Have you ever wondered how to articulate to your family, coworkers, executives, and board members that your everyday actions at work as a compliance professional impact your organization or how to explain that your team creates value and improves organizational risk? Have you wished to say more than just “we are revenue protectors” or “a revenue integrity department”? There is a way, my friends!
Going beyond effectiveness
We are all familiar with the expectations to measure the effectiveness of our compliance programs, whether it is based on the Evaluation of Corporate Compliance Programs guidance from the U.S. Department of Justice (DOJ) or other government bodies—depending on our industries. Could we go beyond effectiveness and measure the impact of our program based on predetermined objective criteria? Effectiveness is crucial and can be defined as the degree to which something is a success. Impact, by contrast, strongly influences someone or something. Certain impacts may lead to effectiveness, but I would argue that while the two may be linked, they are distinct and can glean different data and information when measured. While we—as the industry—are pursing making compliance more human and approachable for others, impact may be another opportunity to demonstrate our positive influence on others.
Compliance has an extremely broad reach within any organization. It is typically cumbersome or labor-intensive (or, at times, simply impossible) to measure the value of something that we prevented or the impact of our program across the enterprise; however, it is worth trying to at least take incremental steps toward collecting additional data beyond the customary kind. How many hotline reports you received in a given year (which ones are anonymous), reports by channel types, training completion rates, retention or effectiveness of your training (if you are lucky), and so on, are all critical data points for your consideration; however, they are just not enough to tell the story and, certainly, not enough to show impact.
The DOJ’s guidance references access to data in asking: “Do compliance . . . personnel have sufficient direct or indirect access to relevant sources of data to allow for timely and effective monitoring and/or testing of policies, controls, and transactions?”[1] Yes, we can and should access data that is available to other departments and our business counterparts, but we can also collect our own data that is right in front of us. Consider this for your risk-based compliance programs: a real-time approach (through ticketing or inquiry centralization) to objectively assign and measure the impact of your daily interactions within the company, your consulting efforts, and more, so that you can truly have insights into compliance data, trends, potential or evolving risks, and—importantly—the impact.
Impactful compliance program
Ticketing may not be the most common way of conducting business in compliance departments; however, in a high-growth company (like the one where I currently serve), keeping up with the growing business and demand from our internal customers became necessary. I did not want to implement just any ticketing system. I wanted this to matter; I wanted to use this as an opportunity to do something innovative and transformational not only for our compliance program but also (I hope) for the compliance profession and those reading who would dare adopt a similar approach.
While building the system and exploring reporting capabilities, I considered that, instead of only collecting and analyzing data about the number of tickets or the types of inquiries we received, I wanted our team to attempt to assign an organizational impact to any resolved tickets/inquiries. After launch, we learned that scaling this as we grow would be possible because our predefined organizational impact categories can be easily added to each ticket addressed by a compliance team member. Thus began our journey of evidencing our program’s value creation.
Defining organizational impact categories was critical to ensure that the process of assigning impact to resolved tickets/inquiries was repeatable and objective by any existing or new compliance teammate.
Organizational impact examples
The full scope of organizational impact categories may include options such as “revised policy or procedure,” “new policy or procedure,” “financial savings,” “revenue support,” “teammate retention,” and “teammate engagement.” In this article, I will explore other select categories: “improved risk profile,” “compliance coaching,” “compliance consultation,” and “growth support.”
Improved risk profile is what we chase in compliance. While most of us in this profession are risk averse, we recognize we can never completely eliminate risk, but we continuously strive to reduce it. It is undoubtedly a challenge to measure the risk profile and its improvements; however, when compliance professionals are effectuating controls, reviewing third-party vendors and providing recommendations to address any areas of potential risk, conducting and measuring training based on risk, and developing new written guidelines for our employees to address a possible risk area—in all those instances and more—we are improving the company’s risk profile. We are creating resources or advising our people so they can conduct themselves in a compliant manner, leading to an overall improved risk profile. Why not track those instances?
Education, coaching, and consultation are the core of our “compliance being.” We typically have a hard time quantifying all the verbal and written coaching or consultation we provide daily. With a central way of channeling inquiries (through ticketing or a simple form), we can label and measure how much we do outside the new hire or annual compliance training opportunities. Compliance coaching, for example, may be a comprehensive response to an inquiry or a question that resulted in a meeting or series of meetings to address a compliance topic. Compliance consultation, by contrast, is simple advice or guidance; for instance, where to find a certain policy or how to submit a report. These daily interactions are not typically measured but profoundly impact our people who feel supported, heard, consulted, and safe.
Growth support is a fascinating organizational impact category because compliance is not typically seen as a function that generates growth for a business. That said, compliance practitioners absolutely support it or are consultants in initiatives. For instance, when there is a question about developing a new business line, opening a brand-new facility, or when we advise and scale operations processes. We enable our companies to grow safely in those scenarios.
Quantifiable organizational impact
We impact our organizations in so many different ways that we cannot (or do not) quantify, but it is important to try. We make meaningful contributions within our companies and can, in fact, back it up with data using this approach.
When we attempted this in our organization, we were able to demonstrate that, in just six months of ticketing and measuring organizational impact of resolved tickets/inquiries, 15% of those resulted in improved risk profile, 45% in compliance consultation and compliance coaching combined, and 7% of resolved tickets were growth support. It is expected in compliance to have the majority of inquiries fitting into consultation or coaching categories, but even if 40%–50% fall into those categories, the other 50%–60% are something else. In order for us to maintain a risk-based program, we need to understand and slice the other significant portion of what we do every day in our roles.
Measuring organizational impact in this manner can aid compliance professionals in analyzing other trends based on available data, such as impact categories by territory or geography, by the requestor, and so on; they can then drill down and view their compliance programs and employees’ engagement with the programs from an angle that was not possible before. Think about what this can do for your board reporting or compliance program effectiveness self-assessments.
Make an impact
My challenge to the profession is to begin measuring this type of impact/influence of your compliance programs. You have options, whether it is a ticketing system or a simple central form to channel daily inquiries and communications. Find a way to objectively begin assigning and collecting data on the program’s impact on your organization. Your impact categories may be different and unique; do what is right and reasonable for your team and company.
If studies show that businesses that focus on impact are not only more financially sound but also have more engaged employees, better outcomes, productivity, and culture, the same can be said about your own compliance program and your team. Attaching organizational impact to each interaction with the business by your team members creates meaning in their work, motivates your own people, and paints the picture of how their everyday efforts positively impact their workplace. Who would not want to be a part of that?
Don’t discount the worth of the small actions you and your team take daily in your compliance roles. Do measure effectiveness of your compliance programs, do maintain data-driven and risk-based compliance programs, but also innovate and measure impact. Tell your story!
I enjoy engaging with our compliance community, so please contact me if you have any questions or decide to adopt this approach. I would love to hear from you.
Takeaways
-
The compliance industry needs to continue innovating how we measure our compliance programs.
-
Compliance professionals should take incremental steps toward collecting additional data beyond customary types to demonstrate the value their programs create in their organizations.
-
Readers should challenge themselves not only to maintain a data-driven, risk-based compliance program but also quantify its organizational impact.
-
Compliance practitioners can successfully use a centralized approach to fielding inquiries to assign “organizational impact” categories to resolutions using objective definitions.
-
Adopting the approach in the article can produce insights into compliance data, trends, and potential or evolving risks and give compliance professionals the ultimate opportunity to tell their data-backed story of influence and critical contributions to an organization.