Hopefully, you and your company will never have to prove to a court or argue to the Justice Department that your anti-corruption compliance program is “effective.” Even if you never face that audience, a Chief Compliance Officer (CCO) needs to measure the effectiveness of the compliance program. It is important to develop realistic and meaningful metrics for a compliance program.
Demonstrating that a compliance program works is important for external and internal purposes. In a 2012 PWC/Compliance report “State of Compliance: 2012 Study,” the respondents identified regulators (91 percent), audit committees (72 percent) and business partners (70 percent) as groups that will demand evidence that a compliance program is effective.
CCOs have to be creative when developing metrics for a compliance program. Some measurements are common – the number and type of complaints received; number and resolution of internal investigations; number of participants who have completed training and executed appropriate certifications of compliance. These are common measurements but it is important to develop others which are more relevant to important compliance program elements.
Here are some other ideas:
Due Diligence Effectiveness: Given the importance of a due diligence screening program, a CCO should track the number and level of due diligence reviews, including the number of companies/individuals screened through an initial examination, the number of questionnaires completed, the number of interviews conducted, the number of enhanced due diligence inquiries, the number of focused due diligence inquiries, the number of due diligence inquiries which ended up approving or rejecting a proposed third party.
Compliance Audits: CCOs should conduct compliance audits, often in conjunction with a detailed internal audit of a specific office or third party agent or distributor. A compliance audit should focus on local implementation of compliance policies, programs and controls. A specific set of issues should be prepared in advance and completed during the audit. The number of audits and the performance on specific criteria can be calculated and monitored year by year.
Employee Surveys: CCOs can learn valuable information from an employee survey which focuses on the company’s compliance culture, tone-at-the-top, and other important issues. Surveys can be targeted to specific countries, divisions or product lines. It is not necessary to conduct an annual survey of every employee given the cost and time involved in collecting such information.
Gifts, Meals and Entertainment: CCOs should measure the number, amount and approvals for gifts, meals and entertainment expenses. It is important to look for patters from specific offices, regions or sales departments – a high number in one area which is significantly different from another, might signal a problem.
Whatever measures are chosen, companies need to have strong information technology support for collecting, presenting and analyzing information needed to measure a compliance program. It is important to build systems which can effectively collect and present compliance metrics. If your IT system cannot provide these basic measures, a CCO will be required to push for improved IT technology and specific fixes needed for compliance purposes.