Metrics that Matter: Part 9 – Putting it Together

Metrics that Matter: Part 9 – Putting it Together

Lao Tzu famously said, “The journey of a thousand miles begins with one step.”  One of the biggest challenges found in trying to start a metrics and monitoring program is that it is so easy to get overwhelmed.  In this blog, which is the last in our series, we’ll explore how to set up a metrics program intelligently, and in a sustainable fashion.  We’ll also deal with objections and excuses, and find ways of pushing through fear and feet dragging to get where we need to go.

This is Part 9 of our series.  If you haven’t read Part 1, I recommend you go back and start there, as it sets the stage regarding why certain metrics should be chosen.  We’ve already explored metrics that can be used with policies and procedures, which can be found HERE, monitoring and auditing, which can be found HERE, training, which can be found HERE, third-party risk management, which can be found HERE, governance, which can be found HERE, communications and tone from the top, which can be found HERE, and risk assessment, which can be found HERE

Dealing with Excuses and Objections

It’s easy to find an excuse not to collect and analyze metrics.  Here are four common objections and how to overcome them.

I don’t know where to start! …

Read More

WEBINAR: Avoiding a Car Crash in your Third-Party Due Diligence Program

WEBINAR: Avoiding a Car Crash in your Third-Party Due Diligence Program

Join me for an exciting webinar to learn how to avoid a car crash in your third-party due diligence program! On Thursday, August 29th at 12:00 p.m. Easter, you’ll learn:

  • How to deal with the most critical part of your program – scope

  • How to handle policies and procedures in a sane way

  • How to manage the business and create partnerships for tackling red flags

  • How to deal with attestations, due diligence questionnaires and nasty fights over “critical” third parties that refuse to participate

  • The Eight Commandments of a successful due diligence program

To join me: Sign up HERE!

Read More

Three Hacks to Steal Back Your Time

Three Hacks to Steal Back Your Time

For professional athletes, world records and gold medals are won and lost in hundredths of a second. The arrival of an ambulance one minute late can be the difference between life and death.  Happily, most of us in compliance aren’t under that extreme time pressure, but we still need to make every moment count.  Whether through meeting requests, being cc’d on endless email chains, or accepting invitations to pick your brain over coffee, your days can quickly be filled with unproductive tasks that take you farther from your goals. 

Turning down meetings and getting off of email chains can be hard, but you can find more time if you employ stealthy techniques.  Here are three hacks to help you take back your time. 

Schedule Meetings and Phone Calls for 15 or 20 Minutes

Have you ever noticed that most meetings are scheduled for 30 minutes or an hour?  It’s just assumed that blocking off half hours or full hours of time is needed.  Instead of scheduling for the default amount of time, think about the amount of time you want and need to give the meeting or call…

Read More

Metrics that Matter: Part 8 – Risk Assessment

Metrics that Matter: Part 8 – Risk Assessment

The Department of Justice’s watershed Evaluation of Corporate Compliance Programs Guidance Document made it very clear: a risk-based approach is necessary to avoid “devot[ing] a disproportionate amount of time to policing low-risk areas instead of high-risk areas.”  The Guidance goes on to describe all of the areas where a risk-based approach is required.  Having a risk assessment is just the beginning.  Monitoring the right metrics relating to the risk assessment is critical to judge the health of the program.

In this blog, we’re going to explore metrics relating to risk assessments.  This is Part 8 of our series.  If you haven’t read Part 1, I recommend you go back and start there, as it sets the stage regarding why certain metrics should be chosen.  We’ve already explored metrics that can be used with policies and procedures, which can be found HERE, monitoring and auditing, which can be found HERE, training, which can be found HERE, third-party risk management, which can be found HERE, governance, which can be found HERE, and communications and tone from the top, which can be found HERE

What Needs a Risk-based Approach?

The phrase “risk-based approach” is used by many compliance officers, sometimes without an understanding of what it means.  The DOJ Guidance defines several areas in which risks should be managed using a risk-based approach.  These include third-party due diligence, assignment of training, gathering metrics and reporting for the Board, and the allocation of resources (both human and financial).  Without a proper written risk assessment that is effectively monitored, this is impossible.    

The Most Important Question …

Read More

Gatekeepers: Safeguarding the Keys to the Compliance Kingdom

Gatekeepers:   Safeguarding the Keys to the Compliance Kingdom

The following is a guest post written by Diana Trevley, Chief of Global Services, Spark Compliance Consulting

The Department of Justice’s recently released Evaluation of Corporate Compliance Programs Guidance Document (“Guidance”) provides prosecutors with a list of questions to consider asking when investigating a company’s compliance failures and determining whether to bring charges.  By publishing these questions, the Guidance also provides companies with specific information on what actions, taken together, constitute an effective compliance program.  Included in the document are three questions about gatekeepers:

“Gatekeepers – What, if any, guidance and training has been provided to key gatekeepers in the control processes (e.g., those with approval authority or certification responsibilities)? Do they know what misconduct to look for? Do they know when and how to escalate concerns?”

This has some compliance officers wondering, what, pray tell, exactly is a gatekeeper?… 

Read More

Metrics that Matter: Part 7 – Communications and Tone from the Top

Metrics that Matter: Part 7 – Communications and Tone from the Top

George Bernard Shaw had it right when he said, “The single biggest problem in communication is the illusion that it has taken place.”  Communication is a critical part of a compliance program.  After all, without communication, how would anyone know the program even exists?  And perhaps more importantly, without communication from the top management (and middle management), how would anyone know that the managers support the compliance program? 

In this blog, we’re going to explore metrics relating to communications and tone from the top.  This is Part 7 of our series.  If you haven’t read Part 1, I recommend you go back and start there, as it sets the stage regarding why certain metrics should be chosen.  We’ve already explored metrics that can be used with policies and procedures, which can be found HERE, monitoring and auditing, which can be found HERE, training, which can be found HERE, third-party risk management, which can be found HERE, and governance, which can be found HERE

What Should We Measure?

When it comes to metrics relating to communication and tone from the top, there are three things you should measure….

Read More