If you’re a Compliance manager, you might have a sense of your dream Compliance hire. Realistically speaking, it’s probably not someone with beyond-human knowledge, an AI-like ability to know all answers to all questions. More like an intelligent person whose professional experience makes them useful to your team. But what does that one person know? And what if your whole team were clones of that person? Would that be the perfect team?
Actually, maybe not. When building a Compliance team, we think a better mix is people from different professional backgrounds who bring different approaches, experience, and knowledge to your team.
What We’re Talking About When We Talk About “Different”
What we’re not talking about here is hiring with an eye to DEI — diversity, equity, and inclusion. DEI is an obvious goal, right? The value of a diverse, equitable, and inclusive workplace is clear (or should be). What we’re saying here is that, if your whole team comes out of the same sort of classic auditing background — business degree, first job auditing at one of the “Big 4” accounting firms — they’ll generally have a commonality of perspective and approach. And it's great to have people like that on your team; they are incredibly knowledgeable and accustomed to challenges. But where you have individuals who are smart, capable, and bring different perspectives and experiences, your team as a whole can benefit.
For Compliance teams in growing companies and with maturing Compliance programs, the Compliance team structure you need now might be different from the one you need in a year from now. So making sure you are hiring people with a variety of skills and backgrounds is even more important.
With that out of the way, here are some differences that can turn a group of great individuals into an even greater Compliance team.
1. Different Focus
Employees who only have experience with startups often have a bias to action as opposed to analysis. The ability to make decisions quickly, act on them, and then course-correct can be extremely valuable. In contrast, while people from the Big 4 develop a wide variety of skills and expertise, their default approach may be to focus on analysis to catch mistakes. However, as Compliance team members, they are tasked with helping an organization meet regulatory requirements, industry standards, other security frameworks, etc. So the approach is somewhat different.
People who’ve only worked with startups might not have a vision of the level of excellence they could aim for, whereas there’s a built-in QA function that people who worked at the large audit firms have internalized. These examples are, of course, generalizations, but the kind of company you worked for in the past can influence your approach.
So when building a Compliance team, the different perspectives are helpful to reveal when more analysis is the right call, versus when the better approach is to take action and revise as needed. They also bring up the whole team’s sense of what level of Compliance to strive for.
2. Different Navigational Skills
Compliance teams work with stakeholders from across the organization. It's part of the job. There’s a comfort level that comes with working at a company that has a familiar organizational structure and level of formality. So if you’ve worked at a large company, you know there’s a certain way to approach HR, R&D and Legal. But if you work at a small enough company, there’s probably one general counsel and just one HR person, and if you need to talk to them, you just stop by their office.
You want to make sure that no matter what the hierarchy looks like at your organization right now, your team can build the right relationships with stakeholders so the work can get done. Someone with excellent skills will figure out the nuances of hierarchy, over time, but it’s better for the team’s ability to grow if it has members who have worked in different environments, with companies of a variety of sizes, types, and industries (especially if your organization is expanding).
{{banner-image}}
3. Different Frameworks
An enterprise-level organization likely has a large GRC team of people, where each person is familiar with many key Compliance frameworks. However, if you are building a small GRC team, you can’t expect that everyone is going to have had wide experience with all the frameworks that are essential to your business. Even people with large-firm experience probably were tasked with certain types of projects at a certain type of company, and that’s the experience they’ll bring with them. Someone who worked on a SOX audit at a large company may not have the same experience and knowledge as someone who’s worked with SOC 2 at a small startup.
So having multiple sets of experience gives you, as a good Compliance officer, a tactical advantage. That’s especially important if you are setting up a Compliance team in a growing company, where requirements will expand to include new frameworks. When your team members have a wide variety of professional backgrounds, there’s more likely to be someone who knows how to do the task at hand, whatever it is.
4. Different Views of How to Achieve Compliance
If you asked a potential team member which Compliance processes and tools they are familiar with, you’d probably get answers that vary by the size of the company they worked at. How did they collect evidence? How did they test controls? If your team members are only familiar with working with large companies, they're going to expect certain kinds of tools and processes that your company may not use. On the other hand, someone who has relied on automation may be lacking a deeper understanding of some traditional tools and processes. When looking at the structure of a Compliance team, it’s helpful to have both kinds of people: the ones familiar with traditional methods for Compliance, and those who’ve seen how data-driven Compliance automation helps companies of all sizes streamline Compliance efforts and make controls more reliable.
Building a Compliance Team? Remember: Variety is the Spice of Compliance
Working is better when you learn from your colleagues’ experiences. But while seeing people’s photos of their trip to Madagascar is awesome, we want you to aim higher. When colleagues can learn from each other because of their different professional experiences, and the different approaches and perspectives they've developed, every person’s contribution to the team adds a particular layer of value. When building a Compliance team, different professional backgrounds mean that the team, as a whole, knows more about Compliance with varied frameworks and how to achieve it. And that’s better for their Compliance leader (you) and for everyone at your organization.
Learn more about how to structure your Compliance team and program with Anecdotes, pioneers in the Compliance management world.