KPI reporting is an effective gauge for many business functions, including marketing and operations, but how about compliance? Deloitte found that 30 percent of chief compliance offers don't measure the effectiveness of their compliance programs. That number was down from 37 percent in 2011. For many HR leaders, ignoring KPIs isn't an option. Boards and executive leadership usually need such data to justify budgets and resource allocations. It's difficult to ask for more funding if you can't show that what you're currently doing is working.
Like cybersecurity though, showing successful compliance is often premised on arguing for what didn't happen. The only way to prove the program is working is to compare your business to others of similar sizes who have better or worse compliance programs. Those type of laboratory conditions generally aren't possible though. So what kind of KPI reporting can demonstrate successful compliance?
The Most Popular Metrics
The most popular mechanism for measuring the success of a compliance program is an internal audit. However, knowing what to audit for can be a challenge. In its 2016 Regulatory and Examination Priorities Letter, for instance, the Financial Industry Regulatory Authority said its major focus would be "firm culture."
As Ivan Garces, the risk advisory services practice leader at accounting firm Kaufman Rossin, asked in The Wall Street Journal on compliance issues, "What is culture exactly? It's the visions, beliefs and values that drive the conduct of a firm and its employees. How do you audit that?" Given the subjective nature of this question, the usual approach is merely to ask questions.
Another top indicator of compliance is hotline call analysis. Hotlines, however, can be an incomplete indicator. Employees don't always feel safe that what they say on a hotline will remain anonymous. Often employees aren't aware that hotlines even exist. For instance, Andrea Tantaros, a former Fox News personality, has said that she didn't report her claims of sexual harassment by chief Roger Ailes because she didn't know a hotline existed at Fox and no one ever told her, reports Human Resource Executive.
There are numerous other tools that HR leaders can use to measure the success of a compliance program. Completion rates for compliance training is one simple measure, as are self-assessments and feedback from employee ethics surveys. Unlike measuring, say, the ROI on an ad campaign, compliance relies less on hard numbers than on subjective assessments. A business may boast a high rate for required compliance training, for instance, but if most employees are undergoing it grudgingly and if the training is poorly executed, then those completion rates are potentially misleading. Similarly, an internal audit is only as trustworthy as the people executing it.
Not So Popular Metrics
As mentioned, the closest an organization can get to objectively gauging the success of its compliance program is to compare it to other firms in the same space. If everyone else is doing worse, than that's a decent indication that your program is doing alright. Another blunt indicator of success is the size of regulatory fines or penalties. If the number keeps dropping every year, that's at least a sign the program is moving in the right direction.
A combination of those hard metrics and soft ones would likely provide the best overall measure of a program's success. That's especially true if the HR leader makes an effort to ensure that internal audits are conducted with upmost integrity and the HR department communicates that other safety measures like hotlines are both anonymous and easy to access.
Stay up-to-date on the latest workforce trends and insights for HR leaders: subscribe to our monthly e-newsletter.