Article and interview by Alan C. Sauber
Propelled by competition, businesses today are constantly measuring their value. This is largely assessed from the perspective of the shareholder, and rightfully so. But companies must also measure the effectiveness of their support services which are essential to a well-run organization. With the goal of reducing cost while improving efficiency, quantifiable metrics are critical. This has never been more important for the areas of ethics, compliance and culture.
While many (including this author) ascribe to Peter Drucker’s notion that “culture eats strategy for breakfast”, the effectiveness of a strategy can be more easily measured by the company’s financial results. But to measure the integrity or ethics of a company or its governance and compliance processes, may seem more difficult. But without such measurement, culture surely suffers.
Premier has had a deeply embedded ethics program for the last 15 years. This commitment to ethics and compliance has been effectively woven into the fabric of the company culture, resulting in only a handful of grievances and compliance issues across thousands of employees, customers and suppliers. But over the last few years, Premier has grown tremendously through mergers and acquisitions, increasing the employee count by 36%. Adding to these challenges, Premier became a public company in 2013 and now faces more complex compliance related matters including public company Board charters, FCPA requirements, managing structural conflicts of interest, privacy & security rules and other regulatory challenges. The governance and control measures around these areas fall largely to both me as the Chief Ethics & Compliance Officer (CECO) and General Counsel. One of my key objectives is to ensure that the Board of Directors has access to the information they need to oversee and ensure ethics and compliance program effectiveness.
Yet this is an area where many CECOs struggle. The 2015 Compliance Trends Survey by Deloitte found that more than 40% of Chief Compliance Officers are not confident that the metrics they use to gauge program effectiveness give them a strong sense of how things are actually going. And only 24% of CECOs are involved in culture assessments, which are increasingly viewed as the most important predictor of ethics and compliance effectiveness. This inability to focus on culture metrics is further demonstrated by LRN’s 2015 Ethics and Compliance Effectiveness Report, which found that the most common metrics reported to the Board, even among programs rated highly, are largely devoid of culture measurements as shown in Figure 1.
Since “tone at the top” is critical, having an agreement about which metrics are most valuable to drive ethics and compliance program performance starts with an open dialogue with the Audit & Compliance Committee, and in particular the Chair. Ellen Wolf assumed this role in April of this year at Premier and agreed to talk with me about her vision on metrics, culture and the relationship to management.
There continues to be an ongoing discussion in the ethics and compliance community about over-reliance on “process” metrics (e.g., training completions, code certifications, etc.) versus “impact” metrics (e.g., how effective was the training, is the code actually used, etc.). How do you see this issue, and from a Board Chair’s perspective, which types of data are most useful to you?
EW: Many people assume that you have to choose one set of metrics over the other. However, in understanding both the nature of the ethics and compliance issues that a company faces, as well as the company’s response to those issues, one needs to take a three-pronged approach: 1) understand the preventative actions, that is to say the process metrics; 2) review the impact of the preventative actions, that is to say the effectiveness; and, 3) more importantly, set the right tone and atmosphere within the organization.
As a Board member and Chair of the Audit Committee, it is important to see metrics around training and certification. However, it is equally important that we understand the nature of that training. It is often too easy to sign a certification without really engaging with the material. Training that is performed online, that includes quizzes and minimum times on material, can be a step in the right direction. However, training that is in-person can ensure actual attention to the topic. It allows the participant to ask clarifying questions and to better understand the issues. In addition, it puts a human face to some very important topics and allows the participant to know and “trust” the person to whom they may report an issue.
Measuring the impact of the preventative actions is equally important. It lets one know if the training, code, helpline or other program elements are effective. For example, zero complaints to a helpline can be just as troubling as a significant amount of complaints. No complaints may indicate either a lack of understanding or an atmosphere that is not open to addressing ethics and compliance issues.
Conversely, too many complaints could mean there are a significant number of issues to be resolved or management changes to be made.
More data is often better than less data, and some key metrics that are important when reviewing numbers of complaints include both the nature and resolution of those concerns and time to resolve a complaint. Also, are complaints disproportionately from one district, subsidiary, management team or outside contractor? Are they focused around certain issues and/or concerns?
The key to data is unlocking the message and then taking appropriate actions. It is also important to continuously look at the metrics you are using to determine whether or not they are still appropriate or need to be adjusted based upon changes within the company or external issues outside of the company.
How important are ethical culture measurements, such as willingness to speak up about misconduct, or employees’ belief that senior managers behave ethically? Should senior leaders be held accountable for these types of metrics? And if so, who should be responsible for ensuring this?
EW: As I mentioned earlier, for a company to have a strong ethics and compliance culture, the message starts at the top. This includes not only senior management but the Board of Directors as well. What this means is that it is extremely important to create an atmosphere where employees feel they can speak up about any of their concerns to any of the communication channels that the company provides. Employee surveys and exit interview data can be particularly useful metrics in this regard.
Another metric that has been very helpful in the past is the number of complaints that are anonymous versus those in which an employee has felt comfortable identifying themselves. While some employees will always feel more comfortable reporting anonymously, a higher percentage of anonymous complaints may indicate a lack of trust in management or fear of retaliation in the organization.
Senior managers should absolutely be held accountable for indicators of the company’s ethics and compliance culture. It is the responsibility of the Board, in partnership with the CEO, to ensure such accountability.
How important is the ability to benchmark metrics to peer group companies? In cases where peer group benchmarks are not available, do you think general benchmarks based on industry or company size are useful?
EW: While benchmarking against peers is important, one’s goal should always be to be the best company possible around ethics and compliance. Being the best of a “non-ethical” industry is not necessarily something of which to be proud!
It is also important to benchmark oneself against prior years, to see if there are any trends. Continuous improvement is something we should all strive for.
How can Chief Ethics and Compliance Officers (CECOs) present measurement and metric information in a meaningful way to the Board? Should a CECO present the information against a framework such as the U.S. Sentencing Guidelines?
EW: Information presented to the Board should be similar in nature to that presented to and discussed by senior management. For example, with respect to cases, the information should look at categories such as fraud, human resources, ethics, etc. That information should be compared to benchmarks, history and other relevant categories. Often the format is graphical by nature allowing one to look at trends, results or areas of concern. It is important that the Board or Audit Committee be made aware of not only the nature of the complaints, but how they were resolved and the timeliness of that resolution. Further, details of the complaints should be made available to the Board Audit & Compliance Committee, or upon request to the Chief Ethics and Compliance Officer. Any complaints involving senior leadership should be brought to the immediate attention of the Audit Committee Chair.
With respect to the U.S. Sentencing Guidelines or compliance related mandates, the Board, of course, needs to know that the program is responsive and meets necessary requirements. However, gearing the Board report to such criteria may set a tone that is too legalistic, and frankly, this shouldn’t be the driver of ethics and compliance efforts. Compliance and ethics should be pursued because of the value they bring to all aspects of the organization.
Is there a risk that CECOs rely too heavily on metrics and measurements when reporting to the board, and that as a result, it becomes difficult to see the forest for the trees? Do you prefer to see the metrics and data presented in context and with explanatory narrative, or do you prefer “just the facts?”
EW: While it is tempting to rely on just the data, data needs to be put in the appropriate context. Data, like anything, can often be used to tell a story a certain way. Therefore, it is important that the data be coupled with the color commentary. The explanatory narrative often relays more information about a situation than basic facts. It is important that both the facts and narrative be presented to the board and senior management.
While the narrative can help one understand the context of the situation, one also needs to be careful to not use the context as a means to “explain away” possible issues or disappointing data. Likewise, narrative should not be used to justify inaction in a particular situation. Policies should apply to all employees. It is very tempting to forgive someone we know in senior leadership, and to “punish” someone we do not know.
Thank you for sharing your perspectives with us, Ellen. I think your comments will certainly help shape the dialogue around ethics and compliance metrics and the role of the Board.