►
From YouTube: Compliance JTBD Report
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hello,
my
name
is
Michael
Oliver,
and
this
is
the
report
for
the
jobs
to
be
done
for
compliance
from
interviews
during
2023
a
little
background
into
the
research,
though
the
compliance
group
didn't
really
have
any
formal
research
conducted
to
understand
the
jobs
to
be
done.
We
knew
that
the
General
job
was
conducting
an
audit
for
complete
for
compliance
officers.
But
beyond
that
we
didn't
really
know
so.
We
used
the
jobs
to
be
done.
Script
and
screener
in
our
handbook
page
to
guide
our
60-minute
interviews
during
June.
A
We
asked
just
for
a
short
description
of
the
responsibilities
and
then
selected
each
participant
by
hand
from
or
by
the
product
manager
for
the
group,
so
a
little
background
into
the
jobs
to
be
done
before
I
get
into
the
actual
results.
The
output
of
this
is
a
drop
speed
on
canvas,
which
is
quite
a
lot
of
information,
as
we
can
see
here,
but
for
this
I
will
just
focus
on
a
couple
pieces
of
this
canvas
which
are
mainly
the
job
statement,
needs
and
circumstances.
A
A
I'll
also
go
over
the
job
steps
which
you
can
see
here
and
that's
just
the
process
through
the
job
of
the
job
being
done.
You
usually
use
using
the
beginning
middle
and
in
so
to
get
to
the
results
of
This
research
asking
what
are
the
main
jobs.
A
We
found
that
the
main
job
was
to
audit
the
client
or
business
unit's
records
for
any
rule
or
regulation
violations.
We
saw
that
the
need
for
this
job
was
mainly
to
reduce
the
likelihood
of
losing
Revenue
due
to
non-compliance.
I
will
say
that
the
need
and
general
needs
for
this
job
are
higher
than
most
in
that
the
non-compliance
can
be
quite
severe,
for
the
results
of
non-compliance
can
be
quite
severe
for
organizations.
A
The
revenue
that
they
would
lose
would
be
extreme
because
it
would
be
fines
or
sanctions
through
the
government
or
it
would
be
extreme
loss
of
business,
their
reputation
being
damaged
in
their
industry
almost
irreparably
because
of
non-compliance
depending
on
the
level
of
non-compliance.
So
the
the
stakes
for
this
job
are
kind
of
higher
than
typical.
A
So
a
high
level
view
of
the
steps
in
that
job
and
the
frustrations
in
this
job
are
that
it's
quite
a
manual
process.
There's
typical
triggers
for
an
investigation
and
typically
in
those
triggers
there's
defined
Scopes,
because
in
the
audit,
like
it's,
usually
a
predetermined
thing,
what
the
scope
is
and
when
to
conduct
an
audit.
The
the
hard
part
is
the
Gathering.
The
documents
participants
noted
that
it
was
almost.
It
was
pretty
much
the
same
in
15
years.
A
In
that
time
frame
and
participants
really
noted
how
much
of
a
struggle
it
was
to
collect
all
the
information
and
to
understand
all
that
information
that
they
were
collecting
every
participant
conducted
some
form
of
root
cause
analysis
by
manually
talking
to
people
understanding
what
went
wrong
to
ensure
that
the
systems
that
they
set
in
place
will
never
will
make
sure
that
it
won't
ever
happen
again
so
to
end
their
job.
Users
would
create
a
report
with
recommendations
or
an
action
plan
of
some
sort.
A
They
would
typically
get
that
plan
approved
by
their
manager
or
even
higher
up,
depending
on
what
government,
or
what
role
that
they're
in
and
then
depending
on
the
situation.
They
would
also
oversee
those
implementations
or
those
actions.
They
would
want
to
make
sure
that
it
is
being
done
and
then
they'd
want
records
and
documentations
of
that.
A
So
some
circumstances
for
the
job
when
it
could
happen
and
when
it
would
change.
There's
a
lot
of
reasons.
Why
an
audit
would
occur
typical
reasons
would
be
during
a
scheduled
or
requested
audit
or
well,
when
an
organization
makes
an
acquisition,
they
might
audit
that
acquisition
to
make
sure
everything
is
okay,
and
some
organizations
may
also
conduct
an
audit
after
an
immediate
threat,
either
to
them
or
a
threat
in
the
marketplace
that
it
could
be
that
it
could
be
to
them
there
weren't
many
reasons.
The
process
would
change.
A
Another
Insight
that
we
got
from
this
research
was
relating
secure
jobs
to
each
other.
So
we
saw
that
the
compliance
group
and
the
security
policies
group
had
the
same
job
of
creating
a
policy
for
my
organization
or
business
units
assets.
The
main
difference
was
in
the
goal
or
the
need
for
that
job.
The
compliance
group
they
wanted
to
adhere
to
the
organizational
and
legal
requirements
the
legal
requirements
are
always
organizational.
Requirements
are
very
often
the
case,
because
organizations
at
that
level
are
quite
mature,
so
they
have
their
own
organizational
requirements.
Anyways.
A
Where
a
security
policy
group,
we
saw
that
the
users
there
were
just
looking
for
the
organizational
requirements
every
once
in
a
while.
There
would
be
one
with
a
legal
requirement
set,
but
it
was
mainly
just
organizational
requirements
that
the
group
that
the
orc
happened
to
have
these.
These
results
are
contributing
to
more
of
a
discussion
around
tying
the
two
experiences
in
the
two
groups
together
and
unifying
the
compliance
and
security
policies
framework,
and
that's
an
ongoing
discussion
happening
with
the
stakeholders
and
hopefully,
we'll
collect
some
more
information.
A
So
we
can
make
sure
that
we're
confident
in
that
decision.
Some
additional
insights
from
this
research
include
information
on
compliance
Frameworks.
So
we
knew
very
little.
So
we
had
a
couple.
We
added
a
couple
questions
in
this
research
to
answer
how
many
of
our
participants
were
using
compliance
Frameworks
and
what
they
were
using.
We
found
that
all
participants
were
using
compliance
Frameworks
and
the
definition
from
eight
out
of
the
nine
participants
was
that
a
compliance
framework
is
a
process
or
a
set
of
rules.
A
An
organization
must
adhere
to
which
can
be
tested
against
to
measure
compliance,
and
how
is
a
compliance
standard
different
from
a
compliance
framework?
We
asked
and
we
actually
got
very
mixed
results.
We
did
see
that
a
standard
is
usually
part
of
a
framework,
but
a
lot
of
participants
had
different
things
to
say
on
what
a
standard
is
versus
what
a
framework
was
so
in
the
future.
We'll
probably
want
to
understand
a
little
bit
more
of
that
nuance
and
why
those
different
users
have
different
takes
on
it.
A
A
So
what
Frameworks
specifically
are
they
using
and
what
are
the
security
policies
for
those
Frameworks
and,
as
I
said
before,
we'll
continue
to
work
on
aligning
the
security
policy
and
compliance
group,
workflows
together
and
hopefully
understand
more
about
what
the
user's
needs
in
those
specific
situations
and
the
different
users
for
compliance,
security
policy
and
compliance
groups.
So
that
way
we
can
develop
good
tests
for
both
of
those
personas.