|
 |
|||||||
|
|
|
|
|||||||||||||||||
|
|||||||||||||||||||
|
|
|||
|
Feature
7 Compliance Metrics for 2009 No single approach provides a complete picture of a company’s compliance management situation, but this lineup of metrics will arm you well for the year ahead. By Richard J. Cellini Few topics attract more interest these days than “compliance metrics.” Compliance professionals are under increasing pressure to produce and share business analytics that provide nuanced views into complex compliance problems, management responses, and real-world outcomes. The demand for metrics comes from many different quarters, including boards of directors, audit committees, chief executive officers, chief financial officers, general counsels, chief compliance officers, and global supply chain management departments. Unfortunately, very few people are very clear about what exactly they mean by “compliance metrics.” Integrity Interactive regularly works with leading global companies to develop compliance-related metrics and analytics suitable for presentation to boards of directors and senior executives charged with responsibility for managing the enterprise. During the course of these engagements, Integrity has identified at least seven different kinds of compliance metrics: Risk-Focused Metrics (2) Risk-focused metrics are designed to shed light on specific areas of substantive weakness in a company’s compliance management profile. These metrics typically attempt to capture and assign weight to specific types of threats, typically categorized and organized by traditionally recognized areas of law, regulation, corporate responsibility, and business ethics. • Corporate Compliance Risk Areas: Metrics and indicators identifying a company’s substantive areas of ethics and compliance risk (i.e., risks tied to general areas of law, regulation, social convention, or voluntarily obligation). Risk assessment data is often segmented and presented by business unit, employee population, and operating location. Useful for identifying high-risk business activities, processes, employee populations, operating units, and geographical locations. • Emerging Issues & Trends: A qualitative selection, discussion, and presentation of significant ethics- and compliance-related issues and trends of concern to the company. Often includes emerging statutory, regulatory, enforcement, and social developments on the horizon for the company, its industry, and its operating territories. Useful in compliance-related strategic planning, infrastructure development, and investment decision-making. Program-Focused Metrics (3) Program-focused metrics are designed to provide visibility into the quality and quantity of a company’s responses to perceived compliance risks. These metrics illuminate the concrete programmatic inputs and activities deployed by a company over time to combat ethics and compliance risks and failures. • Infrastructure & Investments: Measurements of a company’s investment in systems, resources, structures, and personnel deployed full- or part-time in the area of ethics and compliance risk management. Useful for assessing the overall strength and suitability of a company’s compliance infrastructure and systems. • Program Initiatives & Activities: Metrics and indicators documenting the scope and scale of a company’s specific ethics & compliance risk management initiatives and activities. Useful for understanding precisely what concrete actions and steps are being taken inside a company in the current period to manage and mitigate compliance-related risks. • Program Gaps & Blindspots: Metrics and indicators for detecting and cataloging potentially useful program initiatives and activities that a company is not currently funding, supporting, and/or implementing in the current period. Useful for identifying and presenting additional options available to a company for expanding the actions and steps that a company undertakes to manage and mitigate compliance-related risk. Results-Focused Metrics (2) Results-focused metrics are designed to gauge the extent to which a company is succeeding at controlling its incidence of actual compliance-related failures (or successes). These metrics tend to focus on real-world indicators that exist separate and apart from the world of internal perception and management response. • Program Outcomes & Results: Metrics and indicators documenting outputs and success rates of various aspects of a company’s compliance program initiatives and activities. Useful in evaluating the success or failure of specific compliance programs in terms of their own programmatic goals and objectives (i.e., whether specific programs achieved what they set out to achieve). • Material Events & Occurrences: A compilation and summary of material compliance-related events and occurrences presented elsewhere in a company’s public and private filings and disclosures. Such disclosures typically include summaries of material threats, demands, allegations, litigations, official proceedings, regulatory inquiries, fines, penalties, convictions, etc. Useful for identifying and aggregating a company’s actual compliance- and ethics-related failures and casualties in current and prior periods. Each of these three general approaches — Risk-Focused, Program-Focused, and Results-Focused — has value. No single approach provides a complete picture of a company’s compliance management situation. Integrity typically recommends that companies deploy a combination of metrics, representing each of the three major approaches. |
|||
Richard J. Cellini, Esq., is a vice president of Integrity Interactive Corp., which provides Web-based tools, services, and programs for managing ethics and compliance risk. He formerly served as CFO and general counsel of Salary.com Inc., vice president of an international brand strategy consultancy, principal in a venture capital fund, and an associate at a Wall Street law firm. He is a member of the New York and Washington, D.C., bar associations. He is author of the article “Compliance Risk: A Top-10 Hit List,” that appeared in the First Quarter 2007 edition of Directors & Boards. The author can be contacted at rcellini@i2c.com. Copyright © 2009 Directors & Boards, P.O. Box 41966 Philadelphia, PA 19101-1966. All rights reserved. Contact the webmaster. < Privacy Notice > |
||||
