Data is one of the most important driving forces of a great compliance program. Compliance leaders often rely on data-driven metrics to find and correct any flaws within their organization’s compliance processes.
With so many possibilities, though, what metrics should you include in your compliance report? Which ones offer the most insight to you and to management? Which metrics will best help the company manage risks?
The goal of compliance is to adhere to the rules and regulations within its industry and avoid expensive fines and enforcement actions that can also damage the company’s reputation. A compliance program must follow a multitude of processes and procedures to keep the organization fully compliant. Compliance metrics are indicators that help determine the effectiveness of these processes and procedures.
Packed heavily with data, these compliance metrics provide detailed information on your compliance program’s effectiveness and efficiency. This data can then be used to extract insights that can help fix any flaws within your existing processes.
From identifying the root causes behind violations and misconduct within the workplace to tracking your team’s response time to an issue, here are the compliance metrics to consider when reporting to the management.
Total Violations
Every industry is governed by specific laws and regulations that are meant to protect customers and employees. Failing to comply with these laws and regulations can prove catastrophic for an organization.
By keeping track of this compliance metric, you ensure the management is fully aware of any instances of noncompliance with these regulations. It also helps them understand the severity of the repercussions that may follow. Finally, by helping the organization abide by compliance laws, this metric helps fix the organization’s standing within the industry.
Complaints About Misconduct
An organization can become vulnerable to serious reputational and financial damages if misconduct of any kind goes unnoticed. For this reason, it’s important to keep track of complaints of misconduct alongside understanding their nature. When measuring complaints, focus on the type of allegation. This could include fraud, harassment, discrimination, illegal activities, and so on. To gather the right data, answer questions such as:
- How many complaints did your team receive?
- How did you receive the complaint? Was it through direct contact with the supervisor or through an anonymous hotline?
- What were your employees alleging?
Cost Per Incident
Your compliance budget incurs an expense for each incident your organization deals with. The cost per incident metric can help understand why certain incidents may cost more than others to resolve. As a result, you can determine solutions that would be more efficient.
For instance, if you’re spending large sums on due diligence, you might want to consider investing in automation. Or, if you’re spending a fortune on investigating workplace harassment issues, you might want to invest in quality training to prevent those issues from occurring in the first place.
Key Risk Indicators (KRIs)
Risks are a part of running just about any business. Successful organizations are often armed with the capacity to determine which risks are “worth it” and how they can shield their business should something go wrong. Your final compliance report must inform the management of any KRIs or key risk indicators that could affect their decision-making.
For instance, if your organization operates in the banking sector, it might include clients with high-risk accounts. These accounts would then be considered a major KRI. If the management is informed by financial compliance software of the risks associated with these accounts, they will most likely lower the number of similar accounts that can be opened per quarter. This, in turn, can prevent the organization from taking a risk it might not be prepared for before.
Mean Time to Issue Discovery (MTTD)
As with everything in the world, time is of the essence in business. For instance, the speed of your response often determines where a compliance issue can be fixed without any losses or before it transforms into a full-blow corporate scandal. The mean time to issue discovery metric unveils how quickly your team can detect a compliance hiccup. It also helps you understand if you have efficient monitoring capabilities in place to spot issues. Determining MTTD includes:
- Finding out when the incident first started
- Finding when the team discovered it
Mean Time to Issue Resolution (MTTR)
The mean time to issue resolution (MTTR) metric reveals how swiftly your team resolves an issue they discover. But what makes this metric so important?
Simply put, MTTR indicates cracks such as a lack of technology, resource shortages, or a lack of automation that may be crippling your compliance program. Determining MTTR involves:
- Adding the total time for all incidents to be resolved
- Diving this figure by the total number of incidents
Remember to track this metric for each type of incident instead of merging all incidents into a single MTTR metric.
Compliance Investigations and Audits
Any significant audits, investigations, and QA findings performed to measure your compliance process’s efficiency must be recorded and reported. Moreover, any valuable elements such as specific findings and follow-ups must also enter the record.
Once this data is placed in a single place, your compliance team and management can establish better risk management processes. Most regulators also expect companies to maintain and produce these records when necessary.
You Can’t Manage what You Don’t Measure
Carefully measured compliance metrics not only reveal where your compliance program stands but also allow your compliance team and management to strengthen your processes.
Determining and analyzing these metrics, however, is not a one-and-done process. The management can have a clearer picture of an organization’s compliance landscape only when they’re presented with detailed and insightful metrics compared over time.
To handle evolving compliance risks, stay up to date with compliance regulations, and consistently strengthen your compliance culture, it is critical to focus on these metrics periodically. 
Giovanni Gallo is the Co-CEO of Ethico, where his team strives to make the world a better workplace with ethics hotline services, sanction and license monitoring, and workforce eLearning software and services.