In the eternal words of management expert Peter Drucker, “What gets measured gets managed.” But measuring the right things—the things that really matter—can feel nigh impossible. Compliance KPIs aren’t simple to define, let alone accurately measure. After all, how do you measure something as intangible as culture? How do you begin to put numbers around the ethical health of your organization? Even something as important as retaliation defies easy measurement.
But as insurmountable as the challenge may seem, it’s not impossible—and it’s a challenge that regulators, employees, and customers demand we undertake in the rise of stakeholder capitalism. Our companies’ reputations, our employees’ wellbeing, and, in many cases, the future of the planet rest on our ability to drive ethical behavior. And it’s primarily through effective compliance management that we will increase that ethical behavior.
As Hui Chen and Eugene Soltes wrote in the Harvard Business Review, “Better compliance measurement leads to better compliance management.” So, let’s break down the ways that we can get better at measuring the things that really matter…the compliance KPIs that will reveal what’s actually going on beneath the surface at your company.
What are compliance KPIs?
Key performance indicators—aka KPIs—are the data points or metrics that indicate how well your team or organization is performing at key initiatives. Compliance KPIs can measure employee engagement and awareness of your compliance program, how well your organization complies with local, national, and global regulations, and ethical decision-making throughout the workforce.
How do you measure compliance KPIs?
Your compliance tech platforms—for example, your hotline, disclosure manager, policy manager, and compliance portal—should each provide you with a data-rich dashboard, and ideally each of these platforms connects to the others in one holistic dashboard. The most sophisticated compliance measurement platforms incorporate HR data and other inputs to provide a complete picture of risk across the organization.
What if you don’t have access to a dedicated compliance measurement platform? Though spreadsheets are manual and lack real-time data, they’re better than nothing. If you are using a manual process to track KPIs, import updated numbers on a regular basis and maintain your records over an extended period so you can track your program’s progress. This is the next best thing to benchmarking against external programs.
Which compliance KPIs matter most?
The most important KPIs are the ones that track directly to your program’s goals—but you may have to dig a little deeper than the obvious compliance KPIs like policy attestation rate or reporting rate.
For example, if your goal is to increase awareness of your helpline and code of conduct, are you tracking how many times the code is viewed, or how many reports are submitted outside of awareness campaign cycles? What about the number of clicks or interactions within your interactive code of conduct (hint: you should be. The DOJ included this question in their most recent guidance for corporate compliance programs)? If your goal is to overcome reporting reluctance, are you comparing the intake rate across different intake channels like open-door versus anonymous online reports?
Here are a few of the less-common compliance KPIs that we recommend taking a look at:
“Silent” Retaliation Rate
“Silent” retaliation is notoriously hard to track, given that it can often seem subjective, or arises in social situations rather than within trackable HR data—but it’s not impossible. Try taking a look at the salary progression of previous whistleblowers, their promotion rate vs. their peers’, whether they take a leave of absence at greater rates than their peers, or whether their shift schedules change.
Hard data on your brand’s perception in the market may seem slippery—but it’s the kind of thing you can begin to pin down with the help of HR data. Look into the number of applications received per role, how long it takes to fill open positions, or even the percentage of minority applicants over time.
Your marketing and/or public relations team is also keeping a close eye on market perception. Ask them for data on social media sentiment, recent survey results, or your company’s Net Promoter Score (NPS).
Revenue Correlation to Ethics
The concept of organizational justice emphasizes that standards should be applied fairly, regardless of performance. Put that to the test within your organization by mapping your issues against sales performance. This can be surfaced within the data by comparing revenue by department/division/location to case counts; gifts, travel, and entertainment disclosures; and conflict of interest disclosures.
Download the Compliance KPIs worksheet for a full list of KPIs, what they indicate, and how to calculate them.
How to choose which compliance KPIs to prioritize
First, you have to understand what data you currently have access to. There are sources of rich, untapped data in your HR department, sales team and more that your compliance program can use to gain deeper insights into issues like cultural health, brand reputation, and silent retaliation.
Then, you can put each data point in context—both to understand how to interpret it, and to evaluate how relevant it is to your compliance program’s goals and your regulatory requirements. These insights empower you to more effectively allocate resources, tell a more compelling compliance story to your Board of Directors, and ultimately achieve a healthier and more ethical culture.
Use our Compliance KPIs worksheet as a health check on your current data analysis, and compare your own results with your teammates. You may be surprised to find that compliance-adjacent roles have access to different data than you do, or are layering data in ways you hadn’t considered to create a more holistic risk profile.