“A focused Board concentrates on strategy, oversight and governance practices, to avoid getting lost in the forest,” said Pearl Zhu, author of the Digital Masters series. There is much consternation over the role of the Board of Directors/Audit Committee. Boards are tasked with setting corporate culture and the tone from the top, often without instructions for how to actually do that. One key way Compliance can help is to provide the Board with useful metrics. Those metrics should include a mirror of how involved the Board and Top Management (C-suite) is with Compliance, and how supportive top management has been to the program as a whole.
In this blog, we’re going to explore metrics relating to the governance and oversight of the program. This is Part 6 of our series. If you haven’t read Part 1, I recommend you go back and start there, as it sets the stage regarding why certain metrics should be chosen. We’ve already explored metrics that can be used with policies and procedures, which can be found HERE, monitoring and auditing, which can be found HERE, training, which can be found HERE, and third-party risk management, which can be found HERE.
What Should We Measure?
When it comes to metrics relating to governance and oversight, there are three separate types of metrics.
The first type measures the interaction of the Board/Audit Committee and top management with the Compliance function. These metrics show the true state of the Board/top management’s willingness to engage with Compliance, and to show through concrete action that they are paying attention and giving weight to what the Compliance function says and needs.
The second type of metrics relates to incentivization. The recent Department of Justice guidelines instruct prosecutors to ask, “How does the company incentivize compliance and ethical behavior?” Indeed, the Section 8 of the U.S. Federal Sentencing guidelines instruct that “the organization’s compliance program shall be promoted and enforced consistently throughout the organization through appropriate incentives to perform in accordance with the compliance and ethics program.” Companies should be incentivizing compliance-related behavior, and then tracking the results.
The third type of metrics relates to Compliance’s role in promotions and manager review. The most mature compliance programs are those wherein Compliance is consulted before a promotion or additional responsibility is given to an employee. If concerns are raised at that point, the promotion stops until Compliance is made comfortable. That may be through additional training, counseling, or oversight of the person in the new role.
The Most Important Question – So What?
As with other programmatic areas, each metric needs context, so it tells a story. In addition, each metric needs to be tied to a goal or Key Performance Indicator (KPI), so you can tell if the trend is going in the right direction. Metrics without context are useless. When you choose a metric, make sure you ask, “So what?” If you can’t answer why the metric matters, or what the goal is for that metric, choose something else.
Following you’ll find example metrics for governance and oversight. Not all the examples will fit your program. Metrics, by their nature, need to be tailored so that they match the maturity of your program, the nature of your business, the size and geographical expanse of your business, etc. For each, a “So What?” answer and example KPI or goal is included.
Spot the Trends
Metrics relating to governance and oversight tell their story over time. A single snapshot is unlikely to give you large amounts of information, whereas the comparison of metrics month-on-month can tell a much fuller story. For instance, if you typically report to the Board or Audit Committee once a quarter, and that falls to twice per year, the story being told is that the Board cares less and less about compliance.
Good metrics tell the story of your program. They show its evolution and give you confidence in its effectiveness.
Next time in our series, we’ll be examining metrics relating to Risk Assessment. In the meantime, have an excellent week!
Want help developing your metrics, KPI’s or monitoring program? Send us an email at email@example.com for a free consultation (or visit our website at www.sparkcompliance.com).