September 21, 2020

This article is the first of a three-part series, “ Selecting an Automated Compliance Management Software Platform.” Subscribe today to receive the series and other relevant topical information.

Software selection has become a complex task. It becomes even more challenging when choosing compliance software for NERC and other energy industry regulations. There are profound implications if the software fails to achieve organizations’ expectations. The most crucial part of software selection is how well you prepare in advance.

This article shares some key considerations for preparing for your evaluation of Compliance Management software solutions.

Start with the Basics: WHY is a new compliance management system is needed?

Before you conduct your initial research, make sure to document why a new system is needed. This documentation will also serve as an excellent high-level intro to your vendors once you begin researching Compliance Management software solutions.

Substantiate the Need for a New System: Document the compelling factor(s) that have necessitated the evaluation of new systems. There are usually several, if not many. Some examples include:

  • Management lacks visibility into the current state of compliance.
  • A siloed system is limiting collaboration.
  • Your organization has received regulatory violations.
  • Existing software is being decommissioned.
  • The current compliance process is having support issues.
  • A recent cyberattack exposed highly sensitive data.
  • Preparing for audits requires extensive time and effort.
  • Regulatory fines are reducing shareholder/consumer confidence.

Use examples, statistics, and any important information that supports your request. For instance, if a recent audit preparation required 500 labor hours at an estimated cost of $15,000.00, note the value. If a computer virus impacted critical operations include the estimated impact in terms of downtime and risk exposure for patch non-compliance. Whether the issues are internal or directly related to NERC reliability standards, list all known and anticipated consequences of NOT moving to an automated system.

The next important thing to do before RFIs/RFPs or looking for demos is to have a good understanding of the resources that are affected by the venture, including top-level management, compliance staff, IT, and end-user. Who are the stakeholders? Does the project have adequate support from management?

Establish a Project Team: WHO will buy, implement, and support the system?

Designating your project team is a critical part of any implementation. These are the system owners and experts that will evaluate, contract, build, implement, and support the new system.

Furthermore, your project team should be evangelists for the new compliance management system. They are the individuals responsible for communicating with all other stakeholders, vendors, regulatory bodies, and other shareholders throughout the future growth of the system.

Establish a team based on realistic needs and high expectations.

The team will be doing extra work and moving into uncharted waters. Depending on your project scope, consider who you may be engaging cross-functionally at different times:

Beyond designating your team, define the team’s terms and roles. This establishes clear demarcation that ensures each member understands his or her unique responsibilities to avoid misunderstandings.

Obtain Strategic Commitment from All Stakeholders

It is relatively common to have a project stonewalled without full strategic commitment. That is where your compelling documentation outlining why a system is needed comes into play. Use this list to influence management and stakeholder buy-in.

In the case of compliance software, it is essential to communicate your vision to gain support from a strategic perspective. Help your team feel engaged and connected to your vision, objectives, and goals. As opposed to passive acceptance, go for the all-in. Highlight the costs and inefficiencies of the current system(s) and the indisputable benefits of a new system from both an operational and compliance perspective.

You may not have all of the information required for full commitment at the outset of your project. Gaps may be discovered. Additional concerns may arise. Very few projects are not without bumps in the road. Therefore, be prepared to present progress, solicit feedback, and maintain consistent communications from start to finish. Engaging stakeholders from the outset reaps dividends in the long run.

Establish Realistic Deadlines: WHEN will the project start and end?

If “yesterday” was your intended implementation date, it’s time to step back and understand the importance of well-planned timing and execution. Pushing forth an implementation to meet an arbitrary date often leads to further inefficiencies that will require fixes later. Doing it right the first time will ultimately prove to be more efficient than a hard deadline.

Your implementation team is working against other priorities as well. Consider the time they will need to work effectively on their everyday tasks while also dedicating time to the implementation. Furthermore, consider vacations, holidays, and other company initiatives and create padding to accommodate those factors. Pulling your team too far away from their daily tasks creates haste, which leads to errors and frustrations that can often permeate a good working environment.

Conclusion

Implementing an automated Compliance Management system is challenging. However, advanced planning, documentation, visibility, shareholder buy-in, team selection, and realistic preparation all add up to laying the groundwork for success.

NEXT WEEK – Part 2 of 3: Best Practices for Compliance Software Requirements Gathering and Vendor Shortlisting

Sign up for our blog for more relevant industry articles.

Implementing Enterprise NERC Compliance