Measure or Die! – Using Metrics To Measure Compliance Performance

[Editor's note: This article was contributed to Corporate Compliance Insights by Mr. Jim Nortz - Compliance Director at Bausch and Lomb. It was originally published on December 6th, 2008, and was the first CCI featured article immediately after our launch. We are publishing it now because the advice is timeless and we want the many subscribers we have gained since then to have a chance to read it.]

———-

A few years ago I had the pleasure of participating with Scott Mitchell, Chairman and CEO of the Open Compliance and Ethics Group, and Charles Ruthford, a compliance and ethics officer at Boeing Corporation, in conducting a training session at an Ethics and Compliance Officers Association Conference.The session was entitled: “Counting on Metrics: Developing meaningful E&C program data to satisfy a ‘Show me’ CEO.”

Each of us provided what we characterized as “rapid fire” ten to fifteen minute presentations providing our thoughts on how to best measure a company’s compliance and ethics performance. These presentations were followed by about 45 minutes of open Q&A and discussion about the topic.

Although our fellow conferees had many other sessions that they could attend, by the time we started every seat was taken and there were people standing along the walls and a couple of ranks deep in the back of the room, with some listening from the open doorway. Although I’d like to think otherwise, the reason such a crowd gathered was not because of our collective star power; it was because there is a widespread recognition by compliance and ethics officers that measuring compliance and ethics performance at our firms is vital to our success as a profession.

I attempted to reflect this sentiment in the last slide in my presentation. This slide contained the simple statement: “Measure or Die.” I noted at the time that this blunt pronouncement may seem a bit hyperbolic, but that it’s not far from the mark. The whole idea of attempting to manage compliance and ethics risks by supplementing existing corporate structures already created for this purpose with a small group of compliance/ethics professionals is still relatively new. If we are unable to demonstrate to our respective organizations that our efforts are materially reducing costs or compliance/ethics risks, then it’s just a matter of time before compliance offices are shut down or consolidated into more traditional corporate functions like the Law Department, Accounting Department or Human Resources.

Unfortunately, this may already be happening in response to the current economic down turn. The Corporate Executive Board’s Compliance and Ethics Leadership Council recently reported that “58% of legal and compliance departments are moving cost-cutting up the priority list” and that “74% of departments expect decreases in their FTEs (Full Time Employees) over the next year.”

Of course, no function in a company is immune from budget cuts and this is doubly true of those that are not directly related to income generation. However, I think it is fair to say that those ethics and compliance offices that have successfully found a way to demonstrate their worth are likely to weather the current economic storm better than those who are merely reporting ethics line call volumes and training completion rates to their management teams.

In the event you don’t already have a robust and meaningful set of compliance and ethics key performance indicators (“KPI’s”) at your company, here are a couple of things you might consider doing to remedy the situation:

– Recognize that there are at least three kinds of compliance and ethics KPI’s:

  1. Activities metrics that answer the question: “What are we doing to improve our compliance and ethics performance?”
  2. Process metrics that answer the question: “How mature or reliable are our compliance and ethics management systems?”
  3. Outcome metrics that answer the question: “Are our activities and systems yielding improved outcomes?”

– Don’t confuse Process and Activities metrics with Outcome metrics. Just because you’ve got all of the elements of the US Organizational Sentencing Guidelines’ seven elements of and effective compliance and ethics program and have done thousands of hours of compliance training does not mean you’ve succeeded in improving your firm’s compliance and ethics performance. You need an independent set of Outcome metrics to show whether all your efforts are yielding results.

– Only select and use the metrics your organization needs to make sound decisions and/or drive behavior. You can measure yourself to death. Have a conversation with your management team to see what data they would find useful in allocating limited resources to better manage compliance and ethics risks. Since most managers will give you a blank stare when you ask them what compliance and ethics metrics they’d like to see, be prepared to provide them with a menu of options and help them understand how they could be put to use.

– Use simple dashboards. Your management team is already suffering from KPI overload. Find an easy way to present your metrics to them that is easy to understand at a glance.

– Correlate Process and Activities metrics with related Outcome metrics. It is important to gather data in a manner to determine whether there is a cause and effect relationship between your compliance and ethics program and key outcomes. Without such a correlation, you will continue to cast around in the darkness, never knowing whether you are making progress toward your intended destination.

– Use metrics not just to measure behavior but to drive it. Once you have developed a reliable gauge that your management team has confidence in, encourage your management team to use it to set performance targets in a manner that would hold directors, officers and employees accountable for achieving them.

– Calibrate expectations. If you are a compliance/ethics officer in a company with well run functions (legal, HR, regulatory, etc…) your firm’s compliance and ethics performance is probably already pretty good. To go from 98% to 99% compliance may require as much focus, discipline and energy as achieving the first 98%. In addition, changing culture in organizations is very difficult and almost always takes years to achieve, even in the best of circumstances, and significant, sustained effort to maintain. Make sure your management understands these realities and takes them into account in evaluating the compliance and ethics KPI’s and in setting goals.

By taking some of these ideas into account and developing meaningful compliance and ethics KPI’s, my hope is our profession will not only survive but thrive in the long-run, and live up to its potential of helping corporations navigate in increasingly complex and hazardous regulatory environments.

__________

Discussion Questions:

  1. What metrics do you use in your organization to measure the success of your compliance initiatives?
  2. What metrics do you wish your organization had in place for such measurement?

Please use the comment section to provide your thoughts on using metrics to measure the success of compliance programs in corporations.

About the Author

Jim Nortz

jim-nortz-bausch-and-lombAbout the Author
Jim Nortz is Executive Vice President, Compliance and Ethics Solutions at the Institute for Priority Thinking in Pittsford, NY where he specializes in assisting organizations in evaluating and effectively managing their legal and ethical risks. He can be reached at jnortz@prioritythinking.com. Jim is a leader in the field of corporate compliance and ethics with extensive experience in developing and implementing compliance and ethics programs for multinational corporations.

Jim was Compliance Director at Bausch & Lomb for over six years, where he had responsibility for developing, evaluating and supporting all aspects of the company’s global compliance and ethics programs. In so doing, he drafted the company’s code of business conduct and ethics as well as country specific sales and marketing codes of conduct for over 40 countries. Jim also developed and implemented a train-the-trainer program to help employees understand the codes as well as auditing protocols designed to evaluate the reliability of the corporation’s compliance management systems.

Prior to joining Bausch & Lomb, Jim served Chief Compliance Officer at Kraton Polymers, Vice President of Business Ethics and Compliance for Adecco and Vice President of Business Ethics and Compliance for Crompton Corporation.

Jim served as an officer in the Army’s Judge Advocate General’s Corps, first as a criminal defense counsel in Europe and then for four years as a litigation attorney in the Army’s Environmental Law Division in Arlington, Virginia. Upon leaving military service in 1994, Jim joined Witco Corporation as a Senior Attorney specializing in corporate litigation, mergers and acquisitions and safety, health and environmental affairs.

Jim has published numerous professional articles on compliance, ethics and corporate governance issues. Jim writes the monthly business ethics columns for the Association of Corporate Counsel Docket and the Rochester Business Journal. Jim has also published articles in Ethikos and the Ethics and Compliance Officer Association News Letter.

Jim has lectured extensively in the field of business ethics and compliance to business, professional and academic groups including the Ethics and Compliance Officers Association, the Westchester/Fairfield County Corporate Counsel Bar Association, the Conference Board, the MAPI Manufacturers Alliance, the University of Rochester, Rochester Institute of Technology, Nazareth College, St. John Fisher, Geneseo College, and Bentley College. Jim was also a faculty member for the Practicing Law Institutes’ Corporate Compliance and Ethics Institute 2009 in New York City.

Jim is currently serves on the board of the Rochester Area Business Ethics Foundation and is a former board member of the Ethics and Compliance Officers Association.

Jim has a Mechanical Engineering degree from the Rochester Institute of Technology and a law degree from the Dickinson School of Law in Carlisle, Pennsylvania.  

5 Comments

  1. Peter Dascanio
    December 8, 2008

    I found the article by Jim Nortz “Using Metrics to Measure Compliance and Performance” very interesting and insightful. I agree with Jim whole heartedly when he says that you need an independent set of Outcome metrics to show whether all your efforts are yielding results.

    A company can have many training and Ethics and Compliance education programs that look good on the statistics end, but are employees really learning anything new or are they just checking the blocks not learning from the experience. Unless you are able to show substantial data (by using metrics) much of your effort may be in vain.

    The ability to demonstrate ones worth and contributions to the bottom line of an organizations balance sheet can only be measured through sutainable metrics.

  2. CCI
    December 16, 2008

    Jim discusses an interesting point in his article:

    If we are unable to demonstrate to our respective organizations that our efforts are materially reducing costs or compliance/ethics risks, then it’s just a matter of time before compliance offices are shut down or consolidated into more traditional corporate functions like the Law Department, Accounting Department or Human Resources.

    Unfortunately, this may already be happening in response to the current economic down turn. The Corporate Executive Board’s Compliance and Ethics Leadership Council recently reported that “58% of legal and compliance departments are moving cost-cutting up the priority list” and that “74% of departments expect decreases in their FTEs (Full Time Employees) over the next year.”

    It appears that the SEC is stepping in to reverse this course. According to a recent report, the SEC sent letters to financial services companies essentially restricting them from including compliance departments and programs in cost-cutting moves.

    We covered this story in the current news section:

    SEC Letter: No Cutting Compliance

  3. Brian Klemm
    December 18, 2008

    Jim has ofered many useful and practical suggestions concerning the vital role of KPI’s and metrics in compliance programs. As he artfully points out, metrics can operate as an important tool to demonstrate the value of a compliance program. Of course, at the end of the day it’s important to ensure the metrics employed can somehow benefit the business, whether by enabling regulatory compliance, reducing risk, managing insurance compliance, providing defensive value, or driving quality, process excellence or ethical behavior.

    Jim correctly points out that KPI overload can doom a program. Employees have much on their plates these days, and we need to be careful not to overload them with the additional responsibility of collecting and reporting data that may not have real significance to the business. It’s helpful to ask ourselves how and by whom the data will be consumed and analyzed. Some areas are more obvious than others, such as IT compliance where metrics around number of security events, deficiences in IT controls requiring correction, etc., are useful and clear measures of compliance. Similarly, worker safety (OSHA) compliance can be measured by, for example, days without incident, location of incident, type of protective gear used, and the like. FCPA compliance may be a more challenging task, and I would be interested in any thoughts and suggestions on metrics in this rising risk area.

  4. John Thomas
    January 7, 2009

    @Brian Klemm,

    Good points Brian. As far as the FCPA question goes, I’m not sure about specific metrics. You are correct in saying that this is a much more challenging task. One thing I have learned is that consistency is imperative when it comes to FCPA compliance, as it is in all different compliance functionalities.

    Here is a good article on the subject:

    A Straight Shot on FCPA compliance

  5. ngo
    January 15, 2009

    Tks very much for your useful post.

    Other sources about KPI, I think also useful

    http://www.humanresources.hrvinet.com/human-resources-kpi/

    rgs