SlideShare a Scribd company logo

Using Data to Measure Compliance Program Effectiveness

J
Jamal Ahmad, Esq., CPA, CFF, CFE

1) Organizations can and should use data to measure the effectiveness of their ethics and compliance programs, just as they use data to measure operational efficiencies. Data-driven assessments provide an objective, fact-based analysis of program effectiveness over time. 2) Compliance officers should work with data experts to identify, collect, and analyze relevant structured and unstructured data from internal and external sources. This includes establishing appropriate metrics and benchmarks to assess compliance programs. 3) Presenting data analyses in a dashboard format allows easy access to meaningful information and demonstrates the organization's commitment to compliance. Dashboards can track metrics related to guidelines like the Federal Sentencing Guidelines.

1 of 5
Download to read offline
+1 952 933 4977 or 888 277 4977  www.corporatecompliance.org  73 Compliance&EthicsProfessional®   March2016 Ahmad Frank by Jamal Ahmad, JD, CPA, CFE, CFF and Jonny Frank, JD, LLM W hen it comes to ethics and compliance programs, organizations often take great pains to design specific activities to meet their regulatory and internal compliance requirements. Regardless of size, the government and standard setters instruct companies to periodically assess the effectiveness of the programs, and keep up with changing internal and external circumstances.1,2 If the organization does not self-assess the program, others will. Customers will vet suppliers; acquirers will conduct due diligence; and, in the wake of misconduct, the government will investigate when determining whether to pursue criminal and/or regulatory action against the company and individual employees, including compliance professionals.3 Organizations currently use data to, among other things, measure operational efficiency and, for public companies subject to the Sarbanes-Oxley Act, to assert to the effectiveness of controls over financial reporting.4 It stands to reason that they can and should unlock this same data to measure effectiveness and efficiency of ethics and compliance activities. Data-supported assessments carry more weight than mere qualitative assessments and provide a basis for actions taken with respect to implementation of compliance efforts, as well as remediation efforts in the event of a compliance issue. Boards, third parties, and government officials prefer data-driven compliance program assessments, because they are fact-based, use objective criteria, and contain Data: A hidden gem in the effectiveness of ethics and compliance programs »» Just as they use data to measure operational efficiencies, so too can organizations use data to measure and assess the effectiveness of their ethics and compliance programs. »» Data-driven assessments provide a factual basis upon which to draw qualitative conclusions about the effectiveness of ethics and compliance programs and defend compliance activities in the wake of an incident. »» Compliance officers should work with data experts to identify, collect, and present relevant data in a manner that is meaningful and easy to understand. »» Companies should establish appropriate metrics to assess the state of ethics and compliance programs and develop benchmarks by which to measure their progress. »» The use of analytics tools, such as a dashboard and its easy-to-access and useful information, can be of great benefit to the Compliance function.
74   www.corporatecompliance.org  +1 952 933 4977 or 888 277 4977 Compliance&EthicsProfessional®   March2016 tangible criteria that are measurable over time. Data also provides a basis to draw qualitative conclusions (e.g., the programs are effective) and to defend the activities in the wake of an incident.5 Additionally, compliance officers can use data to focus their compliance resources, get the most out of those resources and, if resource starved, make the case to enlist additional support. Defining data Data is simply another word for information. Typically, data is presented in number or amount (e.g., the time of entry into a building, the amount of dollars spent on compliance-related functions, the number of calls to the whistleblower hotline) or in words (e.g., the names of the individuals who participated in a risk assessment). Data analytics is the science of examining such raw data with the purpose of drawing conclusions about that information. Experts in data analytics often differentiate between “structured” and “unstructured” data. Structured data refers to information that resides in fixed fields (e.g., information from an enterprise resource planning [ERP] system, such as Oracle or SAP; other financial and operating systems, tables, and spreadsheets). Unstructured data, as the name implies, includes raw information that does not reside in fixed fields (e.g., e-mails, Word documents, pictures, video, audio, webpages, text contained in spreadsheets). Semi-structured data refers to data that can be converted from an unstructured format into defined fields. Organizations can use both structured and unstructured data to assess the effectiveness of compliance and ethics programs. Structured data is much easier to analyze, particularly if the organization collects information in pre-defined fields that correlate to the analysis (e.g., whistleblower data organized by type of complaint, business function, and resolution). It is possible to analyze unstructured data, but less convenient. The organization needs either to convert the unstructured data into defined fields or use full-text, keyword searches. Identifying and collecting data Part of the challenge in using data for the compliance assessment lies in identifying and gathering the data required for the analysis. Relevant data for assessment purposes often resides in disparate locations, both internal and external to the organization. Once relevant data is identified, it must be “normalized” for meaningful analysis. It is common for data to reside in different systems and exist in different formats. Accordingly, compliance officers need to work with data analytics experts to create a data plan and corresponding roadmap to locate, secure, and assimilate relevant data into a common platform. Measuring progress Although there are no “one size fits all” solutions to ethics and compliance programs, organizations must still select criteria against which to measure their company. Rather, the organization should tailor the criteria to its unique circumstances (e.g., number of employees, industries, and geographies in which the organization does business). Experts in data analytics often differentiate between “structured” and “unstructured” data.
+1 952 933 4977 or 888 277 4977  www.corporatecompliance.org  75 Compliance&EthicsProfessional®   March2016 Professional literature abounds with criteria for an effective compliance and ethics program. Many organizations follow the U.S. Sentencing Commission’s Federal Sentencing Guidelines,6 but that guidance technically applies only to sentencing following a guilty plea or verdict. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is the leading framework for managing compliance, operational, and reporting risk. The COSO Integrated Internal Controls Framework7 is another useful resource, which public companies can apply to also meet Sarbanes-Oxley requirements. Federal departments and agencies issue their own guidance, including, for example, the Department of Defense, Health and Human Services, the Department of Justice (DOJ), the Securities & Exchange Commission (SEC), and the Office of the Comptroller of the Currency. State agencies provide additional guidance. Many organizations employ a risk- based approach, though, it presents somewhat of a “chicken-and-egg” dilemma. This approach begins with a risk assessment to define the scope of the E&C programs. Others include a risk assessment as a component of a compliance program. Either approach is acceptable, provided that the organization conducts a comprehensive risk assessment—and the same data can be used in either scenario.8 Benchmarking for success One of the significant challenges with regard to E&C programs is that most published criteria are general and qualitative. The Federal Sentencing Guidelines, for example, require organizations to “promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law,”9 and the DOJ expects “high- level commitment by directors and senior management.”10 The literature, however, provides scant direction on how organizations can measure compliance with these broad principles. Given the absence of specific guidance, organizations must identify appropriate data sources and develop objective quantitative and qualitative metrics to meet government expectations.11 For example, to demonstrate a commitment to a culture of compliance, organizations can consider and score the results of focus groups and culture surveys, as well as the frequency of messages from senior management that reinforce ethics. Or, to demonstrate effective training, track completion rates and signed certifications for receipt and acknowledgement of relevant governance documents such as the organization’s Code of Conduct. Finally, the organization can assess the effectiveness of remediation efforts by reviewing incident reports compiled by the Internal Audit department (or its equivalent) and scoring the nature and sufficiency of the follow-up. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is the leading framework for managing compliance, operational, and reporting risk.
76   www.corporatecompliance.org  +1 952 933 4977 or 888 277 4977 Compliance&EthicsProfessional®   March2016 It is important to know your audience when developing benchmarks. Senior management and the board might be interested in one set of benchmarks, but prosecutors and regulators might have an interest in others. Proactively anticipating these areas of focus will prove more successful than trying to recreate them after the fact. Developing benchmarks takes considerable time. Forensic auditors, data analytics experts, and compliance risks and controls experts can help compliance officers to identify potential data sources, develop analytics procedures, and employ statistical packages to categorize and design rational scoring methodologies to grade results. Set benchmarks against peer entities, if possible. An organization can look at statistics on mechanisms used to report misconduct and compare them with the use of its hotline, for example, against similarly- sized organizations. Create internal benchmarks, if external ones are not available. When developing a culture survey, for example, create the expected number of “strongly agree,” “agree,” “disagree,” and “strongly disagree” responses to particular questions. The benchmarks, after all, must be defensible. Developing a dashboard The organization needs to track benchmarks, just as it would any other program or plan. Take advantage of technology to automate the collection and tracking of benchmarks. The Compliance function, ultimately, would benefit from a dashboard, which (in addition to easy access to critical and useful information) would by its mere existence demonstrate the organization’s commitment to compliance (see Table 1). Federal Sentencing Guidelines Metric(s) Sample Dashboard Metric(s) Culture that encourages ethics and compliance Culture survey results; messages from senior management emphasizing importance of ethics Roles of board, management, and Compliance Board committee charters and meeting minutes; frequency of meetings between senior management and compliance personnel; Compliance department structure and resources Diligence by positions of authority Diligence files Training Completion rates for trainings and signed certifications regarding receipt of training Mechanism to report misconduct Number of ethics hotline calls; nature of allegations; type of reporting mechanism Risk assessment Frequency and nature of compliance-related risk assessments Audits to detect misconduct Number of internal audits including detection of misconduct within scope; types of misconduct; risk indicators considered Response and remediation of misconduct Number, type, and results of allegations and remediation Table 1: Compliance Metric and Associated Dashboard Visual
+1 952 933 4977 or 888 277 4977  www.corporatecompliance.org  77 Compliance&EthicsProfessional®   March2016 Upcoming 2016 SCCE Web Conferences 3.2.2016 | Education tech: Are you managing privacy and security risks or outsourcing them? • ROSLYN F MARTORANO, Systemwide Privacy Manager, University of California • ISAAC STRALEY, Campus Information Security Officer, University of California, Irvine • DIANNE YODER, Associate Director IT and Professional Services, Strategic Sourcing Centers of Excellence, University of California 3.9.2016 | Our First Ethical Climate Survey: What we did and what we learned • ANN D. E. FRASER, PHD, Executive Director, Values, Integrity and Conflict Resolution Directorate, Integrity and Redress Secretariat, Canadian Food Inspection Agency 3.16.2016 | Concerns that Keep Youth Program Directors Awake at Night • CANDACE COLLINS, Director of Higher Education, Praesidium Inc. 3.30.2016 | Update on Global Data Privacy Laws and Frameworks • ROBERT BOND, Partner, Charles Russell Speechlys LLP 4.13.2016 | Right to be forgotten, right of erasure, so nothing left to chance? • ROBERT BOND, Head of DataProtection and Cyber Security Law, Charles Russell Speechlys LLP 4.28.2016 | Navigating the Challenges of U.S. Export Controls • JULIO FERNANDEZ, Principal Consultant, Fernandez Export Advisory LLC Learn more and register at corporatecompliance.org/webconferences Conclusion As scrutiny of corporate ethics and compliance programs intensifies, it has become more imperative than ever for compliance executives to identify and use the appropriate data to measure the effectiveness of these activities. Data can be leveraged not only to maintain a watchful eye on the programs, but also to defend them in the event of regulatory action. ✵ 1. United States Sentencing Commission: 2014 Guidelines Manual, §8B2.1. Available at http://bit.ly/guidelines-manual 2. See Leslie R. Caldwell, United States Department of Justice, Remarks at 22nd Annual Ethics and Compliance Conference, October 1, 2014. Available at http://bit.ly/remarks-assist-ag 3. Leslie R. Caldwell, United States Department of Justice, Speech at SIFMA Compliance and Legal Society New York Regional Seminar. November 2, 2015. Available at http://bit.ly/leslie-caldwell 4. See Sarbanes-Oxley Act of 2002, §§302, 404 (2002). 5. United States Department of Justice: Principles of Federal Prosecution of Business Organizations, §9-28.300 (2015) (directing prosecutors to consider the effectiveness of the corporations pre-existing compliance program in determining whether to file criminal charges). 6. Ibid., Ref #1 7. Information about COSO is available at http://www.coso.org. 8. Jonny Frank: “5 Ways to Meet DOJ’s Heightened Compliance Expectations“ Law 360; May 29, 2015. Available at http://bit.ly/5-ways-to-meet 9. Federal Sentencing Guidelines, §8B2.1(a)(2) 10. Ibid., Ref #3 11. Timothy Hedley and Ori Ben-Chorin: “Collecting and Evaluating Effective Compliance Program Metrics” Compliance Ethics Professional; December 2015, pp 57-60. Jamal Ahmad (jahmad@stoneturn.com) is Managing Director at StoneTurn Group in New York City. Jonny Frank (jfrank@stoneturn.com) is a Partner at StoneTurn Group in New York City.

Recommended

Taking Private Out of Private Equity
Taking Private Out of Private EquityTaking Private Out of Private Equity
Taking Private Out of Private EquityJamal Ahmad, Esq., CPA, CFF, CFE
 
11-2016 Compliance_Corner
11-2016 Compliance_Corner11-2016 Compliance_Corner
11-2016 Compliance_CornerMarina Baranovsky
 
White Paper: A summary of the FSA thematic review
White Paper: A summary of the FSA thematic reviewWhite Paper: A summary of the FSA thematic review
White Paper: A summary of the FSA thematic reviewLexisNexis Benelux
 
Compliance Officer update: What you should know about your Business Partner -...
Compliance Officer update: What you should know about your Business Partner -...Compliance Officer update: What you should know about your Business Partner -...
Compliance Officer update: What you should know about your Business Partner -...vivacidade
 
Taking the road to advanced approaches and heightened standards in risk manag...
Taking the road to advanced approaches and heightened standards in risk manag...Taking the road to advanced approaches and heightened standards in risk manag...
Taking the road to advanced approaches and heightened standards in risk manag...Grant Thornton LLP
 
2016 SEC & FINRA exam priorities for asset managers
2016 SEC & FINRA exam priorities for asset managers2016 SEC & FINRA exam priorities for asset managers
2016 SEC & FINRA exam priorities for asset managersGrant Thornton LLP
 
An industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessmentsAn industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessmentsGrant Thornton LLP
 
How Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party RisksHow Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party RisksMHM (Mayer Hoffman McCann P.C.)
 

Recommended

Taking Private Out of Private Equity
Taking Private Out of Private EquityTaking Private Out of Private Equity
Taking Private Out of Private EquityJamal Ahmad, Esq., CPA, CFF, CFE
 
11-2016 Compliance_Corner
11-2016 Compliance_Corner11-2016 Compliance_Corner
11-2016 Compliance_CornerMarina Baranovsky
 
White Paper: A summary of the FSA thematic review
White Paper: A summary of the FSA thematic reviewWhite Paper: A summary of the FSA thematic review
White Paper: A summary of the FSA thematic reviewLexisNexis Benelux
 
Compliance Officer update: What you should know about your Business Partner -...
Compliance Officer update: What you should know about your Business Partner -...Compliance Officer update: What you should know about your Business Partner -...
Compliance Officer update: What you should know about your Business Partner -...vivacidade
 
Taking the road to advanced approaches and heightened standards in risk manag...
Taking the road to advanced approaches and heightened standards in risk manag...Taking the road to advanced approaches and heightened standards in risk manag...
Taking the road to advanced approaches and heightened standards in risk manag...Grant Thornton LLP
 
2016 SEC & FINRA exam priorities for asset managers
2016 SEC & FINRA exam priorities for asset managers2016 SEC & FINRA exam priorities for asset managers
2016 SEC & FINRA exam priorities for asset managersGrant Thornton LLP
 
An industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessmentsAn industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessmentsGrant Thornton LLP
 
How Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party RisksHow Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party RisksMHM (Mayer Hoffman McCann P.C.)
 
Managing macroeconomic uncertainty in a post recession world
Managing macroeconomic uncertainty in a post recession worldManaging macroeconomic uncertainty in a post recession world
Managing macroeconomic uncertainty in a post recession worldGrand Crue
 
Khazi Sox A
Khazi Sox AKhazi Sox A
Khazi Sox Aahmedjeelani
 
Analyzing Financial Projections as Part of the ESOP Fiduciary Process | Appra...
Analyzing Financial Projections as Part of the ESOP Fiduciary Process | Appra...Analyzing Financial Projections as Part of the ESOP Fiduciary Process | Appra...
Analyzing Financial Projections as Part of the ESOP Fiduciary Process | Appra...Mercer Capital
 
The changing role of internal audit
The changing role of internal auditThe changing role of internal audit
The changing role of internal auditaakash malhotra
 
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...DVV Solutions Third Party Risk Management
 
201310 Risk Aggregation and Reporting. More than Just a Data Issue
201310 Risk Aggregation and Reporting. More than Just a Data Issue201310 Risk Aggregation and Reporting. More than Just a Data Issue
201310 Risk Aggregation and Reporting. More than Just a Data IssueFrancisco Calzado
 
2015 Tackling This Year's Audit Hot Spots
2015 Tackling This Year's Audit Hot Spots2015 Tackling This Year's Audit Hot Spots
2015 Tackling This Year's Audit Hot SpotsRon Steinkamp
 
Introduction to commission unbundling
Introduction to commission unbundling Introduction to commission unbundling
Introduction to commission unbundling Christian Bower
 
2009 04 21 Ntihi Faculty Course 110
2009 04 21 Ntihi Faculty Course 1102009 04 21 Ntihi Faculty Course 110
2009 04 21 Ntihi Faculty Course 110tmdonoesq
 
CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...Grant Thornton LLP
 
201502 accenture automatic exchange of information regime an emerging compl...
201502 accenture automatic exchange of information regime an emerging compl...201502 accenture automatic exchange of information regime an emerging compl...
201502 accenture automatic exchange of information regime an emerging compl...Francisco Calzado
 
Accenture Capital Markets- serving many masters - Top 10 Challenges 2013
Accenture Capital Markets- serving many masters - Top 10 Challenges 2013Accenture Capital Markets- serving many masters - Top 10 Challenges 2013
Accenture Capital Markets- serving many masters - Top 10 Challenges 2013Karl Meekings
 
Purchase Recommendation Versik Analytics Inc - 09-23-16
Purchase Recommendation Versik Analytics Inc - 09-23-16Purchase Recommendation Versik Analytics Inc - 09-23-16
Purchase Recommendation Versik Analytics Inc - 09-23-16Harrison Hessel
 
Compliance Risk Assessment
Compliance Risk AssessmentCompliance Risk Assessment
Compliance Risk AssessmentCompliance Consultant
 
JOSF-CCAR:DFAST
JOSF-CCAR:DFASTJOSF-CCAR:DFAST
JOSF-CCAR:DFASTLarry Lee
 
DUP_GlobalRiskManagementSurvey9
DUP_GlobalRiskManagementSurvey9DUP_GlobalRiskManagementSurvey9
DUP_GlobalRiskManagementSurvey9Andrew Brooks
 
Not-For-Profit Audit Committee Briefing
Not-For-Profit Audit Committee Briefing Not-For-Profit Audit Committee Briefing
Not-For-Profit Audit Committee Briefing Grant Thornton LLP
 
Verifying the relationship between free cash flow and mechanisms of corporate...
Verifying the relationship between free cash flow and mechanisms of corporate...Verifying the relationship between free cash flow and mechanisms of corporate...
Verifying the relationship between free cash flow and mechanisms of corporate...majid jamal
 
Avoiding conflict and litigation with hmrc
Avoiding conflict and litigation with hmrcAvoiding conflict and litigation with hmrc
Avoiding conflict and litigation with hmrcIndia inc
 
JSN Motors_W4_2015
JSN Motors_W4_2015JSN Motors_W4_2015
JSN Motors_W4_2015Chanel vd Merwe
 
25.04.2011, Introduction of Mongolia in world competitiveness, Mr. Ch. Otgoch...
25.04.2011, Introduction of Mongolia in world competitiveness, Mr. Ch. Otgoch...25.04.2011, Introduction of Mongolia in world competitiveness, Mr. Ch. Otgoch...
25.04.2011, Introduction of Mongolia in world competitiveness, Mr. Ch. Otgoch...The Business Council of Mongolia
 
BioClinica Imaging Metrics Case Study
BioClinica Imaging Metrics Case StudyBioClinica Imaging Metrics Case Study
BioClinica Imaging Metrics Case StudyBioclinica
 

More Related Content

What's hot

Managing macroeconomic uncertainty in a post recession world
Managing macroeconomic uncertainty in a post recession worldManaging macroeconomic uncertainty in a post recession world
Managing macroeconomic uncertainty in a post recession worldGrand Crue
 
Analyzing Financial Projections as Part of the ESOP Fiduciary Process | Appra...
Analyzing Financial Projections as Part of the ESOP Fiduciary Process | Appra...Analyzing Financial Projections as Part of the ESOP Fiduciary Process | Appra...
Analyzing Financial Projections as Part of the ESOP Fiduciary Process | Appra...Mercer Capital
 
The changing role of internal audit
The changing role of internal auditThe changing role of internal audit
The changing role of internal auditaakash malhotra
 
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...DVV Solutions Third Party Risk Management
 
201310 Risk Aggregation and Reporting. More than Just a Data Issue
201310 Risk Aggregation and Reporting. More than Just a Data Issue201310 Risk Aggregation and Reporting. More than Just a Data Issue
201310 Risk Aggregation and Reporting. More than Just a Data IssueFrancisco Calzado
 
2015 Tackling This Year's Audit Hot Spots
2015 Tackling This Year's Audit Hot Spots2015 Tackling This Year's Audit Hot Spots
2015 Tackling This Year's Audit Hot SpotsRon Steinkamp
 
Introduction to commission unbundling
Introduction to commission unbundling Introduction to commission unbundling
Introduction to commission unbundling Christian Bower
 
2009 04 21 Ntihi Faculty Course 110
2009 04 21 Ntihi Faculty Course 1102009 04 21 Ntihi Faculty Course 110
2009 04 21 Ntihi Faculty Course 110tmdonoesq
 
CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...Grant Thornton LLP
 
201502 accenture automatic exchange of information regime an emerging compl...
201502 accenture automatic exchange of information regime an emerging compl...201502 accenture automatic exchange of information regime an emerging compl...
201502 accenture automatic exchange of information regime an emerging compl...Francisco Calzado
 
Accenture Capital Markets- serving many masters - Top 10 Challenges 2013
Accenture Capital Markets- serving many masters - Top 10 Challenges 2013Accenture Capital Markets- serving many masters - Top 10 Challenges 2013
Accenture Capital Markets- serving many masters - Top 10 Challenges 2013Karl Meekings
 
Purchase Recommendation Versik Analytics Inc - 09-23-16
Purchase Recommendation Versik Analytics Inc - 09-23-16Purchase Recommendation Versik Analytics Inc - 09-23-16
Purchase Recommendation Versik Analytics Inc - 09-23-16Harrison Hessel
 
JOSF-CCAR:DFAST
JOSF-CCAR:DFASTJOSF-CCAR:DFAST
JOSF-CCAR:DFASTLarry Lee
 
DUP_GlobalRiskManagementSurvey9
DUP_GlobalRiskManagementSurvey9DUP_GlobalRiskManagementSurvey9
DUP_GlobalRiskManagementSurvey9Andrew Brooks
 
Not-For-Profit Audit Committee Briefing
Not-For-Profit Audit Committee Briefing Not-For-Profit Audit Committee Briefing
Not-For-Profit Audit Committee Briefing Grant Thornton LLP
 
Verifying the relationship between free cash flow and mechanisms of corporate...
Verifying the relationship between free cash flow and mechanisms of corporate...Verifying the relationship between free cash flow and mechanisms of corporate...
Verifying the relationship between free cash flow and mechanisms of corporate...majid jamal
 

What's hot (18)

Managing macroeconomic uncertainty in a post recession world
Managing macroeconomic uncertainty in a post recession worldManaging macroeconomic uncertainty in a post recession world
Managing macroeconomic uncertainty in a post recession world
 
Khazi Sox A
Khazi Sox AKhazi Sox A
Khazi Sox A
 
Analyzing Financial Projections as Part of the ESOP Fiduciary Process | Appra...
Analyzing Financial Projections as Part of the ESOP Fiduciary Process | Appra...Analyzing Financial Projections as Part of the ESOP Fiduciary Process | Appra...
Analyzing Financial Projections as Part of the ESOP Fiduciary Process | Appra...
 
The changing role of internal audit
The changing role of internal auditThe changing role of internal audit
The changing role of internal audit
 
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...
 
201310 Risk Aggregation and Reporting. More than Just a Data Issue
201310 Risk Aggregation and Reporting. More than Just a Data Issue201310 Risk Aggregation and Reporting. More than Just a Data Issue
201310 Risk Aggregation and Reporting. More than Just a Data Issue
 
2015 Tackling This Year's Audit Hot Spots
2015 Tackling This Year's Audit Hot Spots2015 Tackling This Year's Audit Hot Spots
2015 Tackling This Year's Audit Hot Spots
 
Introduction to commission unbundling
Introduction to commission unbundling Introduction to commission unbundling
Introduction to commission unbundling
 
2009 04 21 Ntihi Faculty Course 110
2009 04 21 Ntihi Faculty Course 1102009 04 21 Ntihi Faculty Course 110
2009 04 21 Ntihi Faculty Course 110
 
CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...
 
201502 accenture automatic exchange of information regime an emerging compl...
201502 accenture automatic exchange of information regime an emerging compl...201502 accenture automatic exchange of information regime an emerging compl...
201502 accenture automatic exchange of information regime an emerging compl...
 
Accenture Capital Markets- serving many masters - Top 10 Challenges 2013
Accenture Capital Markets- serving many masters - Top 10 Challenges 2013Accenture Capital Markets- serving many masters - Top 10 Challenges 2013
Accenture Capital Markets- serving many masters - Top 10 Challenges 2013
 
Purchase Recommendation Versik Analytics Inc - 09-23-16
Purchase Recommendation Versik Analytics Inc - 09-23-16Purchase Recommendation Versik Analytics Inc - 09-23-16
Purchase Recommendation Versik Analytics Inc - 09-23-16
 
Compliance Risk Assessment
Compliance Risk AssessmentCompliance Risk Assessment
Compliance Risk Assessment
 
JOSF-CCAR:DFAST
JOSF-CCAR:DFASTJOSF-CCAR:DFAST
JOSF-CCAR:DFAST
 
DUP_GlobalRiskManagementSurvey9
DUP_GlobalRiskManagementSurvey9DUP_GlobalRiskManagementSurvey9
DUP_GlobalRiskManagementSurvey9
 
Not-For-Profit Audit Committee Briefing
Not-For-Profit Audit Committee Briefing Not-For-Profit Audit Committee Briefing
Not-For-Profit Audit Committee Briefing
 
Verifying the relationship between free cash flow and mechanisms of corporate...
Verifying the relationship between free cash flow and mechanisms of corporate...Verifying the relationship between free cash flow and mechanisms of corporate...
Verifying the relationship between free cash flow and mechanisms of corporate...
 

Viewers also liked

Avoiding conflict and litigation with hmrc
Avoiding conflict and litigation with hmrcAvoiding conflict and litigation with hmrc
Avoiding conflict and litigation with hmrcIndia inc
 
25.04.2011, Introduction of Mongolia in world competitiveness, Mr. Ch. Otgoch...
25.04.2011, Introduction of Mongolia in world competitiveness, Mr. Ch. Otgoch...25.04.2011, Introduction of Mongolia in world competitiveness, Mr. Ch. Otgoch...
25.04.2011, Introduction of Mongolia in world competitiveness, Mr. Ch. Otgoch...The Business Council of Mongolia
 
BioClinica Imaging Metrics Case Study
BioClinica Imaging Metrics Case StudyBioClinica Imaging Metrics Case Study
BioClinica Imaging Metrics Case StudyBioclinica
 
SA04 - Managing KPIs and Dashboards (MCU)
SA04 - Managing KPIs and Dashboards (MCU)SA04 - Managing KPIs and Dashboards (MCU)
SA04 - Managing KPIs and Dashboards (MCU)Maintenance Connection
 
Panel discussion-what are indian family offices doing globally? Managing Indi...
Panel discussion-what are indian family offices doing globally? Managing Indi...Panel discussion-what are indian family offices doing globally? Managing Indi...
Panel discussion-what are indian family offices doing globally? Managing Indi...India inc
 
Ceo Dashboard 2
Ceo Dashboard 2Ceo Dashboard 2
Ceo Dashboard 2mullman
 
Penalty provision budget 2016 rishabh khandal
Penalty provision budget 2016 rishabh khandalPenalty provision budget 2016 rishabh khandal
Penalty provision budget 2016 rishabh khandalRishabh Khandal
 
Advances and Management of Diabetes Mellitus
Advances and Management of Diabetes MellitusAdvances and Management of Diabetes Mellitus
Advances and Management of Diabetes MellitusPratiksha Doke
 

Viewers also liked (14)

Avoiding conflict and litigation with hmrc
Avoiding conflict and litigation with hmrcAvoiding conflict and litigation with hmrc
Avoiding conflict and litigation with hmrc
 
JSN Motors_W4_2015
JSN Motors_W4_2015JSN Motors_W4_2015
JSN Motors_W4_2015
 
25.04.2011, Introduction of Mongolia in world competitiveness, Mr. Ch. Otgoch...
25.04.2011, Introduction of Mongolia in world competitiveness, Mr. Ch. Otgoch...25.04.2011, Introduction of Mongolia in world competitiveness, Mr. Ch. Otgoch...
25.04.2011, Introduction of Mongolia in world competitiveness, Mr. Ch. Otgoch...
 
BioClinica Imaging Metrics Case Study
BioClinica Imaging Metrics Case StudyBioClinica Imaging Metrics Case Study
BioClinica Imaging Metrics Case Study
 
Izvodi iz knjige_strah_od_ zivota
Izvodi iz knjige_strah_od_ zivotaIzvodi iz knjige_strah_od_ zivota
Izvodi iz knjige_strah_od_ zivota
 
SA04 - Managing KPIs and Dashboards (MCU)
SA04 - Managing KPIs and Dashboards (MCU)SA04 - Managing KPIs and Dashboards (MCU)
SA04 - Managing KPIs and Dashboards (MCU)
 
Panel discussion-what are indian family offices doing globally? Managing Indi...
Panel discussion-what are indian family offices doing globally? Managing Indi...Panel discussion-what are indian family offices doing globally? Managing Indi...
Panel discussion-what are indian family offices doing globally? Managing Indi...
 
IEDM Flyer
IEDM FlyerIEDM Flyer
IEDM Flyer
 
Ceo Dashboard 2
Ceo Dashboard 2Ceo Dashboard 2
Ceo Dashboard 2
 
Penalty provision budget 2016 rishabh khandal
Penalty provision budget 2016 rishabh khandalPenalty provision budget 2016 rishabh khandal
Penalty provision budget 2016 rishabh khandal
 
Epitelno tkivo
Epitelno tkivoEpitelno tkivo
Epitelno tkivo
 
Advances and Management of Diabetes Mellitus
Advances and Management of Diabetes MellitusAdvances and Management of Diabetes Mellitus
Advances and Management of Diabetes Mellitus
 
Wealth tax
Wealth taxWealth tax
Wealth tax
 
40 aniversario del_procesador
40 aniversario del_procesador40 aniversario del_procesador
40 aniversario del_procesador
 

Similar to Using Data to Measure Compliance Program Effectiveness

Tips For Being Compliance Ready
Tips For Being Compliance ReadyTips For Being Compliance Ready
Tips For Being Compliance ReadyPeak 10
 
Standards For Wright Aircraft Corp
Standards For Wright Aircraft CorpStandards For Wright Aircraft Corp
Standards For Wright Aircraft CorpAntoinette Williams
 
Seven Elements Of Effective Compliance Programs
Seven Elements Of Effective Compliance ProgramsSeven Elements Of Effective Compliance Programs
Seven Elements Of Effective Compliance ProgramsMaria Macri
 
Practical Guide to Data Governance Success
Practical Guide to Data Governance SuccessPractical Guide to Data Governance Success
Practical Guide to Data Governance SuccessAmple Insight Inc
 
A Practical Guide To Information Governance
A Practical Guide To Information GovernanceA Practical Guide To Information Governance
A Practical Guide To Information GovernanceMichael Curcio
 
HR information system project Comment feedback concerning the .docx
HR information system project Comment feedback concerning the .docxHR information system project Comment feedback concerning the .docx
HR information system project Comment feedback concerning the .docxadampcarr67227
 
Strategic alignment with bi and ROI Affect
Strategic alignment with bi and ROI AffectStrategic alignment with bi and ROI Affect
Strategic alignment with bi and ROI AffectFarooq Omar
 
Strategic alignment with Bi and ROI Affect
Strategic alignment with Bi and ROI AffectStrategic alignment with Bi and ROI Affect
Strategic alignment with Bi and ROI AffectFarooq Omar
 
Enterprise Information Management Strategy - a proven approach
Enterprise Information Management Strategy - a proven approachEnterprise Information Management Strategy - a proven approach
Enterprise Information Management Strategy - a proven approachSam Thomsett
 
Governance and Architecture in Data Integration
Governance and Architecture in Data IntegrationGovernance and Architecture in Data Integration
Governance and Architecture in Data IntegrationAnalytiX DS
 
White Paper-1-AnalytiX Mapping Manager-Governance And Architecture In Data In...
White Paper-1-AnalytiX Mapping Manager-Governance And Architecture In Data In...White Paper-1-AnalytiX Mapping Manager-Governance And Architecture In Data In...
White Paper-1-AnalytiX Mapping Manager-Governance And Architecture In Data In...AnalytixDataServices
 
theprinciplesmaturitymodel
theprinciplesmaturitymodeltheprinciplesmaturitymodel
theprinciplesmaturitymodelDavid Vickers
 
Running head BUSIENSS POLICY DEVLEOPMENT AND IMPLEMENTATION 1B.docx
Running head BUSIENSS POLICY DEVLEOPMENT AND IMPLEMENTATION 1B.docxRunning head BUSIENSS POLICY DEVLEOPMENT AND IMPLEMENTATION 1B.docx
Running head BUSIENSS POLICY DEVLEOPMENT AND IMPLEMENTATION 1B.docxsusanschei
 
Quality management best practices
Quality management best practicesQuality management best practices
Quality management best practicesselinasimpson2201
 
Data Quality Strategy: A Step-by-Step Approach
Data Quality Strategy: A Step-by-Step ApproachData Quality Strategy: A Step-by-Step Approach
Data Quality Strategy: A Step-by-Step ApproachFindWhitePapers
 
How to integrate risk into your compliance-only approach
How to integrate risk into your compliance-only approach How to integrate risk into your compliance-only approach
How to integrate risk into your compliance-only approachAbhishek Sood
 

Similar to Using Data to Measure Compliance Program Effectiveness (20)

Tips For Being Compliance Ready
Tips For Being Compliance ReadyTips For Being Compliance Ready
Tips For Being Compliance Ready
 
Standards For Wright Aircraft Corp
Standards For Wright Aircraft CorpStandards For Wright Aircraft Corp
Standards For Wright Aircraft Corp
 
Seven Elements Of Effective Compliance Programs
Seven Elements Of Effective Compliance ProgramsSeven Elements Of Effective Compliance Programs
Seven Elements Of Effective Compliance Programs
 
Practical Guide to Data Governance Success
Practical Guide to Data Governance SuccessPractical Guide to Data Governance Success
Practical Guide to Data Governance Success
 
A Practical Guide To Information Governance
A Practical Guide To Information GovernanceA Practical Guide To Information Governance
A Practical Guide To Information Governance
 
Compliance risk management planning 2017-02-mattoon
Compliance risk management planning 2017-02-mattoonCompliance risk management planning 2017-02-mattoon
Compliance risk management planning 2017-02-mattoon
 
web-MINImag
web-MINImagweb-MINImag
web-MINImag
 
HR information system project Comment feedback concerning the .docx
HR information system project Comment feedback concerning the .docxHR information system project Comment feedback concerning the .docx
HR information system project Comment feedback concerning the .docx
 
Strategic alignment with bi and ROI Affect
Strategic alignment with bi and ROI AffectStrategic alignment with bi and ROI Affect
Strategic alignment with bi and ROI Affect
 
Strategic alignment with Bi and ROI Affect
Strategic alignment with Bi and ROI AffectStrategic alignment with Bi and ROI Affect
Strategic alignment with Bi and ROI Affect
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
 
Enterprise Information Management Strategy - a proven approach
Enterprise Information Management Strategy - a proven approachEnterprise Information Management Strategy - a proven approach
Enterprise Information Management Strategy - a proven approach
 
Governance and Architecture in Data Integration
Governance and Architecture in Data IntegrationGovernance and Architecture in Data Integration
Governance and Architecture in Data Integration
 
White Paper-1-AnalytiX Mapping Manager-Governance And Architecture In Data In...
White Paper-1-AnalytiX Mapping Manager-Governance And Architecture In Data In...White Paper-1-AnalytiX Mapping Manager-Governance And Architecture In Data In...
White Paper-1-AnalytiX Mapping Manager-Governance And Architecture In Data In...
 
theprinciplesmaturitymodel
theprinciplesmaturitymodeltheprinciplesmaturitymodel
theprinciplesmaturitymodel
 
Running head BUSIENSS POLICY DEVLEOPMENT AND IMPLEMENTATION 1B.docx
Running head BUSIENSS POLICY DEVLEOPMENT AND IMPLEMENTATION 1B.docxRunning head BUSIENSS POLICY DEVLEOPMENT AND IMPLEMENTATION 1B.docx
Running head BUSIENSS POLICY DEVLEOPMENT AND IMPLEMENTATION 1B.docx
 
Quality management best practices
Quality management best practicesQuality management best practices
Quality management best practices
 
Mis unit v-converted
Mis unit v-convertedMis unit v-converted
Mis unit v-converted
 
Data Quality Strategy: A Step-by-Step Approach
Data Quality Strategy: A Step-by-Step ApproachData Quality Strategy: A Step-by-Step Approach
Data Quality Strategy: A Step-by-Step Approach
 
How to integrate risk into your compliance-only approach
How to integrate risk into your compliance-only approach How to integrate risk into your compliance-only approach
How to integrate risk into your compliance-only approach
 

Using Data to Measure Compliance Program Effectiveness

  • 1. +1 952 933 4977 or 888 277 4977  www.corporatecompliance.org  73 Compliance&EthicsProfessional®   March2016 Ahmad Frank by Jamal Ahmad, JD, CPA, CFE, CFF and Jonny Frank, JD, LLM W hen it comes to ethics and compliance programs, organizations often take great pains to design specific activities to meet their regulatory and internal compliance requirements. Regardless of size, the government and standard setters instruct companies to periodically assess the effectiveness of the programs, and keep up with changing internal and external circumstances.1,2 If the organization does not self-assess the program, others will. Customers will vet suppliers; acquirers will conduct due diligence; and, in the wake of misconduct, the government will investigate when determining whether to pursue criminal and/or regulatory action against the company and individual employees, including compliance professionals.3 Organizations currently use data to, among other things, measure operational efficiency and, for public companies subject to the Sarbanes-Oxley Act, to assert to the effectiveness of controls over financial reporting.4 It stands to reason that they can and should unlock this same data to measure effectiveness and efficiency of ethics and compliance activities. Data-supported assessments carry more weight than mere qualitative assessments and provide a basis for actions taken with respect to implementation of compliance efforts, as well as remediation efforts in the event of a compliance issue. Boards, third parties, and government officials prefer data-driven compliance program assessments, because they are fact-based, use objective criteria, and contain Data: A hidden gem in the effectiveness of ethics and compliance programs »» Just as they use data to measure operational efficiencies, so too can organizations use data to measure and assess the effectiveness of their ethics and compliance programs. »» Data-driven assessments provide a factual basis upon which to draw qualitative conclusions about the effectiveness of ethics and compliance programs and defend compliance activities in the wake of an incident. »» Compliance officers should work with data experts to identify, collect, and present relevant data in a manner that is meaningful and easy to understand. »» Companies should establish appropriate metrics to assess the state of ethics and compliance programs and develop benchmarks by which to measure their progress. »» The use of analytics tools, such as a dashboard and its easy-to-access and useful information, can be of great benefit to the Compliance function.
  • 2. 74   www.corporatecompliance.org  +1 952 933 4977 or 888 277 4977 Compliance&EthicsProfessional®   March2016 tangible criteria that are measurable over time. Data also provides a basis to draw qualitative conclusions (e.g., the programs are effective) and to defend the activities in the wake of an incident.5 Additionally, compliance officers can use data to focus their compliance resources, get the most out of those resources and, if resource starved, make the case to enlist additional support. Defining data Data is simply another word for information. Typically, data is presented in number or amount (e.g., the time of entry into a building, the amount of dollars spent on compliance-related functions, the number of calls to the whistleblower hotline) or in words (e.g., the names of the individuals who participated in a risk assessment). Data analytics is the science of examining such raw data with the purpose of drawing conclusions about that information. Experts in data analytics often differentiate between “structured” and “unstructured” data. Structured data refers to information that resides in fixed fields (e.g., information from an enterprise resource planning [ERP] system, such as Oracle or SAP; other financial and operating systems, tables, and spreadsheets). Unstructured data, as the name implies, includes raw information that does not reside in fixed fields (e.g., e-mails, Word documents, pictures, video, audio, webpages, text contained in spreadsheets). Semi-structured data refers to data that can be converted from an unstructured format into defined fields. Organizations can use both structured and unstructured data to assess the effectiveness of compliance and ethics programs. Structured data is much easier to analyze, particularly if the organization collects information in pre-defined fields that correlate to the analysis (e.g., whistleblower data organized by type of complaint, business function, and resolution). It is possible to analyze unstructured data, but less convenient. The organization needs either to convert the unstructured data into defined fields or use full-text, keyword searches. Identifying and collecting data Part of the challenge in using data for the compliance assessment lies in identifying and gathering the data required for the analysis. Relevant data for assessment purposes often resides in disparate locations, both internal and external to the organization. Once relevant data is identified, it must be “normalized” for meaningful analysis. It is common for data to reside in different systems and exist in different formats. Accordingly, compliance officers need to work with data analytics experts to create a data plan and corresponding roadmap to locate, secure, and assimilate relevant data into a common platform. Measuring progress Although there are no “one size fits all” solutions to ethics and compliance programs, organizations must still select criteria against which to measure their company. Rather, the organization should tailor the criteria to its unique circumstances (e.g., number of employees, industries, and geographies in which the organization does business). Experts in data analytics often differentiate between “structured” and “unstructured” data.
  • 3. +1 952 933 4977 or 888 277 4977  www.corporatecompliance.org  75 Compliance&EthicsProfessional®   March2016 Professional literature abounds with criteria for an effective compliance and ethics program. Many organizations follow the U.S. Sentencing Commission’s Federal Sentencing Guidelines,6 but that guidance technically applies only to sentencing following a guilty plea or verdict. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is the leading framework for managing compliance, operational, and reporting risk. The COSO Integrated Internal Controls Framework7 is another useful resource, which public companies can apply to also meet Sarbanes-Oxley requirements. Federal departments and agencies issue their own guidance, including, for example, the Department of Defense, Health and Human Services, the Department of Justice (DOJ), the Securities & Exchange Commission (SEC), and the Office of the Comptroller of the Currency. State agencies provide additional guidance. Many organizations employ a risk- based approach, though, it presents somewhat of a “chicken-and-egg” dilemma. This approach begins with a risk assessment to define the scope of the E&C programs. Others include a risk assessment as a component of a compliance program. Either approach is acceptable, provided that the organization conducts a comprehensive risk assessment—and the same data can be used in either scenario.8 Benchmarking for success One of the significant challenges with regard to E&C programs is that most published criteria are general and qualitative. The Federal Sentencing Guidelines, for example, require organizations to “promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law,”9 and the DOJ expects “high- level commitment by directors and senior management.”10 The literature, however, provides scant direction on how organizations can measure compliance with these broad principles. Given the absence of specific guidance, organizations must identify appropriate data sources and develop objective quantitative and qualitative metrics to meet government expectations.11 For example, to demonstrate a commitment to a culture of compliance, organizations can consider and score the results of focus groups and culture surveys, as well as the frequency of messages from senior management that reinforce ethics. Or, to demonstrate effective training, track completion rates and signed certifications for receipt and acknowledgement of relevant governance documents such as the organization’s Code of Conduct. Finally, the organization can assess the effectiveness of remediation efforts by reviewing incident reports compiled by the Internal Audit department (or its equivalent) and scoring the nature and sufficiency of the follow-up. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is the leading framework for managing compliance, operational, and reporting risk.
  • 4. 76   www.corporatecompliance.org  +1 952 933 4977 or 888 277 4977 Compliance&EthicsProfessional®   March2016 It is important to know your audience when developing benchmarks. Senior management and the board might be interested in one set of benchmarks, but prosecutors and regulators might have an interest in others. Proactively anticipating these areas of focus will prove more successful than trying to recreate them after the fact. Developing benchmarks takes considerable time. Forensic auditors, data analytics experts, and compliance risks and controls experts can help compliance officers to identify potential data sources, develop analytics procedures, and employ statistical packages to categorize and design rational scoring methodologies to grade results. Set benchmarks against peer entities, if possible. An organization can look at statistics on mechanisms used to report misconduct and compare them with the use of its hotline, for example, against similarly- sized organizations. Create internal benchmarks, if external ones are not available. When developing a culture survey, for example, create the expected number of “strongly agree,” “agree,” “disagree,” and “strongly disagree” responses to particular questions. The benchmarks, after all, must be defensible. Developing a dashboard The organization needs to track benchmarks, just as it would any other program or plan. Take advantage of technology to automate the collection and tracking of benchmarks. The Compliance function, ultimately, would benefit from a dashboard, which (in addition to easy access to critical and useful information) would by its mere existence demonstrate the organization’s commitment to compliance (see Table 1). Federal Sentencing Guidelines Metric(s) Sample Dashboard Metric(s) Culture that encourages ethics and compliance Culture survey results; messages from senior management emphasizing importance of ethics Roles of board, management, and Compliance Board committee charters and meeting minutes; frequency of meetings between senior management and compliance personnel; Compliance department structure and resources Diligence by positions of authority Diligence files Training Completion rates for trainings and signed certifications regarding receipt of training Mechanism to report misconduct Number of ethics hotline calls; nature of allegations; type of reporting mechanism Risk assessment Frequency and nature of compliance-related risk assessments Audits to detect misconduct Number of internal audits including detection of misconduct within scope; types of misconduct; risk indicators considered Response and remediation of misconduct Number, type, and results of allegations and remediation Table 1: Compliance Metric and Associated Dashboard Visual
  • 5. +1 952 933 4977 or 888 277 4977  www.corporatecompliance.org  77 Compliance&EthicsProfessional®   March2016 Upcoming 2016 SCCE Web Conferences 3.2.2016 | Education tech: Are you managing privacy and security risks or outsourcing them? • ROSLYN F MARTORANO, Systemwide Privacy Manager, University of California • ISAAC STRALEY, Campus Information Security Officer, University of California, Irvine • DIANNE YODER, Associate Director IT and Professional Services, Strategic Sourcing Centers of Excellence, University of California 3.9.2016 | Our First Ethical Climate Survey: What we did and what we learned • ANN D. E. FRASER, PHD, Executive Director, Values, Integrity and Conflict Resolution Directorate, Integrity and Redress Secretariat, Canadian Food Inspection Agency 3.16.2016 | Concerns that Keep Youth Program Directors Awake at Night • CANDACE COLLINS, Director of Higher Education, Praesidium Inc. 3.30.2016 | Update on Global Data Privacy Laws and Frameworks • ROBERT BOND, Partner, Charles Russell Speechlys LLP 4.13.2016 | Right to be forgotten, right of erasure, so nothing left to chance? • ROBERT BOND, Head of DataProtection and Cyber Security Law, Charles Russell Speechlys LLP 4.28.2016 | Navigating the Challenges of U.S. Export Controls • JULIO FERNANDEZ, Principal Consultant, Fernandez Export Advisory LLC Learn more and register at corporatecompliance.org/webconferences Conclusion As scrutiny of corporate ethics and compliance programs intensifies, it has become more imperative than ever for compliance executives to identify and use the appropriate data to measure the effectiveness of these activities. Data can be leveraged not only to maintain a watchful eye on the programs, but also to defend them in the event of regulatory action. ✵ 1. United States Sentencing Commission: 2014 Guidelines Manual, §8B2.1. Available at http://bit.ly/guidelines-manual 2. See Leslie R. Caldwell, United States Department of Justice, Remarks at 22nd Annual Ethics and Compliance Conference, October 1, 2014. Available at http://bit.ly/remarks-assist-ag 3. Leslie R. Caldwell, United States Department of Justice, Speech at SIFMA Compliance and Legal Society New York Regional Seminar. November 2, 2015. Available at http://bit.ly/leslie-caldwell 4. See Sarbanes-Oxley Act of 2002, §§302, 404 (2002). 5. United States Department of Justice: Principles of Federal Prosecution of Business Organizations, §9-28.300 (2015) (directing prosecutors to consider the effectiveness of the corporations pre-existing compliance program in determining whether to file criminal charges). 6. Ibid., Ref #1 7. Information about COSO is available at http://www.coso.org. 8. Jonny Frank: “5 Ways to Meet DOJ’s Heightened Compliance Expectations“ Law 360; May 29, 2015. Available at http://bit.ly/5-ways-to-meet 9. Federal Sentencing Guidelines, §8B2.1(a)(2) 10. Ibid., Ref #3 11. Timothy Hedley and Ori Ben-Chorin: “Collecting and Evaluating Effective Compliance Program Metrics” Compliance Ethics Professional; December 2015, pp 57-60. Jamal Ahmad (jahmad@stoneturn.com) is Managing Director at StoneTurn Group in New York City. Jonny Frank (jfrank@stoneturn.com) is a Partner at StoneTurn Group in New York City.