Consero Advanced Class: Build Sprints, Comms, and the End of Compliance

Hi Friends! 👋 I’m back with more thoughts from the Consero conference, so if you missed my first blog post, check it out here!

Before we dive in, a reminder about how I’m maintaining privacy and anonymity from that conference ... Consero is NOT recorded or streamed. You must be present to participate. But sharing is caring, so here’s how I plan to proceed: Because not all of these ideas are exclusively mine, I will paraphrase the things others said or suggested, but I won’t actually name any of the individuals. I hope that helps to keep things anonymous while still bringing some of these important topics to our larger E&C community. 

Source: The Simpsons, Fox Media LLC via Giphy.com

Is “compliance” a bad word? 

While this was not a specific session topic, it came up a couple of times in Q&A discussions and other convos, and it made an impact on me. If I’m being honest, I’ve wondered about this for a long time, so it was actually comforting to know that others share the same internal dialog. 

The question was (not paraphrasing here), “Should we use the word “compliance” in our office names and/or our own titles, or should we opt for something else—like ‘ethics’ or ‘integrity’?”  

There are many ways to look at this, but they all come down to the same thing: semantics. And your take on it will likely be driven by your reaction when you read that word. If you rolled your eyes 🙄, then you probably feel like the word “compliance” isn’t the problem. If your reaction was “yes, words do matter,” 🙂‍↕️ then you’re probably considering replacing “compliance” with something else. 

Either way, you’re not wrong. But if you spend any more time thinking about this, you’re using up valuable energy that could be better spent improving your program—under whatever moniker you choose! 

Source: The Roku Channel’s Match me in Miami via Giphy.com

“Invest time in build sprints.” 

This was a super cool idea—that I totally had to look up to fully understand. And now that I get it, I love it! Here’s a quick summary (Sources: Wrike / APM):

Rooted in Agile Project Management, an iterative approach to project delivery, “build sprints” break down a project into bite-sized chunks lasting typically no more than a month. This approach is frequently used in software development. By planning one sprint at a time, you can adapt and adjust based on outcomes. Additionally, this approach allows you to deploy newly created benefits throughout the process rather than only at the end. It’s still a disciplined approach, but by focusing on only critical documentation for each sprint, it minimizes the need for lengthy reports. 

Now, you’re probably thinking “ok, sounds great, but how do I use an approach for software development in my compliance program?” Here are some ideas:

• Take one concept from one training module and break it down into three short communications and deploy them via internal messaging tools next month.
• Choose one audit finding from your latest report, build a checklist to help mitigate those mistakes, and send it to the team responsible for compliance with that task.
• If you’re feeling experimental, ask your team to take 30 minutes to create some CustomGPT queries to help improve the clarity of a tricky policy. 

Source: Mean Girls, Paramount Pictures via Giphy.com

The point is to focus on a narrow and specific problem or issue. Then, brainstorm, create solutions, and release these small enhancements as they become ready for testing and assessment. If they work, great! Keep experimenting and expanding on them to continually improve! If it didn’t work, that’s OK too because you can go back, adjust, and redeploy—all within a relatively short period of time. The idea is continuous improvement, and it really has no limits.

SQUIRREL! 

Yesterday, it was ephemeral messaging. Today, it’s AI. Tomorrow, it will be (insert shiny new risk here). It’s easy to get distracted by and caught up in the latest thing, but don’t forget about basic compliance blocking and tackling.

These are the things that never go away and don’t have a season. Like Conflicts of interest. 🚩 Anti-bribery and corruption. 💰 Cybersecurity. 💻 These risks are ever-present and, unfortunately, can jump up and sack your org at any moment, not just after you’ve released your annual module. 

Your best offense is a great defense. And my go-to play is constant, always-on comms campaigns. In fact, you can’t communicate too much. Messages get sticky when they get repetition. Think seven different times, seven different ways. (OK, maybe you can communicate too much. The key is to be reasonable and creative, not overpowering and monotonous.)

So, where do you start? Let’s get real. You’re not going to wake up tomorrow, wave a wand, and have all your hour-long LMS courses broken down into neat little microburst communication packages. But remember that build sprint we just talked about? Try using that technique on some low-hanging risk fruit. Take a training that you own and chop it up into the key learning objectives. Then pick one objective (maybe the riskiest one of the bunch) to put on repeat by leveraging a variety of delivery tools and methods, like videos, job aids, manager-led discussions, emails, and awareness reminders. 

And now, we want to hear from you! What parts of these blogs resonated with you? Any plans to try some of this out? Let us know!