The conventional wisdom is that what gets measured gets managed. But apply that wisdom to the question of measuring effectiveness of an ethics and compliance program, and things start to get a bit fuzzy.
That’s how the Compliance Week article “Measuring the Effectiveness of Compliance” starts off, and it couldn’t be more true. As the story points out, you can’t always know when you’ve prevented a problem from occurring. But maybe it can be looked at this way: you don’t always know when you’ve done things rights, but you’re sure to know (or be told) when you’ve done it wrong.
That’s the value of a compliance program with strong metrics built right in, allowing for monitoring and trend analysis. This adds dimension and provides a whole new level of insights that goes well beyond just compliance. Not only can you “run the numbers” for verification, but you can also check the validity of the process itself. It’s much the same as how a navigator uses three points to triangulate his position.
You can measure the types of calls that come into your hotline, for instance, and check against your employee training data and policy attestations to see if there is a particular topic or location that needs to be addressed. The disposition or outcome of those issues gives you a figure we refer to as the actionability percentage. You can also align this same data set with your auditing results as a way to cross-check and gain even more insight into the effectiveness of your compliance efforts.
The article makes a good point, too, about the need to add dimension to your overall compliance program. It’s not about having rules or even following rules. It’s about making sure the players understand why the rules are important in the first place.
One way to add dimension to your compliance program is to leverage data to look for outliers, that is, a person, event, or bit of data outside the norm. Benchmarking reports allow you to measure incident types against peer companies. Incidents which are totally askew could point to potential problems brewing.
It’s of course all in how you use and apply your compliance metrics that make a difference. While you can measure employee attestations against a new corporate policy, for instance, your real success will come if you can drive more attestations in the future based on what you learned. Then, use that aggregate data to build accountability, and then re-measure against your objectives.