When is the right time to write about a winning streak? In the midst of it? When the streak nears the record? After the record is broken? After the streak ends so one can more fully take a retrospective look back? Like most of the country’s baseball fans, I have been following the Cleveland Indians on their now historic winning streak, at 21 games as I write this blog. It set the record for consecutive wins by an American League team, eclipsing the standard previously held by the 2002 Oakland A’s. I did not want to write about the streak previously for fear of jinxing the Indians, even if they have overtaken my hometown heroes, the Houston Astros for the best record in the AL. A big tip of the baseball cap to the Indians for a streak for the ages. It has been a great ride and I hope you enjoy it, right up to the time (hopefully) you meet the Astros in the playoffs.
My challenge on when to write about the Indians winning streak informs today’s blog post, as I consider when you should use ongoing monitoring. Every compliance practitioner recognizes the prevent, find and fix tripartite approach to compliance. (Or even the more erudite McNulty’s Maxims) Many compliance practitioners believe that if you can move your program from one focused on detection to one focused on prevention, you have not only a more robust program but also one which is more fully operationalized as it would be closer to the ground and the front lines of employees.
Data and data analytics can be used in both the detect and preventative approaches. Further data can be used in both approaches for multiple purposes to doing compliance. It can be used to simply stop negative behavior. It can be used to reinforcement positive behavior. Data and data analytics can be used to further training, education and communication around compliance. It brings forward the question: when should you utilize real-time monitoring and when should you utilize right-time monitoring? The answer may well turn on the purpose for which you want to use the data, as that may impact when you monitor the data.
Consider the critique that monitoring of gifts, travel and entertainment (GTE) monitoring, which is always going to be 30-60 days behind the actual real-time event because it will take an employee 30 days to input their expenses into the system, have a supervisor approve it, and it goes to accounts payable for input. Does such a critique defeat a best practices compliance program which is dedicated to moving from simply a detect prong to a prevent prong?
However, an innovation can occur from how you consider the problem. So instead of a real-time review focus, consider a right-time review focus. Consider the situation where a company has a corporate card program or a corporate-branded credit card. Through those mechanisms, you should be able to access those feeds every day from your card vendor, either from your bank or card issuer. Through both the quantum and quality of information, there might well be certain things worth looking for in the data. The classic example might be when an employee submits expenses incurred an adult entertainment establishment that masquerades as a restaurant because you may want to reprimand that employee and stop that behavior immediately.
If your company uses an expense reporting system like a Concur or Pro River; the expenses can be previewed while they are in process; that is, before they are paid by your organization. It might be previewed even before the employee’s manager approves the expenses. There could be a rash of information and data to look for at that time to give the manager a heads up to take a bit of a deeper dive into the expense report.
Finally, there are some GTE expense which are best reviewed with the longer-term view as the purpose of using the information is longer-term. This includes expenses report data used to influence employee behavior. As a compliance professional, you are better off determining if there a pattern of questionable or abusive expense-related items, as opposed to nagging one-off expenses report entries. Further there may be situations where there are literally bursts of activity which you would like to let pass by before trying to download the data for an analysis. The question for the compliance professional is “What do I have?” Obviously, you cannot perform the analysis before you have data so the type of expense reporting system your organization employs and analytical tool you use all come into the equation. All of these variables can lead to the question you must work through is when do you have the amount of quality of data. It may not always be the “real-time”; it may be more right-time.
By thinking about what you are attempting to accomplish through your monitoring, it can help to inform your compliance program going forward. In the GTE example, if you want to move to something closer to real-time monitoring, you will need to move towards the corporate credit card model, with real-time viewing of the purchases on the card. From there you can make a preliminary assessment if you want or need to use that data from the compliance perspective. Moreover, you should never forget that a much longer right-time review and perspective can be equally valuable for many of your other business processes such as sales and operations going forward.
It is this final point, which makes clear the power of operationalizing your compliance program. If you put the architecture of compliance closest to those in the field who are literally on the front lines of your organization you should be able to obtain the data nearest to the customer. That data can be sliced and diced in a variety of ways which allow incorporate back into your continuous learning loop (OODA feedback loop) so that you can determine the most efficient business process going forward. When compliance can wed its prevent, find and fix mandate with overall business process performance, it can make a company more efficient and more profitable.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2017