How do you demonstrate and prove the value and success of your programs? The compliance leaders from The Home Depot, General Electric Company, and Duke Energy will discuss the tactics and data they have used to demonstrate the “net benefit” of compliance, ethics and risk programs.
- Featuring:
- Duke Energy Senior Vice President – Audit Services and Chief Ethics and Compliance Officer, Jeffery G. Browning
- The Home Depot Director, Corporate Compliance and Ethics, Brad Nesmith
- General Electric Company Manager of Integrity & Regulatory Compliance, Natalie Jackson-Smith
- OCEG Scott Mitchell, as the moderator
These are my notes, live from the session:
- Establish Expectations–
- Risk Assessments
- Federal Sentencing Guidelines
- Code of Business Ethics
- Communicate Expectations
- Policies/Procedures
- Training
- Awareness/Employee Portal
- Monitor Behavior
- Hotline
- Surveys/Questionnaires
- Automated/Manual Processes
- Report Results
- Senior Management
- Audit Committee
- Drive Continuous Improvement
- Prevent Similar Misconduct
- Periodic Evaluation of Effectiveness
Demonstrating ROI is tied to brand and reputation that leads to competitive intelligence. The key is trying value ethical missteps and the prevention of ethical missteps.
Where are you getting pressure to communicate the value or ROI of compliance?
The pressure is not coming from the audit committee. They think compliance is their best friend.
When the risk is the executive ending up in handcuffs, they very quickly see the value of compliance.
You can argue about hotline call volume. An increase may indicate more problems or more awareness.
What are the strategies for communicating ROI?
Getting in front of the business people is a great strategy. Be proactive as regulations and business needs change. If you deliver value, they will get you involved earlier.
Telling stories about the failure and cost of failure gets the attention of management and helps them understand the problem.
Avoidance of compliance losses is tough.
One example of ROI was for data privacy. They did the math of how many Massachusetts residents they had in records and multiplied by the amount of the fine under the Mass. Data Privacy Law.
One key is tying the budget to strategic initiatives. So if you are managing your budget, then you are managing the ROI.
Another is looking at shareholder return. A panelist cited the improved performance of the companies that have won Ethisphere’s Most Ethical Company award.
Materials:
I am conscious that this is a difficult topic but don’t we have to talk about return on investment? Most of the discussion was focused on the bad things that might happen–costing lots of money–without an ethics and compliance program. Or the good things that happen with one. But that doesn’t answer the question of ROI or help make the decision about where to allocate the marginal investment dollar.
I’m not sure.
For my company, they though having a compliance program would be good for its investors. So they started one.
Compliance is tasked with preventing bad things from happening. How do you prove that a program will prevent a bad thing form happening or that the program has prevented something from happening? That is the magic pixie dust for compliance.
In part, that’s why you don’t see lots of vendors at Compliance Week. It is hard to justify costs. You have to believe.