How to Measure Compliance Program Performance
In this article
Here’s the scenario: Your company stores thousands of customer credit card numbers in its database. Your compliance professionals and risk management officers invest in a Data Protection training to teach everyone — from software programmers to customer service reps — how to protect that sensitive customer data. You then set a number of compliance metrics to track whether your team is following its training or whether it’s being put off. If everyone follows the rules, you’re probably in good shape. But if your compliance metrics reveal negative sentiment about the training and subsequent lackadaisical behavior, you may be setting yourself up for a potential and catastrophic data breach. (In case you were wondering, catastrophic data breaches are bad.)
The same goes for all facets of a compliance program — from Harassment Prevention in the workplace to ensuring equitable hiring processes — none of them can succeed unless they’re paired with reliable performance metrics that track whether they actually work. By assessing your compliance program regularly and over time, you help set your organization up for success.
What are compliance program performance metrics?
Compliance program performance metrics are data-driven indicators that track compliance program effectiveness. Typically assembled by a company’s HR or compliance department, they monitor whether the workforce is following the law and implementing the standards and methods laid out in the company’s Code of Conduct.
How is the performance of a compliance program measured?
Assessing the success of a compliance program can be a complex, multi-faceted endeavor. It starts with the program itself:
Is it thorough and well-designed? Then it involves training success.
Does your compliance training actually teach your workforce what they need to know to be compliant? Typically, we standby our belief that engaging training content is effective training content.
Does it look at downstream results? Examples include employees reporting bad behavior when it happens, or senior management taking action.
And is the overall incident rate declining? We were co-founded by two women who were fed up with ineffective compliance training. If your incident rate isn’t declining, it’s time to reevaluate your compliant training partner.
Is it rated by 3rd party vendors? G2 ratings are tough to come by, but measuring a compliance program partner based on other vetted users is a great metric to consider.
Is it rated Best-in-Class from 3rd party consultants? Ethisphere conducted a recent study on what effective, and excellent, compliance training should look like. Download the whitepaper to learn more, along with a deeper dive into their data.
Let’s dive into 3 compliance metrics you should be measuring.
1. Program quality
Start by examining whether your compliance program is actually good. This means asking questions like:
Is your compliance program appropriate or offering trainings related to your industry?
How well is compliance integrated into your company processes?
Are your company’s code of ethics and Code of Conduct incorporated into your ways of working? Do you surface expectations regarding compliance regularly, or do you treat it as a once-a-year, check-the-box sort of thing?
Does your compliance program match local compliance laws?
Do your company protocols follow applicable city, state, and even international compliance laws? Or do you track this manually?
How often is the program updated?
When laws change, does your compliance program (including training) automatically change with it? (Spoiler alert: Ethena does this)!
Designing a thorough, effective compliance program requires effort — but a great compliance training platform can help. Ethena’s compliance training is customizable by city, state, or country, and it is regularly updated to reflect new laws. The updates happen automatically, sparing your HR team from any manual processes.
2. Training success
A great training program only succeeds if people complete it, stay engaged throughout, and like it. You can set and track a number of key performance indicators (KPIs) to see whether your employees are actually engaging with your training modules all the way through. Among the metrics to track are:
Training completion. This looks at the total number of people who finish the training and the completion percentage for your overall workforce.
Speed to completion. This looks at the median amount of time that workers spent getting through their compliance course.
Feedback. This tracks qualitative sentiment on the compliance training they received. Research shows that lackluster training leads to lackluster results: People who rate compliance training as less than excellent also feel less confident in reporting non-compliance (such as harassment or bribery). On the other hand, research shows that engaging and relevant training leads to increased confidence.
Ethena’s features tracks all of the above, and delivers on all of these metrics. Here’s how:
93% positive feedback ratings from learners (meaning employees like our stuff)
Trainings completed 2x faster than the industry standard (meaning employees aren't putting our training off for later)
68% of 10,000+ learners feel very or extremely confident intervening on behalf of a colleague experiencing harassment after completing our Harassment Prevention Training (up from 45% before the course, meaning our training actually impacts behavior)
Oh, and did we mention we now have over 1 million positive reviews from trainees? Yah, it’s kind of a big deal.
3. Issues post-training
Wouldn’t it be lovely if a worker could take a training course and then launch into a lifetime of letter-perfect corporate compliance? Unfortunately, issues come up and even trained workers can sometimes goof, making risk assessment officers do a giant facepalm. To find out if your compliance program is producing the right downstream results, track post-compliance-training metrics like:
Number of compliance incident reports. This metric tracks how frequently your company has to deal with compliance issues that were covered during training. You could look at metrics like the number of incidents per year, number of incidents per 100 or 1000 employees, and/or time in between incidents.
Nature of incidents reported. Not all compliance issues are the same. HR team members or compliance officers can track the severity and level of risk to the business entailed by each incident.
Time and cost to achieve resolution. When workers violate protocols, your company pays a price. This metric tracks how much each compliance issue affects your bottom line, both in terms of actual money and the time that is spent addressing the compliance problems.
Why is it important to set compliance metrics?
Compliance metrics provide a snapshot of your company’s overall health. When teams comply with company regulations and applicable laws, your organization can expect a more unified culture, a better product, and an improved bottom line. By setting compliance metrics, you grant yourself data-driven evidence of your team’s success (or lack thereof), meaning no one has to rely on gut instinct to determine whether everyone’s following the rules.
When you set compliance metrics, you can:
Protect your company’s reputation
Lower customer and employee churn due to non-compliance
Improve your workplace over time
Build a better (and healthy) workplace culture
Ethena is a modern compliance training platform that delivers current, cringe-free content that employees actually enjoy. Request a sample course to see for yourself! If you’re ready to bring complex issues to life through thoughtful real-world examples, dynamic multimedia, and actionable next steps, let’s talk to see if Ethena is right for your company.