Our previous post explored why data analytics is so important for effective corporate compliance programs. Now let’s turn to the practical challenges of getting started on that journey — which, as we promise in the headline above, are not as hard as you think.
Start by remembering what a compliance officer wants to analyze here: how employees interact with your corporate compliance program. It’s also valuable to gather quantifiable data about their knowledge, attitudes, and behaviors related to compliance and ethics.
For example, you might want to understand which parts of the program employees access most often (the hotline? the Code? the policy manual? something else?) or which policies they find most confusing. Perhaps you want to explore some other issue relevant to your specific business, like ability to accurately perceive requests for bribes or knowing how and when to contact the export control group. Either way, you need to see the totality of how employees interact with the compliance program. Think of it as a bird’s-eye video of people moving around the whole neighborhood, rather than up-close pictures of people standing in front of each building.
To achieve that level of insight, your compliance program needs to be “analyzable.” That is, the actual components of the program — the Code of Conduct, training courses, policy manual, hotline data, investigation records, and more — need to exist in a format that data analytics programs can digest.
Yes, that does require some IT acumen plus a strategy regarding how, when, and where to gather data. The important point, however, is that your compliance program already exists. Those primary source documents — the Code of Conduct, the training courses, policy manual, investigation logs, and so forth — are all there, and all owned by compliance.
To get better analytics, you need to redesign these program elements to take advantage of data analytics — not reinvent them. That’s the crucial distinction.
Let’s walk through a simple example to show what we mean.
An Interactive Code of Conduct
At this point, most large companies already have perfectly fine Codes of Conduct — Codes that hit all the right notes about ethical priorities, permissible and impermissible behavior, and the duty of employees to speak up about misconduct when they see it.
The problem? Those Codes exist as PDF documents.
When the Code of Conduct exists as a static PDF document, an enormous amount of potential data goes uncollected. Perhaps you can see how many people access the Code, and maybe even who downloads the Code, but that’s pretty much all.
An interactive Code of Conduct exists online more like a website. Putting your Code into a digital format allows you to track exactly which parts of the Code employees visit and how long they stay. With the proper design, you can even track which devices employees use to visit the Code (a desktop PC, a company-issued tablet, their personal phones), where those employees are located geographically, which language they access, and how they travel “through” the Code: whether they visit one specific page, skim across a sequence of multiple pages, and so forth.
Now consider all the insights you can derive from studying that usage data. For example, you can see whether training courses you deployed on sexual harassment led to a jump in visits to your Code’s section on workplace civility. You could assess whether specific groups of employees (say, divided by geographic region) accessed the Code in different ways after training.
Sometimes that analysis will lead to immediate conclusions. Other times, the analysis might simply lead you to ask more questions. Even then, however, those will be better, more substantive questions about how employees engage with the compliance program.
Up and Running Quickly
From a technical and creative standpoint, converting the Code of Conduct from a static PDF to a dynamic web page isn’t difficult.
Rethink introduced our first digital Code format in 2018 and we have produced more than three dozen digital Codes for clients since then. Sometimes we write or rewrite the Code content from scratch. Other times, we lightly edit the existing content to better fit the digital format and then port it over.
We’ve learned it’s important to choose a digital format that fits a range of goals — fast creation, easy updates, translation readiness, a digital format that is compatible with your corporate website or intranet. (If you have questions in this area, we are happy to advise!)
Taking your Code digital opens a whole new range of possibilities. For instance, you can:
- Assess the effectiveness of your new Code launch. We have clients who can show data proving that virtually 100% of their employees had, in fact, accessed the Code, and that most visited every page. That’s a successful Code launch!
- See how employee behaviors change over time. Some clients see increased visits to the Code after the initial flurry of activity tied to the Code launch. Other clients see visits fall off a cliff. In both cases, we have been able to tie employee Code visits to specific choices clients made in their wider training program — giving them valuable insights into what to keep doing or stop/start doing.
- Test the usefulness/impact of other communications. What drives visits to the Code? Does a poster campaign move the needle? What about training? One client saw a significant increase in visits to the Code in a certain quarter and the team was perplexed as to why — until we reviewed their program and noted that they had, in fact, released a number of all-company communications related to the Code, compliance, and speak up during that timeframe. Conclusion? Their training and communication efforts had an impact on employee behavior — and they could prove it with data.
- Broaden data collection to other policies. Data collection doesn’t have to stop with the Code. Why not introduce an interactive policy manual, or a field guide for your sales employees?
If we can leave you with one message, it’s that it’s possible — right now, using modern data analytics technology plus program elements you already have in place (Code, training, etc.) — to gather powerful, data-driven insights that you can use to inform, defend, and improve your compliance program.
Here at Rethink, we introduced our Drive Analytics(™) service in 2020, as an optional add-on to our training courses and our digital Codes of Conduct.
Our originating insight was this: Compliance practitioners are already thinking about the compliance risks their companies face and the policies, procedures, and controls in place to manage those risks. They are already skilled at taking the organization’s cultural temperature and at evaluating and assessing their program’s effectiveness. They just haven’t always had hard data to back up their insights and observations.
Our goal was to marry that pre-existing “know the business” expertise with the data analytics firepower that modern IT can deliver.
And the results have convinced us that this is a powerful tool that no program should be without — providing that complete, bird’s-eye view of how employees engage with the compliance program that you’re looking for.