Time pressure and a successful audit
About the Client
Our client is a German family business employing thousands of people in Germany (legally two companies with three separate sites)
About the Problem
As suppliers to the automotive industry, companies must obtain TISAX certification, proving that their data is protected and handled appropriately and securely. The certification is a ‘knock-out criterion’ for automotive operators - without it, they cannot be suppliers to German car manufacturers.
(The rules and requirements for the TISAX - Trusted Information Security Assessment Exchange - certification were developed by the German Association of the Automotive Industry to standardise automotive operators' information security and data protection expectations and the requirements for compliance verification, i.e., auditing. It is based on the ISO27001 standard, but contains many more requirements, including 266 specific requirements for the "minimum level", which is not specified here.)
The Client had planned to spend a year preparing for certification, but when they approached Interim Ltd., only five weeks remained.
As a contingency scenario, the expectation was that ‘someone would come in and lead the company through at least the post-audit process two months after the first one’.
The Solution
Interim Ltd. quickly (within one day) reviewed the situation and recommended to the Client the cooperation of a project manager experienced in auditing, who accepted the assistance of the temporary specialist and Interim Ltd.
The interim specialist started the job within a week and achieved the following results on the first day:
- after assessing the state of preparation, they found that the Client had completed 22% of the required tasks (this was worse than the Client's preliminary estimate, who ‘felt’ that ‘only a little’ was missing), i.e. the remaining 78% should be completed in five weeks - the interim professional was not targeting the post-audit, but wanted to achieve compliance in the first audit originally set),
- the ‘work on something’ approach was replaced by a ‘get this done’ approach, i.e. they started working on the ‘deliverables’ required for the audit to succeed,
- the interim assigned accountable people to the documents to be produced (‘Accountable’, ‘Responsible’ roles – for those familiar with the RACI matrix) instead of the former department joint roles,
- the completion of each document and the tasks performed and to be performed by each person were presented in a spreadsheet. They were graphically accessible to all employees (the data was later updated daily so that it could be visualised transparently and visually who was where in their tasks).
In addition to (and as part of) project management, communication was also a priority; the interim project manager made:
- all activities (assignment of tasks, progress reports, etc.) were public and transparent,
- clear that each project member would be assigned as many tasks as could be completed in two hours a day (i.e. did not completely disrupt the normal daily work schedule),
- the first tasks ‘addressed’ to members of senior management, who, by carrying them out, demonstrated to all employees that the project was indeed a priority and that everyone should get behind it,
- reports on the project each week at the national management meetings (last week's progress, current status and planned activities for the coming week) and then circulate the report to all project members so that they can work in a confirmed way already agreed by senior management. This approach was reassuring for them compared to the previous situation where they had input from several places,
- the length of the meetings minimised, communicated in a focused, goal-oriented way, closing meetings in a ‘let's summarise who, what, when’ way,
- the parties concerned connected, i.e. instead of preparing a memo on who, with whom and what to consult, or who, with whom and what they had a conflict, they immediately included other colleagues in the discussion, thus closing within fifteen minutes issues that had been ‘under consideration’ for weeks,
- mentoring is necessary to ensure that colleagues understand what they are doing and why.
The project manager quickly built trust both within the client's home management and at the German headquarters, helped by a dynamic approach to work and transparent results based on numbers.
The Project Manager and Interim Ltd.’s management team consulted several times a week on the project status so that the Company's upper management could advise when needed.
The Result
- it was a pleasant surprise for the Client that, thanks to the intensive five weeks, both domestic companies passed the TISAX audit with flying colours (no auditor comments), a better result than the assessment of the German parent company by the same German auditor,
- by attending two days a week in person (the Client's original request was for five days a week), the specialist working with Interim Ltd. also optimised the client's costs, as less time also meant lower overall costs.
Further Improvements
The interim project manager identified the causes of the backlog and made recommendations to address them. Several of the suggestions were immediately accepted and implemented by the Client, resulting in a culture change, e.g.
- a shift to a results-oriented approach in IT projects,
- assigning tasks to people rather than departments,
- the former ‘bottleneck’, i.e. one-to-one communication, has been replaced by direct contact between parent company and in-house experts (replacing the former parent company standard),
- the national experts have undertaken a one-week study visit to the parent company, thus developing good personal relationships in addition to sharing professional knowledge,
- new IT processes and solutions are developed and tested jointly by the parent company and the domestic companies,
- celebrating results and milestones.