referred to as hyperproductive teams, which is a term popularized by the agile development movement of the 1990s, and is still heard today with the recent popularity of Scrum as a viable execution methodology.

So let's dive right in and look at the characteristics of a hyperproductive compliance management team:

  • They all share the same vision, which is to protect the company, not to build a system.

  • Their key focus is reducing risk and passing audits, not following a process.

  • All the team members are highly competent professionals, from technologists to policy experts.

  • They are colocated and very vocal with each other.

  • They are self-sufficient. Everything they need to know and do is under the complete control of the team.

  • They are small in size, typically seven to 12 people.

  • They really enjoy working at their job, and with their team.

Easier said than done

It's actually quite easy in concept to build a hyperproductive team, but depending on your company's organization and your role, you may face challenges getting the right team together. Unfortunately, when it comes to compliance management, even the CIO will often take a back seat to the direction of maybe the CFO or chief compliance officer. You must be diligent with your influence and insist on partnering with your organization instead of servicing it. Without proper partnership with technology, your company is doomed to fail in its compliance program, leaving it unnecessarily exposed.

The challenge comes in employing the skill set that you need for your team. Although you run a technology organization, this particular team will need skills that span the spectrum of compliance, including at least one internal auditor and one or more policy experts. Avoid making the common mistake of getting these people "on loan" from finance or another department with a dotted-line reporting relationship. Everybody on your team must be 100% dedicated to its cause and under the complete control of the program leader or coach.

Building the team

Which leads me to the most important person in your program -- the program leader. Your program leader must have an agile background, be it Scrum, Extreme Programming or something of the like. This is why it's essential that the IT function takes ownership of the team; it's quite unusual to find an agile program manager in any other function of the company. Your program leader will coach your team into a self-directed, risk-reducing machine; a team guided by the direction of the policy experts and resilient to the many changes it will face in policy, interpretation and organizational tolerance.

It's important to keep the team small and physically colocated in the same room or general area. If you try to grow the team, or split the team into varied locations, your communication problems will escalate geometrically. Your team members must be self-sufficient, complete with experts in technology, policy, auditing and management. They should be intellectually curious about everyone's function but still be clear on the importance of being an expert in their role.

It's not about the technology

Although you're building IT systems to support compliance, this is

Although
you run a technology organization, this particular team will need skills that span the spectrum of compliance; including at least one internal auditor and one or more policy experts.
,
only the means to a compliant and minimally exposed organization. The system is the means, not the end, and it will take many forms and change dramatically at times. You and your team must understand this and be prepared to accommodate.

Finally, your team members must be enthusiastic about being part of something great. To do this, you must invest heavily in team development. These are the gladiators of the organization; they are the defenders of the crown. On a daily basis, they protect the company from untold millions of dollars in lawsuits and compliance violations. They should be recognized and rewarded appropriately.

It's ironic when I see companies take huge risks in forming substandard compliance teams, whose raison d'être is to reduce the risk and exposure of the company. The only way to get it right is by forming a highly productive compliance team of experts who collectively have the knowledge to maintain an end-to-end system of compliance for the company. Empower them properly and treat them well, and your company will be safe from harm. Start today by putting together the charter for your compliance dream team.

John Weathington is president and CEO of Excellent Management Systems Inc., a San Francisco-based management consultancy. For more information, visit www.excellentmanagementsystems.com.


This was first published in June 2009

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

    Back to top