The 2023 ECCP not only continued to emphasize the importance of monitoring and testing the effectiveness of a compliance program, but it spoke more about a Chief Compliance Officer (CCO) and compliance function utilizing data to engage in continuous monitoring and continuous improvement. For some time, the DOJ has stressed the importance of leveraging data to have objective evidence around whether or not a compliance program is working effectively. Yet, as many CCOs are legally trained, they are still determining what specific areas to consider in establishing quantifiable metrics to monitor for effectiveness.
A methodical review of the 2023 ECCP to identify the different areas where a company could establish and quantify metrics to assess effectiveness is the place to start. Many companies have what Edwards called “metrics on the basics” and noted they “have in place processes whereby their employees review the Code of Conduct and confirm they comply with it either when they first onboard with the company and then periodically on an annual basis, companies are doing just fine at reporting.” But it is now the barest minimum of what compliance professionals must do. For instance, they could consider Quote To Cash (QTC) lifecycles or Procure To Pay (P2P). The key starts with a documented process that can be audited and built from there.
Three key takeaways:
- Create an inventory of compliance metrics.
- Create your metrics based on the 2023 ECCP.
- Use these metrics for continuous monitoring and improvement.
For more information, check out The Compliance Handbook, 4th edition, here.