Good intentions alone are an insufficient driver

Listen to this article

I’m supposing that if you are reading this column, you are the kind of business leader who has a genuine interest in conducting your business in lawful and ethical manner. But, as with many things in life, good intentions by themselves do not translate into desired results. You might want to improve your firm’s quality, efficiency, logistics, sales effectiveness, productivity and other factors to improve business performance. But you cannot reasonably expect to achieve such objectives without a realistic plan to get there and a means of measuring your progress. Achieving the goal of conducting your business in a manner that consistently meets or exceeds applicable legal and ethical standards of conduct is no different.

But how do you go about measuring your firm’s legal and ethical performance? What standards or benchmarks can you rely upon to guide you? If you really want to conduct your operations in full compliance with the law and adhere to the highest ethical standards, how can you determine the degree to which you are achieving this goal?

In my experience, business professionals often struggle to answer these questions. It’s the kind of thing they don’t teach in college, and there is little guidance on the subject in business publications. Fortunately, there are practical methodologies you can use to measure your firm’s compliance and ethics performance. They center on three key performance indicators:

1. Activities metrics
2. Systems metrics
3. Objective performance metrics

Activities metrics
Activities metrics are generated by gathering information about actions you might take to achieve a high level of ethical performance. Such metrics might include:

•  Person hours and subject matter of live or on-line compliance and ethics training;
•  Percentage of risk assessments undertaken and completed;
•  The average time taken to respond to reports of workplace misconduct;
•  Financial controls testing completion rates;
•  Number and nature of internal audits performed;
•  Number of employee surveys completed;
•  Completion rates of compliance certifications (e.g., certification to compliance with the company’s policies and code of conduct); and
•  Progress in completing work associated with compliance and ethics program improvement projects.

By gathering activity metrics, you can begin to correlate these activities with objective performance metrics to see whether your efforts are yielding the desired results.

Systems metrics
Systems metrics measure the adequacy of the systems you use to comply with legal and ethical requirements. These systems include processes undertaken by:

•  Finance and accounting professionals to produce accurate books and records and to prevent and detect fraud;
•  Human resources professionals and managers to ensure compliance with applicable labor laws;
•  Regulatory professionals to ensure your firm has all of the licenses and permits required to operate; and
•  Quality professionals to ensure you have the capacity to meet applicable quality standards.
•  

Systems metrics might also be generated by comparing compliance and ethics program elements against standards such as those specified in:

•  The U.S. Organizational Sentencing Guidelines for effective compliance and ethics programs;
•  The Sarbanes Oxley Act of 2002 and associated Securities and Exchange Commission requirements;
•  The COSO Enterprise Risk Management Framework;
•  Stock exchange listing rules;
•  ISO 14000 Environmental Standards; and
•  Other industry or activity specific standards or benchmarks against which the corporate compliance and ethics program elements might be measured.

When gathering systems metrics, you should go beyond simply determining whether you’ve “got one of those.” You should also document existing controls and their reliability. For example, you may have company policies and procedures, but if they are written in incomprehensible legalese or difficult for employees to find, they are likely not very effective in driving employee behavior. Similarly, your policies and procedures may detail model processes for maintaining your firm’s licenses and permits, but if your regulatory function is understaffed or under-resourced, your regulatory compliance systems may be incapable of following the written procedures. By routinely measuring your compliance systems reliability, you will have the visibility you need to take corrective actions before weaknesses result in a minor or catastrophic business disruption.

Outcome metrics
Outcome metrics are data generated by gathering information about whether your compliance and ethics management systems are actually working as intended. In other words, they tell you whether your activities and business processes are yielding the desired ethical conduct. Some examples of such outcome performance metrics include:

•  Customer survey data relating to corporate reputation for trustworthiness;
•  Safety, health and environmental performance data;
•  External auditor’s reports;
•  SOX 404 financial control reports;
•  Compliance certification results;
•  Employee turnover rates;
•  Direct financial losses associated with employee fraud;
•  Number and severity of disciplinary actions taken for employee misconduct;
•  Number and nature of confirmed instances of employee misconduct reported on the company ethics help line;
•  Number and nature of confirmed instances of employee misconduct reported outside the company ethics help line;
•  Legal fees, investigation costs, and settlement costs associated with employee misconduct;
•  Damages paid in litigation as a consequence of confirmed employee misconduct;
•  Regulatory fines and penalties related to employee misconduct or compliance and ethics system failures;
•  Decreases in shareholder equity as a consequence of employee misconduct; and
•  Directors’ and officers’ insurance premiums.

One additional outcome metric that deserves special mention is employee survey data aimed at determining the strength of your ethical culture. Such surveys can provide you with invaluable insight into your workplace environment, telling you whether employees are feeling pressured to compromise their ethical standards or are encouraged to do what is right. They will tell you whether employees understand the rules associated with their jobs and whether they have sufficient resources to perform their work in accordance with the rules. A good compliance and ethics survey will also provide you with reliable data on the frequency and character of observed misconduct rates.

So, if you are really interested in running your business ethically, don’t just wish it to be so. Develop a plan and devote the time and resources necessary to gather the metrics you need to get the job done.

Jim Nortz is director of corporate compliance at Sutherland Global Services Inc. He also serves on the Board of the Rochester Area Business Ethics Foundation. The opinions expressed in this article are his alone and may not reflect those of the RABEF or Sutherland Global Services. Nortz can be reached at [email protected].