This is the final in a series of blog posts by Mitch Avnet of Compliance Risk Concepts on the process of building a business case within your firm to support investment in compliance technology. Read part one here, part two here, part three here and part four here.
Reaching the implementation stage of your compliance technology plan is a major accomplishment. It means you’ve successfully completed a gap analysis, drawn an implementation road map, decided on vendors and received the go-ahead from executive leadership. Congratulations! But don’t rest on your laurels just yet – the ultimate success of your project depends on some key factors during the final phase of implementation.
Good project management is critical
To ensure you can execute according to plan, you’ll need a strong project manager or PM team, depending on the size of your organization and complexity of your implementation. Some organizations have the bandwidth to manage a major project internally, others turn management over to an outside consultancy who works with the internal implementation team.
The team should include some members of your original planning committee, but I suggest recruiting additional people to your team for two reasons: to ensure continuity in the event of staffing changes and to expand the number of people championing your project in critical areas during the potentially bumpy process of implementation.
In a previous post, I discussed recruiting evangelists to your team – staff who understand the project’s ultimate value to the organization and can embrace and internalize the mission. I can’t overstate their importance, especially as employees switch over to new processes and systems. Recruit them in all affected areas. If they’re not directly involved in implementation work, bring them in as subject matter experts. Change is never easy, so you’ll need cheerleaders to keep up morale and momentum.
Once the team is in place, clearly define responsibilities and reporting relationships. Define escalation protocol to ensure issues and risks reach the appropriate decision-makers in a timely manner.
Create a risk assessment matrix
Unexpected events will occur on the road to implementation, from missed deadlines to key project team members leaving the firm. A risk assessment matrix is your opportunity to think about and plan for such scenarios.
Creating the matrix entails identifying all possible risks to the project and plotting them on two axes: likelihood and severity of impact. You may already be familiar with this project management tool. If not, The Manager’s Resource Handbook offers a good description and step-by-step process to follow. Using the cost analysis steps cited in MRH’s article is a highly useful option, but it’s not mandatory; the process of simply identifying and ranking project risks is a valuable exercise on its own.
Measure success through metrics
Ideally, your implementation road map uses a sequential, phased-in approach – a strategy discussed in a previous post. In such an important and highly visible project, short-term tactical wins will ultimately lead to long-term, strategic success.
Never focus on speed of implementation, your goal should be to show progress over time – in both implementation and in the results the technology is designed to deliver. Be sure to define tangible and measurable metrics and begin tracking from the start.
In compliance, you might track issue escalation and clearance times, the number of issues surfacing and the number of violations occurring. Improvement in these metrics can indicate the new technology is reducing your organization’s risk and creating cost-saving efficiencies for the department.
Don’t ignore less obvious results, like the high-value work produced now that compliance professionals aren’t forced to spend time doing menial tasks. Does that high-value work equate to higher profits? What’s the cost savings in overhead now that new technology has automated administrative tasks?
While savings and profit may not have been your primary motivation to introduce new technology, rest assured it’s a high priority for your C Suite. Don’t miss the opportunity to measure it.
Watch for red flags
During the implementation phase, it’s easy to become immersed in deadlines and logistics and miss the warning signs that your project is in trouble. Not every hiccup signals a crisis, but there are a few situations that – left unaddressed – can kill your project, regardless of how well technical implementation goes.
Disengagement is a serious problem. Some grumbling is inevitable as employees experience change, but are the complaints isolated or are they widespread enough to influence other employees?
Are employees using the newly implemented technology? If not, why not? Is it a training issue or are they disgruntled because they feel the technology has been thrust upon them?
Disengagement is usually a sign that you weren’t inclusive enough during the planning phase and your communications strategy wasn’t robust enough to prepare employees for change. At this point, you might regroup with your evangelists to martial a triage plan.
Too many false positives is another red flag. Since compliance must follow up on any exception the system identifies, improperly calibrated technology may be expanding the workload rather than diminishing it.
Users will typically blame the technology first. You’ll want to step in before they lose write it off completely. Perhaps the technology is monitoring the wrong activities, or thresholds are too sensitive or not sensitive enough. Analyze and tweak the system to provide precisely the outcome you’ve promised, the outcome your users have anticipated.
Any time your organization leverages technology to meet a regulatory requirement, it’s incumbent upon you to strive on a regular, rigorous basis to ensure that technology continues to work as intended. In other words, the implementation phase never really ends – it simply evolves to a process of continuous improvement, providing better data and leading your organization toward greater accuracy and efficiency.