Benchmarking is a language everyone understands
What does good look like? It’s a fair question for an executive or a member of the board of directors to ask. And they do ask.
“Don’t be Company X” that just made scandalous headlines for firing their licentious CEO or bribing government officials is a simple enough goal – but just saying “that’ll never be us” is unlikely to provide much comfort. Most matur(ing) programs can show how they’re following regulatory guidelines and general best practices (seven pillars, DOJ guideline expectations, GDPR), but that’s really just the framework (and if you don’t have that, you’re really still under construction).
Comparative analysis provides a helpful lens that leaders recognize. And while fair comparators are often hard to come by for compliance programs, the annual NAVEX Whistleblowing & Incident Management Benchmark Report provides substantive data for comparison with a significant sample size (3,784 organizations with a total volume of 1.86 million individual reports). Additionally, each year NAVEX Chief Risk and Compliance Officer, Carrie Penman, and her team have added more useful information and greater depth to the analysis. Last year’s report, for example, was the first to slice the data by company size and this year’s report adds info regarding third party (non-employee) incident reporting.
For E&C geeks it’s fun (okay, interesting?) to hazard a guess at how significant external factors might impact the report data. Would COVID drive down reporting (it did in 2020 but it rebounded in 2021)? Will hybrid work dilute the increase in harassment allegations spawned by the #MeToo movement (unclear)?
So, now what?
Too often the benchmarking discussion ends with an affirmation that “we seem ok” and, while this may be big picture interesting, benchmarking information is most useful when it can evolve into actionable data. This means taking that comparative analysis and analyzing it in conjunction with data from other sources in your organization (e.g., HR, Audit, Risk etc.) to provide a sharper assessment and recommendations for improvement.
For example, your organization may see a spike in reports of harassment and other respectful workplace-related allegations that is higher than the averages seen in the NAVEX report of similar situated companies. That’s notable, but what do you do with this information? If you share that with leadership and/or the board, they may ask, “Why?” and “What are you going to do about it?” You could say, “we shared it with HR, now it’s their problem” but I wouldn’t recommend that strategy.
A good next step (before any report is out) is to drill down a bit on your own data. Maybe you find a particular business unit or department accounts for a significant share of the rise in harassment allegations. That’s helpful and gives you some confidence about where to dig deeper. But if you’re able to pair those findings with information from another source you can (hopefully) be even more surgical, both in your report out and in your follow-up actions.
Perhaps the most recent employee survey data shows a high level of dissatisfaction in the same departments that experienced spiking harassment reports. Now you can collaborate with HR to further validate the concerns and justify affirmative steps to do something beyond waiting for the next complaint. It might be listening sessions with employees, skip level meetings for front-line supervisors, or it might prompt a review of recent personnel changes.
The same collaborative analysis can be employed with other stakeholders. If the benchmarking report suggests your fraud allegations are unusually high, for example, and your deep dive suggests a high number of concerns emanate from a particular business unit or are related to your procurement process (even if they were mostly unsubstantiated), the information may guide how your Internal Audit team deploys its resources in the coming year.
Turning insights into action
Ok, now you’ve done your due diligence and need to share it with leadership. The challenge here is that you often compete for a limited piece of real estate in the written materials submitted to leadership or board meeting participants (with even more limited speaking time at the meetings themselves).
Being succinct is key, as is knowing your audience. How will you show the board, for example, that you’ve used a valuable external source (the benchmarking report) in conjunction with a rigorous analysis of internal data (your hotline data plus other sources) such that your conclusions and assessment of necessary next steps will yield both understanding and support?
A multi-page deck is likely part of your existing reporting process, but consider including a one-pager that covers all your key points. Constructing that slide as a starting point forces brevity (a modified A3 type format may work well). A deeper dive with charts and graphs may follow (or appear in an appendix) but while most leaders/board members will try to do a full pre-read and follow the report out, you’re competing for attention span and you want to make sure the key takeaways get, well, taken away.
Finally, a benchmarking analysis can be a great springboard for further discussions inside and outside your organization. Use the data at department level to give managers a better big-picture view of the compliance program, and it can be a great vehicle for exchanging ideas with compliance professionals in other organizations. It’s always interesting to share key takeaways from the report with peers and see how the data can be used to support and inform ongoing initiatives.
The 2024 NAVEX Whistleblowing & Incident Management Benchmark Report will give you a solid baseline to benchmark against and instructions on calculating your own metrics. Check it out and start making the most of your data.