Three Ways Metrics Can Help Avoid Common Compliance Mistakes

No company wants to end up in the headlines for a code of conduct violation, or for not updating its policies based on the latest legislation. But unfortunately, even after organizations spend significant amounts of time and money on compliance, slip-ups happen.

The problem, reports Harvard Business Review, is that compliance training is not enough. What matters, research reveals, is not how much compliance training employees undergo, but if and how it gets measured. "Too many firms treat compliance as a box-checking exercise, making employees sit through training to attest that they understand the rules, but failing to assess the effectiveness of their compliance programs, or doing so with faulty metrics," the HBR report states.

Shawn Flynn, head of global value, analytics and industry solutions for Cornerstone OnDemand, sees a strong link between the lack of measurement and compliance failures. Below, he shares the most common compliance mistakes organizations make—and the metrics that can help avoid them.

Mistake 1: Underestimating the Impact of Non- Compliance

The Problem: Companies that have not yet had to grapple with audits or lawsuits may not realize the dangers associated with ineffective compliance training. This "ignorance" is exhibited by small, new companies as well as by established firms, according to Flynn.

"You might not have incurred a penalty and don't believe in the upside of driving compliance efficiency," Flynn says. But putting on blinders, he warns, is dangerous: "Compliance problems can have significant impact on the business, and your brand can take a hit really quickly."

According to research from Chubb Insurance, the average cost of an employee lawsuit runs about $70,000—but some compliance-related cases and fines can be even higher, such as Fresenius Medical Care North America's $3.5 million fine for HIPAA violations.

The Metrics to Help: To demonstrate the impact of non-compliance, share metrics on how much and how often organizations in your industry are fined. Then, take it a step further and demonstrate how cost-effective proper compliance training is by comparison.

Mistake 2: Using a One-Size Fits All Approach

The Problem: Compliance training cannot be a one-size-fits-all approach. Employees need to see a clear connection between the training they are completing and the benefit to their job, says Flynn. For example, the payroll department needs to have compliance training on how to manage sensitive employee data to ensure that they can protect workers' privacy. The marketing department, on the hand, wouldn't necessarily need to have the same compliance training—their time may be better spent learning how to protect other types of information.

The Metrics: To deliver relevant training that keeps employees engaged, Flynn advises using "pulse" surveys to track employee sentiment and gain insight into how workers view training. Perhaps you are expecting employees to spend long hours completing compliance training, but surveys tell you that workers believe they don't have enough time. With a finding like this, you can try to solve the problem by eliminating or creating more targeted training modules.

Mistake 3: Using Outdated Training

The problem: Creating compliance content is a big investment—but if the content isn't maintained or updated, that investment can quickly lose its value. According to Flynn, developing just one hour of content costs about $18,000, but it needs to be updated every 24 months. "For big companies with complex compliance requirements, this can be a huge but necessary financial burden," says Flynn.

The Metrics: By tracking content costs over time across individuals departments and comparing them against the cost of lawsuits or violations, business leaders can identify areas where costs are not delivering the desired compliance benefits. Armed with that insight, compliance managers can then reassess their strategy, and invest in a content re-fresh.

If you don't have the bandwidth to track your compliance metrics in-house, third-party compliance products and services can often produce better results for lower long-term cost, Flynn says. Plus, they have the advantage of always delivering the latest advancements in content, delivery and data management.

The costs of compliance may be high, but the costs of non-compliance are potentially much higher. "Brands we know and trust are trying to keep their names from being in the headlines for the wrong reasons, and they mostly accomplish this through compliance," Flynn says. Ongoing measurement is an important step in avoiding costly and long-lasting compliance mistakes.

If you are keen on learning more aboutthis topic, please consider attending this "Compliance as a Culture" presentation.

Photo: Creative Commons