The majority of respondents (71%) assess the effectiveness of compliance programs regularly, but many organizations measure activity (e.g., training completion rates). Fewer use metrics that focus on the impact of programs on the business, which can be more enlightening.
Many metrics can be used to assess business impact. External benchmarking is especially important because in the event of a compliance failure, government investigators often levy harsher penalties on companies whose programs don’t measure up to those of their peers. But less than one-third of respondents utilize third party reviews to provide such benchmarking.
A variety of other measures that aren’t widely used can help to identify weaknesses and strengthen compliance programs, such as employee questionnaires; aging and disposition of litigation and enforcement; and analyses of the social web content of customers, employees, investors, and other stakeholders. Compliance teams should also consider hiring experts to develop new metrics. For instance, data specialists could analyze operational data to identify business vulnerabilities and trends, and gain insights that make compliance even more valuable to the business.
State of Compliance 2014: Measuring Compliance Impact
PwC's Sally Bernstein and Andrea Falcione discuss how measuring the business impact of compliance is often more effective than measuring activity.