Measuring for success

Recently a fellow compliance officer from the Turkish subsidiary of another multinational contacted me. She asked for my advice, because she had lately felt a loss of motivation for her job. After having heard me speak at a meeting of the Turkish Ethics and Reputation Society [1] and having followed some of my posts on LinkedIn and this blog, she had decided to reach out to me to learn what it was that is driving me and making me so motivated and enthusiastic about my work. I agreed to meet for a cup of Turkish coffee in a restaurant with a nice view of the Bosphorus and the second bridge crossing it.

In our conversation, she described her problem: She was a one-woman show for Turkey with little direct interaction with local management and other functions. She described that she just felt like going through the motions of a globally set compliance program and reacting to events like triggers for investigations into misconduct. Due to a strong focus of her job on dealing with investigations, she felt somewhat isolated from business because she was perceived as a kind of “internal police” by business management. She was asking herself: “Why am I doing this? Am I doing the right things? Am I spending my time on the things that really matter? Am I having an impact if I see the same things happening again and again? What is the value of my work and is it being appreciated? Am I effective at what I am doing?”

Who of us hasn’t been at that point at some time in our career? I think such thoughts and self-doubts are quite typical for members of the governance-risk-compliance-audit profession, because many of them are analytical, threat/risk-focused and regularly see the bad (or worst) side of what can happen in business. Also, the more you deal with risk management and uncertainty, the more aware you become of all the things you do not – and cannot – know. [2]

Been there myself in my career. Together with the impression that somehow no one appears to take you seriously, that business is dangerously ignoring all the things that can go possibly wrong and somehow running towards a cliff with their eyes blindfolded, you can develop a deep frustration and feeling of isolation; like the prophet on the mountain to whom no one listens and who sees all the sinners and clear signs of impending doom. I call this the “auditor’s depression.” It’s a condition close to burnout syndrome. Don’t go there. And if you feel you find yourself in such a situation, try to get back to your people again quickly. Or find another career. Because this attitude is not healthy. Neither for you nor for your organization.

How can you get (back) a sense of ownership and autonomy and increase your motivation. You need to get (back) into the driver’s seat and make yourself comfortable there. Put yourself into a position to own your local compliance program and actively drive it forward. As one member of my compliance leadership team put it to me: “We need you to be a compliance leader in your country, not a compliance manager. ”

Here are some of the things I did after coming to Turkey. This is by no means an exhaustive or systematic list. Rather it is a collection of steps I took to own my local compliance program.

  1. Research your country’s national culture and customize the compliance program coming from global. Characteristics of national culture dominate what we call corporate culture. As the research of Geert Hofstede has shown, six dimensions of national culture can be identified. [3] According to these , you may need to emphasize or de-emphasize some aspects of the program and adjust your communication style. All global compliance programs, are heavily influenced by anglo-american views of effective compliance management thanks to the worldwide applicability of the FCPA and UK Bribery Act. On the other hand, not all program materials can be directly translated into local language and used. They need to be “translated” (in a wider sense) into the national culture context to be understandable for local employees. We have used this quite successfully in Turkey by using the strong cultural dimensions of “power distance” and the collectivist tendency of Turkish culture to position the Compliance team as “part of the family”, “an older brother to help in solving problems”, “a strict but fair uncle who will control and sanction violations but also reward positive behavior”; we also appealed to the sense if loyalty of employees to the company leaders while at the same time training these leaders in being role models in doing business with integrity. More information can be found in my blog post “Culture, Compliance and Turkey“.
  2. Develop a local strategy and roadmap for your country program; in addition to what may come from regional/global. Where are you and where do you want to go? What are the key elements of your program? What are your regular processes, e.g. compliance approvals? What are your periodic processes and reporting requirements, e.g. compliance control self assessment, risk monitoring, SOP updates? What unexpected events can come up, e.g. investigations into misconduct? SWOT: How good / mature are your processes? Where do you and your team lack resources, competency, …? Who are your key stakeholders, what are their requirements from you and how do they see you? (This means: conduct stakeholder interviews.) There’s too much to go into detail here. For myself, the situation was that I had an internal audit to remediate right at the beginning of my tenure, so I had an independent assessment of the weaknesses of the program in front of me and my initial 3-year roadmap was: 1) Remediate, 2) Maintain and Improve, 3) Operational Excellence. Based on this and in combination with projects and initiatives coming from global, we kept developing and prioritizing the more detailed elements of our local program.
  3. Build a simple dashboard. Based on your roadmap, build yourself a management cockpit. Define some simple metrics of what activities you do, how much time and effort you devote etc. Put this into relation to your major risks. Does it make sense? Or are you devoting the majority of your time and resources to minor risks while leaving the big chunks rather unattended? The dashboard and some metrics of your major activities will also make it easier to ask for more resources if you need them. My own dashboard is organized into the four domains Establish, Engage, Embed, Enforce with two to four major processes in each domain and a few key metrics for each process. [4]
  4. Measure what you do and how effective it is, e.g. the impact of your trainings in raising compliance knowledge; feedback to an activity; perception of the compliance function… PDCA is not dead. Use it. Measure the impact of your activities, adjust them according to the results, then do them again and measure the improvement. An example where we applied this: We introduced a compliance exam for our field force once every 4 months at our cycle meetings. The exam covered all typical field activities and described typical decision situations the representatives may find themselves in and possible actions in multiple choice format. By this approach we tested the knowledge in application of the relevant SOPs. In the first exam, we identified the weakest fields if knowledge and subsequently reinforced the knowledge in these areas with targeted learning offers in the form of one-pager infographics (big graphics, little text) on one topic each sent out via email and Yammer before the weekend. The feedback to these “one minute trainings” was great. At the next exam, we repeated some questions from the first exam and measured a substantial increase in correct answers compared to the first exam for those topics addressed with infographics vs. topics covered in normal classroom or read-and-understood trainings. A second area we measured in a survey very recently is our Integrity Culture, as perceived by the employees. From the survey results we determined which areas of the compliance program we need to emphasize more and where we are doing good.
  5. Prefer rewarding improvements instead of only sanctioning violations. You will identify the improvement from your measuring activities. For instance, we have introduced a “compliance excellence award” for a business-led project with a positive compliance impact; in addition, we recognize high performance at the compliance exams at our cycle meetings by awarding a framed certificate and a gift voucher for a bookstore. (I recently learned from Daniel Kahneman’s “Thinking – fast and slow” that I should not give the award to those with the highest exam scores but rather to those with the greatest improvement compared to the previous exam.)
  6. Internal Marketing: Define a local language slogan or brand and use it frequently and consistently in presentations, e-mail signatures etc. In Turkey, we used this to repeat the message that we want to become (and be perceived as) trusted advisors to the business, true business partners and not the nay-sayers or internal police. Our slogan was “Yanınızda. Hizmetinizde. Sizin ve Şirketimiz için.” (“At your side. At your service. For you and our Company.”)
  7. Truly partner with the business. Work to develop a deep understanding of their priorities and concerns. By conducting field monitoring, or “shadowing” someone at the office for one say, you can develop a much better understanding of their daily realities and how compliance impacts their work on a daily basis. You also increase your visibility and approachability in this way. Conduct regular 1:1 meetings, also informal over lunch or coffee, with senior managers. Speak the language of the business instead of (technical-legal) “risk management speak”. Drop the word “risk” all together, if you can, and rather focus on the objectives of the business and how you can best contribute to achieving them together with integrity and compliance. Discuss scenarios and assumptions of the business and the “What-Needs-To-Go-Rights” as opposed to the traditional “What-Can-Go-Wrongs” from risk management and internal controls. I have written on the importance of language in this post.
  8. Celebrate success, be it successful milestones or projects, a positive impact of a new initiative on your metrics, a successful business partnership.
  9. Build resilience. Find ways to disconnect, regain your energy and focus. Be healthy. Mens sana in corpore sano. And remember that work isn’t everything. That’s why I like having such meetings in locations with a view. For me personally this helps to disconnect from the problems and worries of the job. Seeing the beauty of the Bosphorus, with the view of Rumeli Hisarı, the ruins of the huge fortress on the European side helps me put everything into a larger perspective. I have the privilege to live and work in a unique place in the world; a city on two continents with thousands of years of history and rich in culture.
  10. Love what you do and do what you love. Having done all of the above and more, I have – despite some initial conflict and setbacks after first coming to Turkey – successfully managed to feel I am in the driver’s seat of my local compliance program. I am doing all that is expected from the global compliance organization but effectively adapted to the local situation. I measure, steer and adjust according to metrics. By measuring I see the success of the changes I make. And by getting positive feedback from my stakeholders, I get a sense of appreciation for the energy I cannot invest. It gives me the feeling that I am doing something that I am good at, that truly matters to the people I work with and to the situation and culture of the country where I live and work, I am motivated to go to work every day and enjoy what I am doing. And I am getting paid for it. The Japanese have a word for this: Ikigai.

My colleague said she would try some of this herself. She understood how this approach would help her regain a feeling of ownership and being in control of her activities. I am sure she will give me some positive feedback sometime. For my own measurement.

Before you leave… If you liked this post, you might want to read also these:


[1] Türk Etik ve İtibar Derneği.

[2] Underestimating one’s own competence for a task compared to others is a cognitive bias, called the Dunning-Kruger-effect: the more you know about a field of knowledge or a task, the more you are aware of what you don’t know.

[3] Geert Hofstede, The 6-D model of national culture

[4] For information on metrics, OCEG has recently issued a useful guidance. OCEG: A Practical Guide About GRC Metrics & Measurement Version 3.0.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s