David Tilkin President and CEO ProcessUnity

• You move at a too rapid pace, so mistakes get made.
• You have to go back and fix the mistakes.
• To get things done, you have to call in chits, and you know that you'll have to return the favors.
• Fire drills are viral, and the impact spreads throughout the organization as if you'd poured accelerant around.
• Whatever you planned to get accomplished during the day doesn't get done. (But the work doesn't go away.)
• The same goes for the folks you've had to drag into the fire drill.
• Personal plans get put on hold. (Sometimes these plans just go away.)
• The same goes for the folks you've had to drag into the fire drill.

We know they're costly. We know they're counter-productive. We know they can backfire.

Yet still, most of us are capable of starting a fire drill, and all of us are likely to get caught up in them.

In financial services firm, one big cause of fire drills is when the "inspectors" are due in. Whether they're internal auditors, external auditors coming in for your SAS 70, or regulators from the SEC or some other body, once they're on their way, you're on your way. (Clang, clang, clang.)

Sometimes the fire drill gets called because there's something in the news that has your executives, not to mention your customers, on edge. It may be the latest major credit card scam (TJ Maxx, anyone?). It may be the latest identify theft ring uncovered. It may be insider trading or money laundering or something-or-other that has everyone reaching for their Blackberry to text-message their compliance officer, security, operations, IT, or their outsourcers: "r we ok w id thft?"

If you're the one on the receiving end of this message, it's more than likely that you're going to pull that fire alarm box and call a fire drill so that you can provide some answers to your management and your customers.

This sets off a mad scramble: When was the last time we tested to see that terminated employees lost access? When was the last time we updated and circulated the policy document on divulging sensitive client information over the phone? Who taped the password on the front of the admin server (and would you please go pull it off before the auditors get here)?

There has to be a better way, and that better way means getting in control of the whereabouts of the documents, test results, roles and responsibilities, policies and procedures, that protect your assets and keep your customers' sensitive and critical information safe. It means being on top of the controls you have in place, knowing that they're tested regularly, and knowing that the auditors and regulators won't be finding any surprises. It means being able to respond quickly-or even be proactive-when there is something in the news that's causing your management and customers to spring into fire drill mode.

By managing your controls and testing on a regular basis, rather than as an emergency event, you'll be in a position where you don't have to panic when that fire alarm goes off.

Instead, you'll be able to walk calmly to the fire box and call the whole thing off.