Higher-Level Metrics Bring a New Perspective to Your Compliance Program | Society for Corporate Compliance and Ethics (SCCE)
With the scale of most compliance programs in large international organizations and the number of policies and reports to track, it can be easy to lose sight of the big picture and fall into the trap of measuring inputs. : How many reports or spreadsheets did I issue? ; how many training sessions have I conducted, rather than the outcome and whether your program is meeting its objectives and actually having a positive impact on the business.
Regulatory expectations in this area are increasing, and when defining compliance metrics, we must always question ourselves not only about what a particular metric is trying to prove, but also about the relevance of that metric and its alignment with broader business goals.
When doing this exercise it can be helpful to look at the measurements through the lens of four different levels, and ideally your program will contain a balance of each so that you can demonstrate that the program is working and understood, affecting behaviors, achieving its goals and add value to the organization.
The most basic level of metrics are operational metrics. These are usually quantitative and record a factual event (for example, the number of compliance training sessions that have been conducted).
We typically use operational metrics to demonstrate that the program has been implemented and is working, for example, to track the number of dedicated resources in place or the number of whistleblower reports that have been received. These metrics can be a useful baseline, but on their own they don’t tell you much and are just a starting point to then link to the more qualitative aspects of a program’s actual effectiveness. compliance.
Commitment measures essentially ask three questions:
Are people aware of the program?
Do they understand the program?
Do they care?
In this space, you can find qualitative and quantitative metrics. Using surveys and questionnaires can help identify levels of understanding and awareness and track them over time, helping to identify particular departments or seniority levels that may need more attention.
Quantitative data can also be used to measure engagement, and this is an area where marketing teams have particular expertise (and may be able to help) in measuring customer engagement through on-site visits. social networks and recording site traffic.
From a compliance perspective, engagement metrics typically track the level of staff interaction with content generated by your program: percentage of compliance communications opened, page views for your intranet, time spent on page and regular visitors to the page.
Again, this information is helpful but not isolated, and while staff may know, understand and be interested in the program, they may not be doing anything different as a result.
Behavioral metrics refer to your initial goals for the compliance program and measure whether behaviors and company culture are having the desired effect.
Many aspects of a compliance program relate to influencing or changing behavior. We might seek to increase the number of people reporting compliance incidents, improve training scores, or encourage people to report conflicts of interest or gifts and hospitality.
When defining these metrics, we first need to express what people are expected to do differently than before, and then the relevant metrics will show if this is actually happening.
Business value measures
We may have a compliance program that we can prove works and is understood by staff and affects behaviors, but it doesn’t work in a vacuum, and maybe the level of metrics most important of all is the last: those metrics that demonstrate that the compliance program is meeting its objectives and adding value to the business in which it operates.
The compliance program is not an end in itself and should not become introspective. It is part of a larger business, consumer and regulatory environment and should be a valuable part of business strategy. The more we as compliance officers can show this and align with organizational metrics, the more visibility and influence the program can gain.
Business value measures can take many forms. For example, certain metrics can highlight the trend of health and safety incidents, specifically by demonstrating how, as a result of training or root cause analysis from incident reports, the number of health and safety issues decreased by a certain percentage. Or similarly, measures showing a decrease in code or regulatory violations.
This level of thinking can also be applied to a number of business performance metrics, such as demonstrating the impact of the compliance program on improving business processes, operational efficiency, customer satisfaction (e.g. through promoter net score surveys) and even the bottom line. .
Ideally, a balanced selection of measures can be found at all levels, and in many ways it is important to be able to demonstrate them all in order to be able to show the necessary cause and effect. But the more metrics we can use to understand how the program is performing effectively and how it aligns with program goals and business strategy, the more comprehensive we will have, allowing us to continuously identify areas where which we focus and reinforce.
Take away food
It is essential to be able to use metrics that not only measure inputs and outputs, but also whether the program is meeting objectives and adding value.
Be clear about goals and target behaviors upfront to know if they are being met.
Challenge what each metric is trying to show and why that metric is relevant.
Align compliance goals and metrics with broader organizational goals and use tangible metrics that show those shared goals.
Use a balance of operational, engagement, behavioral, and business value metrics to understand the total impact of your program and identify areas for improvement.