In November, OpenPages and Compliance Week hosted a roundtable with 17 senior executives where the discussion covered the kinds of metrics to use when discussing and reporting on risk and compliance initiatives. Companies ranged from a variety of industries and covered the risk and compliance functions. Matt Kelly, editor in chief at Compliance Week, moderated the session and blogged about it. To review the article written about the roundtable, “Shop Talk: Metrics for Risk, Compliance,” visit the Compliance Week website.
One of the interesting topics that surfaced during the discussion was how do we, as risk and compliance professionals, get closer to the business to influence the decisions that are being made in the context of an operational process. Everyone agreed that it’s relatively easy to track external metrics–calls to the whistleblower hotline, for instance, and it’s also straightforward to put in training procedures. However, the challenge is getting the “in-process” metrics to influence decision-making.
This question of how to get closer to the business was also a theme at RiskMinds in Geneva last week. Many operational risk executives said that the next frontier is more effectively influencing the “in-process” decisions to reduce operational risk.
For us, the takeaway is that reporting and KRIs have to get more granular and more timely for both the business and the group risk and compliance functions.