The 2020 Update not only continued to emphasize the importance of monitoring and testing the effectiveness of a compliance program, but it spoke more about a Chief Compliance Officer (CCO) and compliance function utilizing data to engage in both continuous monitoring and continuous improvement. The DOJ for some time now has stressed the importance of leveraging data in order to have objective evidence around whether or not a compliance program is working effectively. Yet, as many CCOs are legally trained they are unsure about what some of the specific areas to be considered are in establishing quantifiable metrics to monitor for effectiveness.
A methodical review of the 2020 Update to identify the different areas where a company could potentially establish and quantify metrics to assess effectiveness is the place to start. Many companies have what Edwards called “metrics on the basics” and noted they “have in place processes whereby their employees review the Code of Conduct and confirm they are in compliance with it either when they first onboard with the company and then periodically on an annual basis, companies are doing just fine at reporting.” But it is now the barest minimum of what compliance professionals must do. For instance, they could consider the lifecycles of Quote To Cash (QTC) or Procure To Pay (P2P). The key is to start with a documented process which can be audited and build out from there.
Three key takeaways:
- Create an inventory of compliance metrics.
- Create your metrics based upon the 2020 Update.
- Use these metrics for continuous monitoring and improvement.