Editor’s note: This article was contributed to Corporate Compliance Insights by Jim Nortz. It was originally published on December 6th, 2008. It has been updated for clarity.
A few years ago I had the pleasure of participating with Scott Mitchell, Chairman and CEO of the Open Compliance and Ethics Group, and Charles Ruthford, a compliance and ethics officer at Boeing Corporation, in conducting a training session at an Ethics and Compliance Officers Association Conference.The session was entitled: “Counting on Metrics: Developing meaningful E&C program data to satisfy a ‘Show me’ CEO.”
Each of us provided what we characterized as “rapid fire” 10- to 15-minute presentations providing our thoughts on how to best measure a company’s compliance and ethics performance. These presentations were followed by about 45 minutes of open Q&A and discussion about the topic.
Although our fellow conferees had many other sessions that they could attend, by the time we started every seat was taken and there were people standing along the walls and a couple of ranks deep in the back of the room, with some listening from the open doorway.
Although I’d like to think otherwise, the reason such a crowd gathered was not because of our collective star power; it was because there is a widespread recognition by compliance and ethics officers that measuring compliance and ethics performance at our firms is vital to our success as a profession.
“Measuring compliance and ethics performance at our firms is vital to our success as a profession.”
I attempted to reflect this sentiment in the last slide in my presentation. This slide contained the simple statement: “Measure or Die.” I noted at the time that this blunt pronouncement may seem a bit hyperbolic, but that it’s not far from the mark. The whole idea of attempting to manage compliance and ethics risks by supplementing existing corporate structures already created for this purpose with a small group of compliance/ethics professionals is still relatively new. If we are unable to demonstrate to our respective organizations that our efforts are materially reducing costs or compliance/ethics risks, then it’s just a matter of time before compliance offices are shut down or consolidated into more traditional corporate functions like the Law Department, Accounting Department or Human Resources.
Of course, no function in a company is immune from budget cuts and this is doubly true of those that are not directly related to income generation. However, I think it is fair to say that those ethics and compliance offices that have successfully found a way to demonstrate their worth are likely to weather the current economic storm better than those who are merely reporting ethics line call volumes and training completion rates to their management teams.
In the event you don’t already have a robust and meaningful set of compliance and ethics key performance indicators (“KPI’s”) at your company, here are a couple of things you might consider doing to remedy the situation:
Recognize that there are at least three kinds of compliance and ethics KPI’s:
- Activities metrics that answer the question: “What are we doing to improve our compliance and ethics performance?”
- Process metrics that answer the question: “How mature or reliable are our compliance and ethics management systems?”
- Outcome metrics that answer the question: “Are our activities and systems yielding improved outcomes?”
Don’t confuse process and activities metrics with outcome metrics.
Just because you’ve got all of the elements of the US Organizational Sentencing Guidelines’ seven elements of and effective compliance and ethics program and have done thousands of hours of compliance training does not mean you’ve succeeded in improving your firm’s compliance and ethics performance. You need an independent set of Outcome metrics to show whether all your efforts are yielding results.
Only select and use the metrics your organization needs to make sound decisions and/or drive behavior.
You can measure yourself to death. Have a conversation with your management team to see what data they would find useful in allocating limited resources to better manage compliance and ethics risks. Since most managers will give you a blank stare when you ask them what compliance and ethics metrics they’d like to see, be prepared to provide them with a menu of options and help them understand how they could be put to use.
Use simple dashboards.
Your management team is already suffering from KPI overload. Find an easy way to present your metrics to them that is easy to understand at a glance.
Correlate process and activities metrics with related outcome metrics.
It is important to gather data in a manner to determine whether there is a cause and effect relationship between your compliance and ethics program and key outcomes. Without such a correlation, you will continue to cast around in the darkness, never knowing whether you are making progress toward your intended destination.
Use metrics not just to measure behavior, but to drive it.
Once you have developed a reliable gauge that your management team has confidence in, encourage your management team to use it to set performance targets in a manner that would hold directors, officers and employees accountable for achieving them.
If you are a compliance/ethics officer in a company with well run functions (legal, HR, regulatory, etc…) your firm’s compliance and ethics performance is probably already pretty good. To go from 98% to 99% compliance may require as much focus, discipline and energy as achieving the first 98%. In addition, changing culture in organizations is very difficult and almost always takes years to achieve, even in the best of circumstances, and significant, sustained effort to maintain. Make sure your management understands these realities and takes them into account in evaluating the compliance and ethics KPI’s and in setting goals.
By taking some of these ideas into account and developing meaningful compliance and ethics KPI’s, my hope is our profession will not only survive but thrive in the long-run, and live up to its potential of helping corporations navigate in increasingly complex and hazardous regulatory environments.
- What metrics do you use in your organization to measure the success of your compliance initiatives?
- What metrics do you wish your organization had in place for such measurement?