Interview: Chief of Compliance on Modern Approval Governance

We interviewed Maria Gonzalez, Chief Compliance Officer at a large healthcare payer, about how her team approaches approval governance in a fast-moving environment.

Q: How do you balance speed and control?

Maria: "It starts with risk classification. Not every decision deserves the same scrutiny. We classify requests by clinical risk and privacy impact, and apply lightweight approvals to low-risk items. For high-risk decisions we require richer evidence and multiple sign-offs. The trick is to make the low-risk path fast and predictable while making the high-risk path thorough and observable."

Q: What do you look for when evaluating approval platforms?

Maria: "We prioritize auditability and identity. The system must produce exportable evidence that a regulator can understand. Integration with our IdP and the ability to enforce MFA are table stakes. We also care about the platform’s ability to model our authority matrix and to roll back or revoke approvals if necessary."

Q: How do you manage change control across teams?

Maria: "We adopted a change council for cross-functional visibility. Engineering, security, legal, and clinical ops review potentially impactful changes ahead of time. We also require post-implementation reviews to capture lessons learned and to adjust policies."

Q: Any advice for smaller organizations?

Maria: "Start with strong templates and straightforward SLA rules. You don’t need an enterprise platform from day one. Basic delegation rules, clear forms, and a visible status page can solve most early problems. When complexity grows, bring in tools that give you observable logs and exportable evidence."

Q: Where do you see approvals heading in five years?

Maria: "I expect more automation around low-risk approvals and better interoperability of audit evidence. Standards — like the recent ISO guidance — will make audit artifacts more portable. I also think AI will surface risk signals to approvers, but human judgment will remain essential for complex and ambiguous decisions."

Closing thoughts

"The highest-performing organizations treat approvals as a product: they design the experience, measure outcomes, and iterate." — Maria Gonzalez

Maria’s advice is practical: classify risk, invest in observable systems, and treat approval processes as living systems that evolve with organizational needs. Her emphasis on standards and interoperability echoes broader industry trends toward better auditability and safer automated decisions.