Data, Data and Data – How to Collect and Measure Data for Your Compliance Program?
As compliance strategies evolve and improve, more attention is being paid to data and measurement of a compliance program. Like every task associated with compliance, professionals have to be smart when it comes to this issue. A compliance program generates (or has access to) a vast amount of data and it is easy to get lost in the morass of data without any appreciable benefit.
Compliance officers live by a simple motto – risk-based decision making and allocation of resources – as a discipline is a valuable framework for analyzing issues. When it comes to measuring your program, I consistently advise companies to start small, meaning pick a function that is discrete, establish a baseline and then collect data over a specified period to gain feedback. To facilitate this process, I ask the following:
- What is the specific compliance function or question we are trying to answer?
- What type of data is available?
- Does the data provide a relevant insight into the issue?
- How can you collect the data?
Let’s take one example. Assume that you want to measure whether your third-party agent contracts include as a routine matter appropriate anti-corruption provisions that were mandated three years earlier. As a starting point, you decide to examine the contracts within each region (assuming there are 20 to 30 contracts in each region).
Assuming that the company has a contract management system, which stores such information, the data would include the review of agent contracts by region. The data will provide insights into two specific questions:
- Does the agent have a contract?
- Does the contract include an appropriate compliance provision?
Starting in year 1, we should generate information by region as to the number of contracted agents and whether the contract includes the appropriate compliance provision.
With this information, we can establish a baseline for trends – in Year 2, did the numbers improve or decrease? In year3, how do the numbers compare to Years 1 and 2, and so forth.
This is a fairly simple example. Let’s examine a more difficult inquiry.
Assume that you want to measure invoice review for third-party agents – the invoice to payment process. For this category of third parties, you have an established procedure for each invoice.
First, the invoice is matched to a contract so that the services are specified in the contract.
Second, the reviewer has to verify that the appropriate services were provided.
Third, assuming that the first two steps are completed, the agent has to be paid an appropriate amount as specified in the contract.
Fourth, the review has to be approved by the reviewer’s supervisor.
To effectuate this control, a record is maintained for each invoice in the financial accounting system as to who conducted the review, whether these elements were satisfied, and whether the supervisor approved the payment and review.
To measure this process and determine performance, data is collected on the invoice, whether it was verified, whether it was rejected for further information from the vendor, whether the payment was adjusted, and whether the supervisor reviewed the reviewer’s performance.
Again, each of these issues can be tracked, measured, and analyzed. A trend analysis can be used to track overall performance against these specific questions.
If the data set is too large, a sampling of invoices can be collected over a time period and compared on a year-to-year basis.
These are just examples of what can be done. A compliance officer has to use his/her judgment as to what to measure and the value of such data.