Are You Tracking Reports the Right Way?
What do elephants and porcupines have in common?
They’re both animals of course.
But elephants are not porcupines and porcupines are not elephants.
For one thing, their sizes are remarkably different. If scientists were tracking the habits of elephants, it would not help them to receive information about porcupine behavior. Different animals need to be treated differently.
The same is true when it comes to inquiries versus reports of potential misconduct.
Many companies do not differentiate between inquiries made to the compliance department and reports of potential misconduct.
Inquiries are requests for information or clarification. They can be made through the hotline, but may be made in other ways, like via email.
Inquiries coming through the hotline are more likely if the hotline is advertised as a place to find answers instead of a place solely for making reports.
Reports of misconduct are just that – a communication advising the compliance department of a potential violation of the law, policies, or values of the company.
It’s tricky because sometimes inquiries and reports overlap.
For instance, a whistleblower may state that they think a co-worker has violated the gifts and entertainment policy, but in that same report may be a question about the gift spending limits.
Information from Inquiries
Inquiries can be a highly valuable source of information.
They can highlight the places where misunderstandings exist or let you know where your training isn’t working.
For instance, if you receive six inquiries in four months about where the third-party due diligence submission form lives, it’s time to refresh that training, send a new communication, or post a link more prominently on the intranet.
Most companies with a compliance department have some kind of reporting hotline. However, most of the calls, emails, or submissions through the portal will be reports. A minority will be inquiries.
Unfortunately, many hotlines providers’ tracking software does not segregate inquiries into their own category.
Inquiries are frequently opened and closed without any interim steps.
There is usually no investigation or root cause analysis to be performed. Inquiries don’t fit nicely into the reporting workflow.
Some software allows for the separation of inquiries from reports of misconduct.
If you’re not sure, check with your hotline provider. If the provider can’t give you a separate channel, create a category of reports that relates specifically to inquiries. See if you can tag the inquiries to view trends.
Who knows – if enough compliance officers request a differentiation between inquiries and reports within case management systems, we may be able to create a technological revolution for the profession.
If you can’t get anywhere with your hotline provider or case management system, good old Excel can be used.
Create an Excel sheet that is kept on a Teams or SharePoint site. Be sure to create some type of tagging or keyword system so you can sort inquiries easily to spot trends.
Try tags like:
- Gifts and entertainment
- Third party
- Conflicts of interest
- Records retention
- Modern slavery/human trafficking
Make the tags or keywords broad enough to capture the main thrust of the question, but not so broad that you won’t be able to spot consistent themes.
Its best if only one person on the compliance team has the capacity to create tags so that you don’t end up with “ABAC, Anti-bribery, ABC, and Anti-corruption” all as their own tag/keyword.
Tracking both inquiries and reports can give you a fantastic view of where your program is succeeding and faltering.
For instance, let’s say your company has a conflict-of-interest policy and disclosure process, but very few disclosures are made.
If in the past six months, you’ve investigated three undisclosed conflicts of interest that came in via reports, and eight inquiries about how the policy works or what constitutes a conflict, you’ve now got valuable information from multiple sources that can help you (1) update your risk assessment, (2) provide training and communications, and (3) inform your monitoring plan to focus on conflicts at the company.
Tracking inquiries as well as reports may seem like a pain (and frequently is), but the information will make your program stronger.
Like the porcupine and the elephant – the more information we have on all the animals in the zoo, the better we can take care of all of them.
P.S. In case you missed it..
Last week we officially announced that we have HUGE news coming on September 8th about compliance-related risk assessment software…
I can’t wait to show it to you.
Send me an email if you want to be the first to see it
CEO of Spark Compliance Consulting
Kristy Grant-Hart is the founder and CEO of Spark Compliance.
She’s a renowned expert at transforming compliance departments into in-demand business assets.