As I mentioned in my last post, Compliance Week 2014 gave me a lot of blog material that’s been running – sprinting, really – through my head. I really enjoyed the session at the conference wherein Deloitte and Compliance Week jointly presented their 2014 Compliance Trends Survey. If you have a few minutes, I highly recommend perusing the survey report. The survey produced 209 responses from senior ethics and compliance professionals in a variety of industries. Of those respondents, 28% held the title Chief Compliance Officer and 10% held the title Chief Ethics and Compliance Officer; the median annual revenue was in the $1 billion to $5 billion range and the median employee count was in the 5,000-10,000 range.
I’ve written before on the importance of measuring the effectiveness of corporate compliance programs and using the right metrics to do so. There is a whole segment in this survey devoted to “Are CCO’s using the right metrics?” which of course, immediately caught my eye.
It’s no secret that measuring effectiveness of ethics and compliance is a struggle; we hear that frequently from clients and prospects. The report points out that four years ago, in the first version of this survey, 38% of respondents did not measure effectiveness at all, but today that number has fallen to 23 percent.
Only 23% of CCOs don’t measure effectiveness of ethics and compliance programs. Share on Twitter
Are You Measuring Just The Obvious?
So, which metrics are compliance officers using to measure effectiveness? Approximately 70% of respondents are using the “obvious” ones, which the report points out, tend to be internally focused: internal audit findings, whistleblower hotline calls and completion rates for compliance training. However, only 45% of respondents are using comparisons to external data, such as benchmarking data, independent evaluations, or analyses of regulatory reviews.
Only 45% of CCOs compare effectiveness data to external sources, such as benchmark data or regulatory reviews. Share on Twitter
This is where the data, in my opinion, get interesting. The report breaks down the difference in answers between staff-level compliance professionals (defined as managers, directors, VPs) and C-level compliance executives. The staff level professionals are more confident in their companies’ measurement of effectiveness than the C-level compliance executives are: 64% of staff-level compliance professionals are “confident” or “very confident” that the metrics they use give them a true sense of how well the compliance function works, compared to only 52% percent of CCOs.
Is Your Ethics and Compliance Data Integrated?
Another interesting statistic that doesn’t surprise me at all: 26% of CCOs are not confident in their IT systems’ ability to fulfill all compliance and reporting requirements. We hear this from prospects all the time; their systems are not integrated and are simply not set up to give them effective reporting. They are not able to get real insight into their data. If your incident information is in one system and your compliance training information is in another and your policies are in yet another, how can you see any impact? How can you see if, when you rolled out a compliance training program, you also received a corresponding increase in policy disclosures? Or whether one region has a higher incident rate and lower training scores and lower policy attestations? Without all of your data in an integrated system, that becomes labor intensive and nearly impossible.
26% of CCOs are not confident in their IT systems’ ability to fulfill all compliance and reporting requirements. Share on Twitter
Another metric used according to the report, is whether the company’s behavior is aligned with its values. About 70% of respondents said their company’s culture and values align “very well” or “above average,” which I think is a pretty positive number.
Does your company use employee surveys as an ethics and compliance metric? Slightly more than half of respondents indicated that they used the results of employee surveys as a key metric in measuring effectiveness. Employee survey results can be a great tool for a CCO. They can show where employees lack understanding about ethics and compliance risks and where there may need to be additional compliance training or awareness campaigns in certain areas. It’s also useful to understand how well your front line employees – the ones who are exposed to some of your greatest risks – are receiving your key ethics and compliance messages.
Are You Using Bad Metrics?
And of course there are the metrics you should NOT use… I loved this quote from the report: “If the absence of a major compliance failure is the key metric that’s used to understand compliance culture and the adequacy of compliance efforts overall, then companies may be living in a fantasy land, relying on luck rather than robust, effective programs.” How true is that?! Of course, I’ve also written extensively before on the topic of mistakenly looking at one metric without context. Many companies will look at only hotline calls and that’s a mistake; an increase in hotline calls does not necessarily equate to an increase in incidents or an increase in fraud. It could equate to an increase in awareness of the hotline due to a new awareness campaign or compliance training course.
How is your organization measuring the effectiveness of your ethics and compliance program? What metrics are you using? Share on Twitter
Are you using more than compliance training scores and whistleblower hotline calls? Do you have a software solution that gives you reporting?