I came across a great blog this week by Jim Nortz, a compliance and ethics consultant and educator, titled Business Ethics: 3 Questions Every Business Leader Must Ask. If you follow my blogs, you won’t be surprised that I loved this – it was right up my alley.
The point that Jim was essentially making is that leadership spends a lot of time tracking performance in almost every functional area of the business. They track KPIs like selling price margins, retained earnings, fixed asset turnover, discounted cash flow, price-to-earnings ratios, and sales projections, etc, but rarely do we hear about any compliance and ethics program performance.
This, despite that since 2004, the Federal Organizational Sentencing Guidelines have mandated that the organization’s governing authority “shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program.”
This, despite the dozens and dozens of high profile corporate compliance and ethics scandals that have occurred over the past decade since this requirement was established.
Frankly, it blows my mind. I and my colleagues have blogged several times about metrics and how important they are in ethics and compliance. Our clients are always looking to discuss best practice metrics for ethics and compliance, perhaps because, as Jim points out in his blog that “few business leaders have the academic or on-the-job training to help them understand what a meaningful compliance and ethics KPI looks like, let alone how to effectively respond to one…this can leave corporations exposed to significant and unmitigated risks.”
When companies start to think about metrics, they seem to gravitate to some obvious and easy to capture measurements like how many whistleblower hotline calls come in each month and how many employees took their assigned business ethics training courses in each region.
The Three Pillars of Measuring Business Ethics Training Efficacy
However, Jim advocates that ethics and compliance professionals ask themselves three key questions in order to come up with the best way to measure the effectiveness of the program:
What is the strength of our ethical culture?
How effective are the systems we’re counting on to manage our legal and ethical risks?
What are the objective metrics we’re relying on to monitor compliance and ethics system performance?
This is a great way to think about metrics more broadly so you can measure the things that have real impact, that can give you real insight. Let’s take these one at a time.
“What is the strength of our ethical culture?”
How can you measure that? Perhaps it’s a score that’s made up of a number of different things. Maybe you add employee scores on business ethics training, plus employee input via a survey – perhaps asking simply “on a score of 1-10, how ethical do you find our culture?”, plus the trend of certain types of incidents. If you have any ideas on how to measure your culture, please add them in the comments.
“How effective are the systems we’re counting on to manage our legal and ethical risks?”
The second question gets to technology: “How effective are the systems we’re counting on to manage our legal and ethical risks?” Think about how to measure the effectiveness of systems. How reliable are they? What gaps do they leave you with? A true, integrated ethics and compliance solution, will help you get real insight into the health of your program easily, because all of the essential ethics and compliance function –policy management, whistleblower hotline reports, investigations, business ethics training, code of conduct, remediations – all live on one platform, so you can report across all of that data. However, if you are tracking all of those things in different systems or in spreadsheets or SharePoint (read my colleague John Peltier’s blog series on why SharePoint is not a defensible Policy Management solution), let’s just say the systems you’re counting on to manage your legal and ethical risk are anything but effective.
“What are the objective metrics we’re relying on to monitor compliance and ethics system performance?”
The final question is “What are the objective metrics we’re relying on to monitor compliance and ethics system performance?” This is a great question. It sounds simple, but it’s actually quite complicated to answer. It requires looking beyond the ethics and compliance department and having other leaders’ and Board members’ input. The team should decide up front what those metrics are and then keep a keen eye on the trend.
I’ve written this before – looking at certain measurements in isolation (like hotline calls), doesn’t give you context and can basically be worthless because it can lead you to incorrect conclusions. (Example: hotline calls are up… is that bad because we had more incidents or good because we rolled out training and now people understand how to report?) That’s why I liked the approach Jim outlined in his blog – it makes you think beyond measurement like whistleblower hotline calls and business ethics training scores. What are your thoughts? I’d love to hear your comments on ethics and compliance metrics that provide real insight.