Oh, The Joys of Compliance and Why You Should Care!

I’ve had the great pleasure of working through audits with the business I support over the last 2 years. It’s been a journey for sure and as regulators, internal audit teams and testing teams work to ensure that are processes are solid. First, let’s start with what does this word compliance mean? Compliance means conforming to a rule, such as a specification, policy, standard or law. Most organizations have rules and policies they must comply with. In addition you will also here the term “levels of defense”. Depending on the organization these levels may be different but my definition of them are as follows:

Depending on the industry in which you work you may experience more around regulations than others. However, if you are in an environment that is heavily regulated it’s important as you continue to do your business analysis work on projects to understand the guidelines and policies set forth on the processes in which you are writing requirements. It’s becoming more and more evident that you will need to have the audit lenses of your internal audit teams as well as external examiners to help in being that first line of defense with the business. The way you ask questions may change and the perspective you have on writing and developing new processes or systems may change. You definitely do not want to be the one blamed for a compliance/regulatory violation your organization may incur due to your lack of due diligence in thinking through those items as you develop new things So what does this mean for those business analysts performing in this time of environment? What should you do to be the best line of defense for the business you support and the organization in which you work for.

1. Understand the regulatory environment in the industry in which your serve: it’s important to understand the regulations that your industry is governed by. You don’t need to know every single detail because one would hope that your compliance teams within the organization can help with that, but you should have a general idea on if you are governed by regulations such: TCPA or Reg Z, etc…It’s important to know these items as it will help you in eliciting and facilitating discussions on decisions that need to be made. So you may ask how do I go about doing that as a Business Analyst:
   1. Identify who your compliance partners are in the organization and build a create relationships with them. These individuals can help you understand the regulations and should be able to define what the regulations mean in a context in which you can apply it.
   2. There are also resources on the web that you can leverage to find out which regulations impact your industry. For example, in the financial industry you may find this website useful: http://www.federalreserve.gov/bankinforeg/reglisting.htm
2. Ensure that when eliciting requirements you are thinking through compliance/regulatory impacts to the business: As you conduct your elicitation activities and the subject matter experts (SMEs) advise you of what they want as far as requirements, you need to think about the potential regulatory and compliance considerations that go along with that request. You may ask how do you go about doing that?
   1. For example, when you are documenting future state processes and the business advises there are certain steps they either want to add or delete, or there are certain decisions they want to pursue, you may want to determine if those steps or decisions could potentially cause a compliance/regulatory concern.
   2. I would also recommend inviting your compliance partners to your requirement workshops/sessions to have that expertise in the room with you to help vet through some of those items.
3. Conduct risk analysis impacts on decisions made: As decisions are being made conduct risk analysis impacts. There are many different types of risk to consider when making a decision. Some of them entail: repetitional risk, operational risk, credit risk financial risk, customer experience experience impacts and team member experience impacts to name a few. As decisions are made considering the consequences of those decisions are crucial and can make or break you in your industry. You may ask what are some tools or techniques you can use:
   1. Systems Thinking - this concept is around understanding the whole and not just the parts as well as understanding that systems thinking is not just around the technology as some would think, but really around the inputs, processes, resources, outputs and systems all working together in an interrelated way. This concert can also help in root cause analysis which can shed light on potential underlying risks based on consequences on the decisions made.
   2. Decision Matrix - Laying out the different decision options and the pros and cons of those options. When you lay out the pros and cons consider the different type of risk consequences as well.
4. Speak up when things don’t appear to be right: The worse thing to do when your gut is telling you something is wrong is not to say anything at all. Even if you don’t have a solution bring forth the concern to management or who is the appropriate party to ensure you have done your due diligence to mitigate that risk. Sometimes we are not in the role where we have the power to ultimately make the decision; however, we are in a role of influence. As a business analyst or even a leader we mush always do our due diligence to ensure we have brought forth concerns. If you organization doesn’t value that then you may be working for the wrong type of organization. If your organization states they value that, and you do it and you find that there is negative backlash or it doesn’t feel like your valued, then you may be in the wrong type of organization.

In conclusion, depending on the organization in which you work compliance and regulations are becoming more and more of the norm and the heightened scrutiny by the government in some industries is intense. It’s not enough to just write requirements or facilitate meetings, but the analytical, critical and problem solving skill sets that business analyst should have is even more critical, especially in the area of mitigating risks within organizations. The way in which we approach our work is ever changing and evolving to keep up with what is occurring in the industries in which we work. The worst thing we can do is not recognize that and sharpen our skills to keep the pace.

---

Author: Paula Bell, CBAP & Business Analyst Certified, B2T
Paula Bell is a Business Analyst, mentor and coach known for consistently producing exceptional work, providing guidance to aspiring business analysts (including those that just want to sharpen their skills), as well as providing creative and strategic ways to build relationships for successful projects. With 18+ years in project roles to include business analyst, requirements manager, technical writer, project manager, developer, test lead and implementation lead, Paula has experience in a variety of industries including media, courts, carpet manufacturing, banking and mortgage. Paula has had the opportunity to speak on a variety of topics to include business analysis, project management, relationship building, leadership and career development, diversity and software methodology.
Website: www.paulaabell.com
Email: [email protected]
Blog: The Journal of a BA and Much More