Data Can Unlock Ethics and Compliance Program Optimization
One of the key insights from LRN’s 2019 Program Effectiveness Report is the need for organizations to operationalize their ethics and compliance programs by embedding them into everyday business activities, and not keep them as something people engage with once a quarter or once a year when it’s time to take the annual training.
One of the best ways to do that is to make optimum use of the organization’s data to better understand the level of employee engagement and trust; how, where and when concerns are being raised, and how quickly they are addressed; and to spotlight potential areas of risk, noncompliance and reputational compromise.
LRN’s Susan Divers, who helped to author the report, moderated a webcast last week with Joseph Suich, chief compliance officer and counsel at GE Power, and Collin Lowney, director of the audit services group at AECOM, to talk about ways to use data to drive ethics and compliance.
Data modeling is expected by regulatory agencies and is a must-have, said Suich. Beyond that, it can help improve return on the compliance investment by more quickly and efficiently identifying spreadsheet anomalies. These can be anything from unusual spending with a supplier, improper payments or just seeing that money is being wasted.
Data analytics can “show the value of the overall program, not just from a compliance standpoint as a champion of culture, but as a value-add,” said Suich.
One of the key metrics used by Suich at GE Power is open reporting, a comprehensive system to capture concerns from the hotline, human resources, compliance or via ombudspersons the company employs in the approximately 140 countries in which it operates.
“We all want issues raised, we all want people to raise issues, that's the kind of culture we want to drive,” said Suich, and these issues form the data that analytics analyzes to better focus the ethics and compliance program.
The rate at which people report their concerns--Suich says an average of 13 per 1,000 employees is a healthy number--shows how comfortable people are in coming forward and openly reporting issues, and also their level of trust with the organization. “It shows the power of analytics to take those programs and make them drive business priorities in the right way,” he said.
Analytics drives continuous monitoring
The LRN report found 47% of organizations who had what were ranked as high-impact ethics and compliance programs use data analytics to analyze patterns of misconduct, or to identify potential red flags, with another 15% planning to do so in the next year.
The use of analytics by all the programs included in the survey that formed the basis of the PEI report rose 30% from 2018 to 2019.
“Our research indicated that more programs, particularly those with high impact, use analytics to drive more effectiveness...and they do so in different ways,” said Divers.
AECOM started its analytics program to improve audit quality of third-party partners and payments to them, said Lowney. The audit department collaborated with the legal and ethics and compliance teams to develop a tool that blends data, cleans data, and conducts analysis based on 14 risk-factor tests. These are used to risk-rank projects, project managers, business lines, vendors, countries.
The continuous-monitoring system employs these tools to review financial and qualitative data that can help to identify risky transactions that could involve bribery, corruption or other internal-control deficiencies, said Lowney.
The system is user-friendly and doesn’t require business leaders to have programming skills, which Lowney said puts the analytics tools “in the hands of the people with the strongest business knowledge, not just coding knowledge,” making for readable and understandable dashboards.
“It allows us to do scoring of a quantifiable risk assessment on any area want to look at,” he said. “The flexibility of our dashboards allows us to look instantaneously. We can answer the who, where, when and how of every third-party payment.”
The tool also helps with unstructured data, as the team created a list of 75 Foreign Corrupt Practices Act-related keywords that AECOM’s global audit team global translated into four different languages. These include slang terms and euphemisms for bribery and other types of fraud.
Lowney said it’s been a successful means of flagging potential issues. “It’s more comprehensive for an auditor to read this through the dashboard than to read an excel spreadsheet and to try to piece this all together,” he said.
At GE Power, Suich meets with HR, IT and other departments every quarter, or whenever data shows a problem or potential lack of effective controls. Doing so allows for the proper subject-matter experts to be brought in to execute any additional controls and training that is needed.
“You really need to use this data. That’s where you see the business value...where you stop the bad problems from happening again,” said Suich. “That really is a value-add.
“The biggest mistake is to have data like this and not use it.”