top of page

Proactive Compliance Management (PCM)

As some of us know, dealing with audits has always been a reactive exercise.  During the audit, the auditee finds out quickly that the required answers, evidence, and frameworks do not exist (at least on paper).  About 2 minutes into the audit process, it becomes apparent that 30 days (or maybe even 60) is not going to be enough time to prepare everything. 

​

I've been at the other end of many calls asking me if I could help with a surprise audit.  I hear something like "They emailed a worksheet with 130 questions on it, and we don't have the resources to give them what they want!" 

​

It's not fun because it doesn't take long to figure out that there is a lot of work to do and not much time to do it.  I have two rates for Audit Management projects.  One rate for organizations with a PCM program, and another with a Reactive Compliance Management (RCM) Program.  My rate is substantially higher for one of them. Can you tell which one?

​

As the name implies, RCM refers to an organization that is not ready for an audit.

​

What does it mean to have a Proactive Compliance Management (PCM) Program?

​

Essentially, it means that you don't worry about being audited. Not because you feel you can blow it off, but because you've taken the proactive steps to ensure that you are ready!  What does it mean to be ready? It means that you are confident that you can answer any audit question and that your answers prove compliance on their own. But it also means that you can produce evidence that your answers are solid. You can back up everything you say.  In addition, you have references to the actual regulatory frameworks that the Q&A sets apply to.  Organizations like this naturally assume a "Bring it On" attitude.  Bottom line is, if you've prepared for audits before they occur, you have no reason to fear them.  Audits can result in unexpected costs.  It's in your best interest that you build what they want before they want it.  Any hesitation shows unpreparedness.

​

How do I go from reactive to proactive with my compliance program?

​

Well, you could do months and months of research to determine what you need (maybe). It's really just a matter of knowing what's coming.  Simple right?

​

Would having a list of more than 2400 audit questions up front be helpful?  You know...questions that are the most common within audits today?

​

  • How about a list of best practice answers to answer these questions? 

  • How about a list of evidence documents that prove what you say? 

  • It would also be great if we had templates and samples at our fingertips to create anything and everything we need. 

  • And lastly, framework mappings would be icing on the cake.   That would be pretty cool!

  • ​

Where do we go from here?

Compliance Specifications - Did you know?

​

AssureSphere360 Compliance Builder is PCM.  It's ready now and is only the beginning of what's planned.  Have questions? Call me at 661-816-1875.

Visit my products section!

KnowledgeAlign 
Information Design | Development | Training | Knowledge Management | Audit Response Management | Documentation Platform Architecture | Compliance Management | IT and MSP Documentation

Subscribe Form

Thanks for submitting!

dcote@knowledgealign.com

661-816-1875

5409 Veneto St.  Bakersfield, CA 93308

  • LinkedIn

Copyright 2024 David R. Cote

SlicProcess, KnowledgeAlign, AssureSphere360, and Zyalto are trademarks of David R. Cote

​

Privacy Policy

bottom of page