regulations create risk -- and the only way to manage that risk is for project management and compliance teams to combine forces
BY MATT ALDERTON
ILLUSTRATION BY DANIEL STOLLE
Organizations can run, but they can’t hide from compliance. New rules and regulations are being imposed on almost every industry and across every border—monitoring everything from data privacy to environmental reporting to worker safety. And a single misstep can cost organizations time, money and credibility.
A project team might be in the midst of creating an extraordinary new app. But that won’t mean much if the organization realizes in the middle of the build that the app doesn’t comply with governmental data security standards. Suddenly, the project team is at risk of not meeting the schedule or budget—or both.
“YOU HAVE TO BE AWARE FROM THE VERY BEGINNING OF THE POLICIES, GOVERNANCE AND LAWS AROUND YOUR PROJECT.”
—Einas Khairy, PMP, Qatar Ministry of Information and Communications Technology, Doha, Qatar
COMPLIANCE + PROJECT MANAGEMENT = WINNING CAREER MOVE
As organizations’ compliance risks grow, so do career opportunities for project practitioners.
“Strong project management and compliance risk management skills are considered to be one of the best combinations to have if we consider the current trends,” says Vivek Tilgule, PMP, compliance business analyst, Crédit Agricole Corporate & Investment Bank, Singapore. “The sky is the limit.”
It’s a powerful one-two punch that can put project and program managers on the fast track to career growth.
“You’ll have opportunities to [scale up] to bigger and more complex projects,” says Einas Khairy, PMP, project management office (PMO) compliance manager, Qatar Ministry of Information and Communications Technology, Doha, Qatar. “Or, you can join a project management office and manage [compliance] risks for the entire organization.”
“WITH CHANGING BUSINESS DYNAMICS AND REGULATIONS, IT HAS BECOME ESSENTIAL FOR [PROJECT PRACTITIONERS] TO WORK IN TANDEM WITH THE COMPLIANCE TEAM IN ORDER TO EXECUTE ORGANIZATIONAL STRATEGY.”
—Vivek Tilgule, PMP, Crédit Agricole, Singapore
“As a project manager, you have to be aware from the very beginning of the policies, governance and laws around your project,” says Einas Khairy, PMP, project management office (PMO) compliance manager at the Qatar Ministry of Information and Communications Technology in Doha, Qatar.
Organizations are keenly aware of the threat: 74 percent of the 600 compliance professionals from 71 countries surveyed in a 2014 Thomson Reuters Accelus survey said they expected to spend more time managing regulatory risk. But more time might not be enough time: 66 percent of compliance teams spend three hours or less each week consulting with their company’s risk function. And one-third of teams spend less than an hour a week.
That’s precisely where project and program practitioners can help by partnering up with their compliance peers.
“There’s plenty of opportunity for project practitioners to fill the gap and improve the efficiency of compliance teams,” says Vivek Tilgule, PMP, compliance business analyst in the Singapore office of French financial services firm Crédit Agricole Corporate & Investment Bank. “Following a project-based approach for the planning and execution of compliance teams’ work can do wonders [and] enable compliance teams to enforce regulations in organizations with the utmost ease.”
Regulations can seem like a bunch of red tape to just slash through. But it’s not that simple. Project practitioners and compliance teams must make their way through what is often an intricate web of rules, guidelines, procedures and protocols—all of which can change at seemingly a moment’s notice.
“With changing business dynamics and regulations, it has become essential for [project practitioners] to work in tandem with the compliance team in order to execute organizational strategy,” Mr. Tilgule says. “For example, financial security and capital market project teams traditionally are considered two different parts of [the organization] in investment banks. However, with the more strict and interrelated regulations imposed by regulators, [they need] to work hand in hand.”
And that collaboration should be happening right from the start—when teams are creating compliance frameworks and risk registers.
“It’s important to get knowledge—not only about the project, but about the culture and environment surrounding the project, including knowledge about the policies and laws that could impact the project deliverables,” Ms. Khairy says.
Some of that comes down to basic mixing and mingling, says Alessandra Milan Souza, PMP, compliance manager, PMO and system analytics, Walmart Brasil, São Paulo, Brazil. She regularly schedules meetings for project practitioners to engage with compliance experts so they can provide solutions. For instance, if a project related to butcher shops at stores requires the purchase of protective safety equipment, she makes sure the project team has a brainstorming meeting with a food safety or health safety compliance expert.
“SOMETIMES [STAKEHOLDERS] DON’T SEE THE COMPLIANCE RISK, BUT PROJECT MANAGERS WHO HAVE A LOT OF RISK TRAINING DO.”
—Alessandra Milan Souza, PMP, Walmart Brasil, São Paulo, Brazil
Project practitioners “are so focused in one area that it helps to see problems or issues from another view,” she explains. “For example, I’m not an expert on food safety, but after almost one year of working at Walmart, I know what’s important to food safety.”
SPOTTING THE RISK
Once they understand regulatory risks, project practitioners can create and execute a comprehensive plan to mitigate and manage them.
“Risk management and compliance go hand in hand, because without a compliance framework your project is high-risk,” Ms. Khairy says. “Risk management and compliance may also be strengthened through the creation of a PMO that handles these issues at a corporate level for the organization.”
At the very least, project and program managers should start with an outline of the applicable regulatory compliance standards along with relevant business processes and internal controls.
Ms. Souza says the compliance risk management framework at Walmart Brasil helps project managers contribute to compliance efforts in areas as diverse as anti-money laundering, consumer protection, food safety and data security.
“We work with our global team to define risks and risk causes, and we have a system that includes all the necessary information to see how we’re doing and if we’re managing risks in the right way,” she says.
When it comes to compliance, project managers must be risk managers, says Ms. Souza.
“Every time I have a meeting with people, I try to look for risks and understand how to mitigate them,” she says. “Sometimes [stakeholders] don’t see the compliance risk, but project managers who have a lot of risk training do.”
And that’s how the most effective teams work. Project practitioners, compliance managers and stakeholders each coming in with their own point of view—but working together to make sure they play by the rules. PM
PM NETWORK SEPTEMBER 2015 WWW.PMI.ORG
SEPTEMBER 2015 PM NETWORK
Commissioned and supported with research from PMI, MIT’s Consortium for Engineering Program Management, and others, this report distills how many government agencies have been leading (and continue…