Lao Tzu famously said, “The journey of a thousand miles begins with one step.”  One of the biggest challenges found in trying to start a metrics and monitoring program is that it is so easy to get overwhelmed.  In this blog, which is the last in our series, we’ll explore how to set up a metrics program intelligently, and in a sustainable fashion.  We’ll also deal with objections and excuses, and find ways of pushing through fear and feet dragging to get where we need to go.

This is Part 9 of our series.  If you haven’t read Part 1, I recommend you go back and start there, as it sets the stage regarding why certain metrics should be chosen.  We’ve already explored metrics that can be used with policies and procedures, which can be found HERE, monitoring and auditing, which can be found HERE, training, which can be found HERE, third-party risk management, which can be found HERE, governance, which can be found HERE, communications and tone from the top, which can be found HERE, and risk assessment, which can be found HERE. 

Dealing with Excuses and Objections

It’s easy to find an excuse not to collect and analyze metrics.  Here are four common objections and how to overcome them.

I don’t know where to start! …

Join me for an exciting webinar to learn how to avoid a car crash in your third-party due diligence program! On Thursday, August 29th at 12:00 p.m. Easter, you’ll learn:

• How to deal with the most critical part of your program – scope

• How to handle policies and procedures in a sane way

• How to manage the business and create partnerships for tackling red flags

• How to deal with attestations, due diligence questionnaires and nasty fights over “critical” third parties that refuse to participate

• The Eight Commandments of a successful due diligence program

To join me: Sign up HERE!

For professional athletes, world records and gold medals are won and lost in hundredths of a second. The arrival of an ambulance one minute late can be the difference between life and death.  Happily, most of us in compliance aren’t under that extreme time pressure, but we still need to make every moment count.  Whether through meeting requests, being cc’d on endless email chains, or accepting invitations to pick your brain over coffee, your days can quickly be filled with unproductive tasks that take you farther from your goals. 

Turning down meetings and getting off of email chains can be hard, but you can find more time if you employ stealthy techniques.  Here are three hacks to help you take back your time. 

Schedule Meetings and Phone Calls for 15 or 20 Minutes

Have you ever noticed that most meetings are scheduled for 30 minutes or an hour?  It’s just assumed that blocking off half hours or full hours of time is needed.  Instead of scheduling for the default amount of time, think about the amount of time you want and need to give the meeting or call…

The Department of Justice’s watershed Evaluation of Corporate Compliance Programs Guidance Document made it very clear: a risk-based approach is necessary to avoid “devot[ing] a disproportionate amount of time to policing low-risk areas instead of high-risk areas.”  The Guidance goes on to describe all of the areas where a risk-based approach is required.  Having a risk assessment is just the beginning.  Monitoring the right metrics relating to the risk assessment is critical to judge the health of the program.

In this blog, we’re going to explore metrics relating to risk assessments.  This is Part 8 of our series.  If you haven’t read Part 1, I recommend you go back and start there, as it sets the stage regarding why certain metrics should be chosen.  We’ve already explored metrics that can be used with policies and procedures, which can be found HERE, monitoring and auditing, which can be found HERE, training, which can be found HERE, third-party risk management, which can be found HERE, governance, which can be found HERE, and communications and tone from the top, which can be found HERE. 

What Needs a Risk-based Approach?

The phrase “risk-based approach” is used by many compliance officers, sometimes without an understanding of what it means.  The DOJ Guidance defines several areas in which risks should be managed using a risk-based approach.  These include third-party due diligence, assignment of training, gathering metrics and reporting for the Board, and the allocation of resources (both human and financial).  Without a proper written risk assessment that is effectively monitored, this is impossible.    

The Most Important Question …