Sunglasses displaying a sunset on the left lens and a sunrise on the right lens to signify compliance visibility.

Visibility Drives Compliance Performance

What you don't know will hurt you

By John Frehse, Randall H. Cook

December 11, 2017

We believe employees are every organization’s most important assets. By understanding and helping to shape employee behavior, we can identify, assess, and mitigate compliance risks to the enterprise and drive performance as a result. Our assessment is a collaboration of our compliance expertise with our deep knowledge of labor strategy.

VISIBILITY IS THE KEY

Google does one thing and it does it very well. It provides access to information in a useful format. This format allows users to make better decisions faster. Whether Google Search, Gmail, YouTube, or any of their services, they all do the same thing in different ways: They provide ready access to information. And information is power.

If your organization wants greater insight into its compliance performance, it is critical to ask, ‘where, why, and how?’ to make the most effective and necessary changes. By leveraging operational and behavioral data as well as making sense of patterns, relationships, and trends, leadership and compliance personnel can gain visibility into an organization’s risks and opportunities. Such visibility drives compliance performance.

REACTIVE COMPLIANCE IS A FAILURE BY DEFINITION

Waiting for a regulatory or audit failure to identify whether your compliance program is sufficient is not an effective strategy. The potential costs of a regulatory violation in terms of damage to reputation and morale, operational interruption, fines, and potential criminal liability for both the organization and individual leadership is too high. In addition, putting a compliance program in place following a violation is a far costlier and more friction-filled exercise than building tailored, proactive controls from the start. Just ask the leadership – often former leadership – at companies like Uber or ZTE. Moreover, effective compliance correlates to higher employee engagement, stronger brand integrity in the marketplace, and improved business performance over time.

DATA ANALYTICS AND BEHAVIORAL INSIGHTS ENABLE VISIBILITY

A proactive compliance approach requires discipline, focus, and the right tools. Finding the right datasets and marrying them together with real world issues and interactions gives critical insight into compliance issues before they become overwhelming liabilities is critical. By combining compliance expertise with enterprise data analytics and insights into organizational behavior, we can assist any organization in developing Key Performance Indicators (KPIs) that will drive compliance results. Below are some common violation categories that require dynamic compliance KPIs:

  1. Overbilling/Time charging fraud
  2. Federal/State/Local labor law violations
  3. Anti-kickback violations (including overcharging/mischarging/failure to repay)
  4. Technology export control violations
  5. Anti-corruption violations
  6. Sanctions violations
  7. Securities reporting violations
  8. Fraud
  9. HIPAA
  10. Privacy and data protection
  11. Cyber incident reporting
  12. Breach of Contract
  13. Exceeding Maximum Weekly Hours of Work

NEXT STEPS

Use the questions on the next page as a starting point to assess the current level of your visibility into your compliance risk and program. It will clearly show the gap between where you are today and where you need to be. Have an initial conversation with us about what your find. We will work with you on a complimentary organizational risk assessment and industry benchmark. This assessment will help you understand more completely your organization’s risk profile. It is the first step in evaluating your current compliance program.

ASSESSMENT

The following questions may initiate a thoughtful discussion about your organization and its compliance program. For the following questions, check boxes where you have confidence in your organization and would answer “YES.”

How important is compliant and ethical behavior to my organization’s success?

  • Do we understand how our customers would react and our reputation would be affected by a compliance violation?
  • Have we assessed the compliance risks related to our products’ value, sensitivity, or technological innovation?
  • Do we understand the extent to which regulators could disrupt our operations in the event of a compliance violation?
  • Do we understand the criminal and civil liability risks for our organization and its leaders for ineffective compliance?

Am I confident that I understand my organization’s compliance risk profile?

  • Do I know which of my organization’s activities present the greatest compliance risks?
  • Have we identified which employees are most critical to compliant performance?
  • Have we tracked the organization’s evolution since we conducted our last comprehensive compliance risk assessment?
  • Do we have tools to actively monitor and measure enterprise activity and assess compliance risk?

Is compliant and ethical behavior embedded in my organization’s culture and processes?

  • Do we compensate and evaluate for compliant and ethical behavior?
  • Do my employees and colleagues believe that we recognize and promote compliant and ethical behavior?
  • Does our compliance program enable employees to effectively service customers and do their jobs?
  • Do we have a process for employees to escalate compliance and ethics concerns, and do they feel secure using it?
  • Am I confident that appropriate compliance controls are embedded in our automation and information systems?
  • Are compliance-critical personnel provided with role-tailored, performance-based training?

Am I confident that my organization’s compliance capabilities and investment is right for our risk?

  • Have we evaluated and aligned our compliance program based on our risk assessment?
  • Have we benchmarked our compliance risk and controls against industry standards and regulator expectations?
  • Do we have a process to actively identify and effectively address compliance failures?
  • Do we quantitatively measure and demonstrate our organization’s compliance performance?