In a data-driven world, it is easy to get overwhelmed by the sheer amount of data at our fingertips. We are regularly inundated with metrics, measuring and quantifying our every interaction and acquisition, so determining what really matters ends up being equal parts art and science. As compliance becomes compulsory in our rapidly evolving and regulated business landscape, how do you measure your organization’s compliance effectiveness? How can you use data to measure the effectiveness of your compliance program and predict pain points in the future? How can data help prevent damaged reputations, negatively impacted bottom lines, costly infractions, or even criminal consequences? Read on to learn more about how to make your data collection do the heavy lifting for you and your compliance initiatives.
How do you measure your organization’s compliance effectiveness?
Helpful data comes from many potential sources—culture surveys, risk assessments, disclosures, and your helpline, to name a few. In our Insights tool, you can view a substantial amount of that vital data in centralized dashboards. But simply looking at that data without a plan or implementing trackable KPIs won’t get you anywhere. Identifying trends and consistently cross-referencing to where you are now versus where you started, is far more valuable than knowing where a number stands at a single point in time.
So where do you start? Start with our Compliance Metrics Handbook for a primer on how to increase the impact and effectiveness of your compliance program by unlocking the power of data (and knowing how to actually use it).
A Selection of Our Recommended List of Metrics
- Number of times and how often Code and policies are reviewed and/or updated
- Number & nature of Code and policy violations
- Culture surveys & knowledge assessments results
- Training reach, medium, frequency & completion rates
- Reach, medium, frequency & engagement rates of compliance communications
- Training program update rates
- Post-training test results
- Number and nature of incidents by employees who have completed training
- Reporting rates, known and anonymous/1000 employees by reporting channel
- Retaliation report trends, including the number of reports of retaliation
Ready to graduate from Compliance Metrics 101 and move on to putting those metrics to work for you? KPI-class is in session below.
How can you use data to measure the effectiveness of your compliance program and predict pain points in the future?
What compliance KPIs should I measure?
The rise in stakeholder capitalism means that regulators, employees, and customers demand more from the companies they regularly interact with. But when measuring something as multifaceted as the ethical health of your organization, how do you treat your KPIs with the respect and attention they deserve? Key performance indicators (KPIs) are the metrics or data points that indicate how well your organization is performing. Your organization’s KPIs are so much more than simple boxes to be checked; they are holistic yardsticks, detailing the success of your key initiatives. The KPIs you track indicate what’s most important to your compliance team—after all, what can’t be measured, can’t be managed.
Reveal your organization’s biggest strengths and weaknesses by tracking improvement over time, using the same set of benchmarks. Think of it like that pair of goal jeans (pre-pandemic jeans, anyone?) we all have hanging in the backs of our closets; by regularly pulling them out and trying them on, we can see if our hard work at the gym and in the kitchen is paying off. The repetition may be tedious at times, but over the long term, you can measure exactly how much progress your focus and cross-departmental energy has brought about.
How can data help prevent damaged reputations, negatively–impacted bottom lines, costly infractions, or even criminal convictions?
Moving beyond best practices, your compliance effectiveness could carry legal ramifications if not properly administered. The U.S. Department of Justice Criminal Division updated their Evaluation of Corporate Compliance Programs guidelines in June of 2020.
This update emphasizes three questions that prosecutors should ask:
- Is the organization’s compliance program well-designed?
- Is the program being applied earnestly and in good faith, e.g. is it being implemented effectively?
- Does the program work in practice?
When determining your KPIs for measuring compliance effectiveness, keep these three questions top of mind to not only set your compliance initiatives up for success, but to prevent any costly legal consequences.
The DOJ’s updated guidance also includes two sentences that deserve special attention:
- Have the policies and procedures been published in a searchable format for easy reference?
- Does the company track access to various policies and procedures to understand what policies are attracting more attention from relevant employees?
Not only does this guidance emphasize the importance of your internal policies and procedures, it also focuses on the “how” of your data. Is the data that you’ve poured countless hours of company time into generating easy for relevant employees to access? The DOJ guidance is more than just how to comply with relevant regulations, but what it looks like in action. If your data is pristine, but inaccessible when needed, as far as the DOJ is concerned, your compliance efforts fall short and may be subject to further scrutiny. Measuring your organization’s compliance effectiveness is more than checking off boxes in an extensive list of guidelines; it is about taking the time to make sure that your compliance program is structured to measure what matters most and to make it accessible to the folks who put that policy into practice.
Use our Compliance KPIs worksheet to conduct a health audit and data analysis for your organization. Compare your results to other compliance-adjacent roles at your company and develop a plan of action for all your organization’s data.