Measuring compliance program effectiveness is not only a top trend for 2016 but is front-of-mind for senior executives. With staggering numbers reported around insufficient staffing for compliance teams and the increase of regulatory scrutiny, it’s time for compliance officers and practitioners to be able to step up to the plate using persuasion tactics that help increase influence across the organization through implementation of an effective decision-making process.

1. Compliance
Metrics
Moving from Best Practice to
Standard Practice
Tuesday, June 7, 2016

2. Housekeeping
ü You will receive a copy of the presentation and recorded version of the
webinar via email after the conclusion of the webinar.
ü You have joined today’s session listening through your computer’s
speaker system by default. This means, if you can hear music through
your computer, you will be able to hear the presentation.
ü If you would like to call in using a phone, just locate your Audio Pane and
select Use Telephone. The dial-in information and access code will then
be displayed.
ü Please type your question(s) and click Send in the Questions Pane. At
the end of the presentation we will do a Q&A session and take as many
questions as we have time for.

3. Christopher Nixon
Chris is the Executive Vice President of Marketing at
Convercent where he works with compliance
executives and teams everyday to help solve the
pressing challenges that exist within today’s ever
changing environment.
Chris’ responsibilities at Convercent include
developing content and research that help drive
results for customers and prospects. Convercent is
the only SaaS solution purposely designed to address
the needs of corporate compliance officers - at once
fulfilling their breakneck day-to-day tactical
management needs and their comprehensive
boardroom reporting and analysis.
We help them avoid the financial and reputation
fallout when employees - good and bad - do bad
things. Convercent supports more than 440
companies in 130+ counties, and count Philip Morris
International, Kraft Heinz, LinkedIn, and Under
Armour as some of our biggest fans.

4. Laura Jacobus
Laura is a seasoned attorney who leverages a unique
blend of legal acuity and strong business acumen.
With both legal and strategic business operations
leadership roles at global high tech companies,
including Cisco Systems and Juniper Networks, Laura
approaches compliance and ethics with a broad view
and an emphasis on cross-functional ownership,
metrics and implementation.
At Juniper, Laura developed and implemented a
highly-regarded ethics and compliance program and
led the process that resulted in Juniper twice
receiving the coveted Ethics Inside Certification and
being named a repeat honoree of the World's Most
Ethical Companies designation by Ethisphere
Institute.
Laura currently is consulting in the area of ethics and
compliance while developing and teaching
compliance related courses at multiple higher
education institutions.

5. Ronnie Kann
Ronnie Kann is the Executive Vice President,
Research and Program Development, for the Ethics &
Compliance Initiative (ECI), a non-profit that
empowers organizations across the globe to operate
their businesses at the highest levels of integrity. In
this role, he is responsible for setting the ECI research
agenda, developing new services to support the
ethics and compliance industry, and advancing the
mission of ECI.
Prior to ECI, Kann worked for CEB, a best practice
insight and technology company. He held a variety of
senior management roles across CEB’s businesses,
serving chief compliance and ethics officers, general
counsel, chief human resource officers, chief audit
executives, and chief risk officers, bringing a cross-
functional approach to solving management
challenges.
Kann’s expertise in ethics and compliance has been
featured by The Sunday Times, Financial
Management, Human Resource Executive, Journal of
Business Compliance, Treasury & Risk, Compliance &
Ethics Professional, and Ethisphere Magazine.

6. Research & Content Referenced
Exclusive Interview
DOJ’s Andrew Weissmann and
Hui Chen Talk Corporate
Compliance
Exclusive Interview
Metrics in Compliance
w/ Patrick Taylor, Patrick Quinlan,
and Gaurav Kapoor
Interviews by Laura Jacobus published on ECI’s blog

7. Measuring Program
Effectiveness is Front of
Mind.
Senior compliance and ethics professionals
are spending a considerable amount of time
figuring out how to determine the
effectiveness of their programs—specifically
whether or not the training and
communications they use are resonating
with their workforce.
Why Are We Here?
Measuring ROI Remains
Elusive.
Compliance officers still lack a meaningful
way to measure the ROI of their compliance
budgets. To more effectively elevate the
stature, funding and influence compliance
has in an organization, compliance teams
need to establish a more direct correlation
between compliance, company strategy and
long-term business profitability.

8. What Metrics Are Currently Used?

9. Laura’s Interview w/ DOJ
In all areas – not just FCPA – this is extremely important in my view. I think strong
compliance must be data driven. When I was recruiting compliance officers, one of
my questions was to ask the candidates to articulate what types of data they
would monitor.
My expectation was that a good compliance officer should be able to rattle off a
list off the top of their heads and their list will tell me the level of their
sophistication as a compliance professional. Similarly, when I look at compliance
programs, the kind of data that they do and do not monitor tells me a lot about
how sophisticated their program is.
“
Hui Chen
Compliance Counsel
Department of Justice

10. ECI’s Blue Ribbon Panel Report
Intensifying Regulatory
Environment
Increasing Global
Standards
Expanding Public
Scrutiny and Reputation
Risk
Rising Costs of
Misconduct

11. Model of an Ethically Healthy Organization
For nearly two decades ERC’s research has
shown that a well-implemented ethics &
compliance program drives a strong ethics
culture, and that these work together to
drive positive changes in an organization
and help reduce ethics risk.
Strong Ethical
Culture
Well-Implemented
Program
Driver #1 Driver #2
Reduced Retaliation
for Reporting
Reduced Ethics Risk
Increased Reporting
of Misconduct
Decrease in
Observed Misconduct
Reduced Pressure for
Misconduct
Outcomes
Goal
Causal:
Correlational:

12. Metrics of Well-Implemented Program
Risk
Assessment
1
Policies &
Procedures
2
Training &
Communication
3
Monitoring,
Auditing, &
Helpline
4
Investigation &
Response
5
Conflicts of
Interest
6
Culture
7

13. Risk Assessment
“If you have a robust enterprise-wide
risk assessment process, your priorities
will evolve out of that. CCOs should be
setting compliance monitoring and
testing priorities based upon these risk
assessments,”
Thomas Rollauer
Executive Director at Deloitte.

14. Policies and Procedures
ü How often your Code and
policies are reviewed,
refreshed and/or rewritten
ü Number and nature of Code
and policy violations
ü Results from culture surveys
and knowledge assessments
that gauge understanding
and retention of key Code
and policy tenets
Metrics to Gather
ü Ongoing Policy Updates
ü Regulatory Assurance
ü Identify Underlying Trends
How To Use Them

15. Training & Communication
ü Reach, medium, frequency and
completion rates of compliance
trainings
ü Reach, medium, frequency and
engagement rates of compliance
communications
ü How often your training is refreshed
and reviewed for effectiveness
ü Results from post-training
comprehension tests, knowledge
assessments and culture surveys
ü Number and nature of incidents by
employees who have completed
training
Metrics to Gather
ü Training program effectiveness
ü Revamp training programs
ü Determine areas to update
ü See what messages are
resonating
How To Use Them

16. Monitoring, Auditing, and Helpline
ü Reporting rates, known and
anonymous/1,000 employees by
reporting channel
ü Retaliation report trends, including
the number of reports of retaliation
ü Trends by location or department or
specific employees generating higher
than average reports of retaliation
ü Incident categories, including
emerging risk areas
ü Trends following policies updates or
releases
ü Training or communication campaigns
Metrics to Gather
ü Categories driving top risks
ü Source of hotline awareness
ü Feedback from culture surveys
ü Knowledge assessments
ü Q&A forums and/or focus groups
ü Call volumes relative to organizational
structure

17. Investigation & Response
ü # of investigations (active and
closed)
ü Length of time to investigate and
resolve issues
ü Disposition of cases and fees
associated with any settlements,
litigation or penalties
ü The risk areas and compliance
initiatives for each case
ü Classification of the reasons why the
individuals performed the actions that
led to the compliance violation.
Metrics to Gather
ü Identify soft spots or gaps in
your standard process
ü Evaluate Your Process
ü Due Diligence
ü Standardized Investigation
Process
ü Classifying Root Cause
How To Use Them

18. Disclosures / Conflicts of Interest
ü Conflict of interest disclosure rates by
seniority level, business unit, dept. or
geographic location
ü The number, type and amount of gifts
and entertainment given, received and
offered by or to employees
ü # and type of misconduct reports
related to conflicts of interest or
improper gifts
Metrics to Gather
ü Updates to Your Disclosure
Tracking Process
ü Abuse of Power
ü Deep Understanding of Gifts,
Travel, and Entertainment
How To Use Them

19. Culture
ü # of Surveys -- when/how often they
are distributed (monthly, annually,
etc)• Employee retention rates
ü Anonymous online reviews (positive
and negative)
ü Company and leadership reputation
(internally and externally)
Metrics to Gather
ü Repair or fix culture holes
ü Determine Why People Are
Staying
ü Use Perception To Help Take
Advantage of Good Reviews
How To Use Them

20. Assessing Your Needs

21. Using a Rating Scale to Improve
Needs improvement – 1
The compliance risks identified with
the organization are either not fully
mitigated by control or there are
inconsistencies in the processes that
make them susceptible to breakdowns
and/or scrutiny.
Operational - 2
Program processes and controls are in
place to mitigate risk and are
consistently operating.
Best Practice – 3
The processes have achieved best
practice criteria.
Transformational – 4
The processes have matured beyond
best practice criteria and/or is subject
to re-engineering due to high impact
changes affecting the process.

22. Compliance Metrics Interview
Part Three
Discuss what is pushing
the progression to
metrics in compliance
and how these
companies move
compliance out of the
compliance office into
the operations of any
company.
Part Four
Insight into the culture
of these companies in
Part 4 of this interview.
And we will wrap up
with some examples of
positive bottom line
impact via metrics and
some perspectives on
the future of metrics
and compliance.
Part One
A brief intro to these
three companies and
the professionals to
whom they sell their
compliance based
products
Part Two
Focus on lawyers and
their comfort with
metrics, the place of
metrics dashboards in
compliance programs
and Board
presentations, and the
role of preventive
controls vs. predictive
analytics and closed
loop processes.
Published on ECI’s Website

23. Hotline Investigations w/ HR Overlay
Position
Location
Department
Manager
Length of Employment
Compensation
Age
Sex
Direct Reports
Performance
# of Investigations
North America
Europe
Africa
Asia
South America
Employees in a particular country in Asia that had a length of employment with the company for 6-9 years -
that had been passed over for promotion, but were not close enough to their pension - were significantly and
statistically more likely to commit fraud.

24. Root Cause of Non-Compliance
BEHAVIORAL FACTORS
Intentional Behavior
An act of willfully disobeying
Lack of Sensitivity
“I wasn’t aware my conduct would have
that effect on others.”
Lack of Awareness
“I didn’t realize that the conduct was
wrong.”
Company Loyalty Rationalization
“I was generating profits for the
company.”
Legitimate Action Rationalization
“It is an outdated rule.” “Everyone else is
doing it.”
No Harm Rationalization
“It didn’t really hurt anybody.”
ENVIRONMENTAL FACTORS
Cultural Influences
Cultural differences, from inside or outside the
organization.
Financial or Performance Incentives
Incentive compensation or a performance
reward drove the violation.
Operational Burden
An undue operational burden left insufficient
time to perform in a compliant manner.
Pressure from Management or Peers
Pressure to conform or complete tasks at all
costs driven by a superior or peers.
Weak Controls
There were weak controls over the employee
or third-party activity.
Areas of Compliance
Resource Focus

25. Recommendation to the Board
1. Address Root Cause of misconduct by quickly removing
bad people from organization (intentional behavior) and
implementing new controls.
2. Targeted Training for particular group prior to reaching 6
years of service w/ the company (instead of one-size-fits-all
approach).
3. 3-6-12 Month Check-Ins to assess progress to ensure proper
risk mitigation.

26. Q&A
Thank you.
Laura Jacobus
Ronnie Kann
Chris Nixon