Compliance officers are under increasing pressure to demonstrate to senior officers, their boards, and regulators that the compliance function works. At the Compliance Week 2012 conference, a panel of executives shared their approaches to measuring compliance program effectiveness.
Measuring the effectiveness of a compliance initiative can help an organization better manage its risks and prioritize its goals. Yet members of the panel agreed that finding good compliance metrics is among the most difficult tasks facing compliance officers. And some say they spend too much time gathering data rather than analyzing it.
According to Mitch Avnet, chief ethics and compliance officer for Lincoln Financial Group, compliance in general is “very inefficient” when it comes to reporting metrics, because compliance executives spend as much as 80 percent of their time gathering data. “That is, in my estimation, not the best use of our resources,” he said.
Compliance officers are supposed to provide critical analysis, guidance, and help to influence outcomes in their organizations, Avnet added. “When so much of our time is spent in that hunting and gathering mode, we're doing very little of what we're really supposed to do,” he said.
Compliance should also be careful not to lose sight of the many constituents it must serve. If the compliance department's only reason for of identifying and measuring risks is to help meet regulatory requirements, you'll lose senior management support. “What we want to do is be impactful to the organization,” said Avnet.
The place to start is to adopt a strategic view, said Avnet. Find three to five key risks that are measurable and where outcomes are repeatable. “If you start there, you're building the right foundation for success,” he said. “If you're measuring hundreds of different items, you lose the definition of ‘key' risks.”
Joe Kale, senior vice president and chief compliance officer for military contractor DynCorp International, agreed. When it comes to reporting to the board, “less is more,” he said.
When reporting to the board, summarize and highlight major developments. What do the trends show? It's about “taking data and turning it into knowledge,” he said. Done right, metrics can gauge behavioral issues, performance challenges, and productivity levels; highlight areas of improvement; and more.
At Lincoln Financial Group, Avnet measures the traffic to the company's online code of conduct. The data provides a better understanding of what sections of the code are most important to employees, he said. “It was a huge ‘A-ha!' moment and cost us nothing to do,” said Avnet. “Those statistics help me focus on some of the areas that we look to build into our program, especially from a training perspective.”
The traffic data provides affirmation that employees are looking at the code and could provide an early warning sign if traffic goes down. “That's a very compelling piece of information to show your CEO and board, because it shows evidence where the program is working, or not working,” said Avnet.
Like many companies, DynCorp International measures the number and source of whistleblower hotline calls. It also assesses the top issues employees are raising and what departments the calls are typically coming from. And DynCorp calculates the ratio of anonymous calls to identified calls. Fewer anonymous calls may mean more confidence in the companies' reporting system, said Kale. “Look for trends and patterns, and that's where you'll likely get the most information,” said Kale.
Findings are reported to business departments on a monthly basis and to the board each quarter. “We think it's really important to share that information,” said Kale. “Leadership needs to be part of the solution.”
Cultural Surveys
Annual surveys that take the pulse of the corporate culture can also be a valuable tool for tracking compliance metrics. Healthcare services provider Centene Corp., for example, conducts a voluntary cultural survey that is completely anonymous and administered by a third party, said Robert Miromonti, vice president of ethics and compliance.
“When so much of our time is spent in that hunting and gathering mode, we're doing very little of what we're really supposed to do.”
—Mitch Avnet,
Chief Ethics and Compliance Officer,
Lincoln Financial Group
The response rate itself says a lot about a company's culture. At Centene, the last cultural survey resulted in a 71 percent response rate, indicating that employees realize the importance of the process. Conversely, low response rates can signal a lack of trust in the process or a lack of trust in management to do the right thing.
The survey measures several reporting trends, including the percent of employees who have observed misconduct during the last year, who has reported it, and where they reported it—HR, helpline, compliance, or to their supervisor. In instances where misconduct was not reported, “the number one reason is fear of retaliation,” said Miromonti.
Centene also measures managers' preparedness to respond to reports about misconduct or other compliance issues. This is achieved through an integrity risk assessment based on how managers answer questions about several scenarios.
Questions that drive the cultural integrity score include those that attempt to assess tone-at-the-top, such as, “Do our employees trust their manager? Do our employees trust their coworkers? Do they feel comfortable reporting issues?” said Miromonti.
One way to effectively report compliance effectiveness up to the board is to normalize the data, said Joe Kale, chief compliance officer at DynCorp (center). On his left is Mitch Avnet, chief ethics and compliance officer at Lincoln Financial Group.
An important driver of the cultural score is whether the organization does anything after it discovers a problem. The first year we did the survey, we realized most issues were being directed to managers,” said Miromonti. “So one of the first things that we did was focused on educating managers on how to receive compliance concerns, and how to escalate those concerns within the organization to make sure we're addressing them.”
Following the cultural survey, Centene conducts deeper analysis of the lower-scoring business departments. “We go out in the field and do focus groups and figure out what is driving that culture in order to enact corrective action plans,” said Miromonti.
He said the company has found that two elements move the needle on the integrity score: communication and interpersonal skills. “We found a lot of our business units don't have communication plans and don't engage employees or let them know what's going on in the organization.”
Identifying effective compliance metrics also requires the right systems. Disparate, point solution platforms aren't going to help identify risks, said Avnet. “Where we're heading is a governance, risk, and compliance platform where we can have all our data in the organization feeding into a centralized pool that enables consistent reporting throughout the organization,” he said.
Another important aspect is gauging the “tone in the middle,” said Miromonti. “Is middle management prepared to escalate issues?” Working with middle management results in more transparency and actionable steps down the line, he said.
One of the themes that emerged during the discussion is that all the metrics in the world won't matter if you are measuring things that the end users of the data don't care about. At Lincoln Financial, Avnet said he meets with the CEO and audit committee chair on a quarterly basis. “My job is to figure out what is most important to them,” he said.
No comments yet