One of America’s most unique personalities died, as Texan Ross Perot passed away this week. According to his New York Times (NYT) obituary, “He was no quitter: an Eagle Scout, a Navy officer out of Annapolis, a top I.B.M. salesman, the founder of wildly successful data processing enterprises, a crusader for education and against drugs, a billionaire philanthropist. In 1969, he became a kind of folk hero with a quixotic attempt to fly medicine and food to American prisoners of war in North Vietnam.” One thing that Perot continually mandated was accurate information from which he developed his opportunities, which informs today’s blog post on ongoing monitoring as laid out in the Justice Department’s recently released Evaluation of Corporate Compliance Programs, 2019 Guidance.

The 2019 Guidance mandated that one of the critical elements required in any best practices compliance program is to  use the information you obtain, whether through risk assessment, root cause analysis, investigation, hotline report or any other manner to remediate the situation which allowed it to arise. Under the third general question of how you demonstrate your compliance program actually works in practices, the Guidance  states:

Finally, a hallmark of a compliance program that is working effectively in practice is the extent to which a company is able to conduct a thoughtful root cause analysis of misconduct and timely and appropriately remediate to address the root causes.

Moreover a key component of this requirement is to use the information you have garnered in continuous monitoring, root cause analysis and other tools to improve your compliance program. This is demonstrated by a continuous feedback loop. Compliance practitioners are often confronted with the question: that is how to put into practice these requirements. One solution worth considering has been put forth by Alistair Croll, in an eBook entitled “Planning for Big Data” published by O’Reilly Radar, he notes that big data will allow innovation through the “feedback economy.” This is a step beyond the information economy, because you are using the information that you have generated and collected as a source of information to guide you going forward. Information itself is not the greatest advantage but using it to make your business more agile, efficient and profitable is the greatest advantage.

Croll draws on military theory to illustrate his concept of a feedback loop. It is the OODA loop, which stands for observe, orient, decide and act. This comes from military strategist John Boyd who realized that combat “consisted of observing your circumstances, orienting yourself to your enemy’s way of thinking and your environment, deciding on a course of action and then acting on it.” Croll believes that the success of OODA is in large part due to its circular nature, which drives early actions to feed back into later (and hopefully wiser) actions. This should allow combatants to “get inside their opponent’s loop, outsmarting and outmaneuvering them” because the system itself learns. For the CCO, this means that if your company can collect and analyze information better, you can act on that information faster.

Croll believes one of the greatest impediments to using this OODA feedback loop is the surplus of noise in the data. “We need to capture and analyze it well, separating the digital wheat from the digital chaff, identifying meaningful undercurrents while ignoring meaningless flotsam”. “To do this we need to move to more robust system to put the data into a more usable format.” Croll moves through each of the steps in how a company collects, analyzes and acts on data.

The first step is data collection, where the challenge is both the sheer amount of data coming in and its size. Once the data comes in, it must be ingested and cleaned. If it comes into your organization in an unstructured format, you will need to cut it up and put into the correct database format for use. Croll touches on the storage component of where you place the data, whether in servers or on the cloud.

A key insight from Croll is the issue of platforms, which are the frameworks used to crunch large amounts of data more quickly. His key intuition is to break up the data, so it can be considered and acted upon more quickly.

Another important component is machine learning and its importance in the data supply chain. Machines are better at filtering extraneous data, but as important as machine learning is in big data collection and analysis, there is no substitute for human analysis. However, for many business leaders, displaying the data is most difficult because it is not generally in a readable form. It is important to portray the data in more visual style to help convey various data sources into navigable 3D environments.

Of course, having all this data is of zero use unless you act on it. Big data can be used in a wide variety of decision making, from employment evaluations around hiring and firing decisions, to strategic planning, to risk management and compliance programs. But it does take a shift in compliance thinking to use such data.

Croll ends his chapter by noting, “big data supply chain is the organizational OODA loop.” But unlike the OODA loop, it is more than simply about the loop and plugging information as you move through it. He believes “big data is mostly about feedback”; that is, obtaining the impact of the risks you have accepted. For this to work in compliance, a company’s compliance discipline needs to both understand and “choose a course of action based upon the results, then observe what happens and use that information to collect new data or analyze things in a different way. It’s a process of continuous optimization.”

Whether you consider the OODA loop or the big data supply chain feedback mechanism, this process, coupled with the data that is available to you, should facilitate a more agile and directed business. The feedback components in both processes allow you to make adjustments literally on the fly.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2019