Every ethics and compliance professional confronts the (mis)perception that compliance is bad for business, a fuzzy function that sucks up precious resources without providing any clear financial value. Compliance executives can convert detractors into supporters by demonstrating a positive return on investment (ROI).
Here are five practical ways to calculate ROI on compliance.
Engage key business leaders
Assessing ROI first requires the active engagement of business personnel. Begin with company leaders who already acknowledge that compliance generates some value and ask them to quantify the value of the organization’s professional reputation.
Approaching them in this way will immediately stimulate a shift in mindset towards the business value of compliance.
Rather than trying to develop a single, comprehensive ROI metric for an entire compliance function, start with the most pressing and significant risks. Then identify and quantify potential returns and investment for each one of them
Assign a financial value to qualitative costs and benefits
ROI is a ratio that compares benefit (“return”) to cost (“investment”). The formula typically applies to pursuing new business opportunities (e.g., new product or service, acquisition of a competitor, purchase of stock).
Compliance ROI, by contrast, considers risk and is more analogous to insurance. Companies and individuals purchase insurance to protect against all sorts of risks. The insurance analogy, however, only goes so far. Insurance “shares” the risk; compliance typically “reduces” the risk.
But getting executives to accept the cost of reducing the risk can be challenging. Compliance professionals must overcome an “it won’t happen to me” attitude. Business people also minimize compliance risk, in part, because quantifying the value of avoiding risk (e.g., avoiding fines and penalties) is not straightforward.
Compliance “return” comprises quantitative and qualitative elements. Quantifiable returns include increased earnings and cost savings. Qualitative benefits include brand value, professional reputation and the ability to pursue new business opportunities.
Qualitative, however, does not mean unquantifiable. Companies routinely valuate intangible assets (e.g., patents and trademarks). Similarly, management can assign financial values to qualitative costs and benefits of mitigating compliance risk, such as protecting professional reputation.
Compliance “investment” also comprises quantitative and qualitative elements. Quantitative investments include the salary of compliance officers, additional resources to perform controls and investments in technology. Qualitative costs or investments include, for example, business opportunities lost because of too much perceived risk.
Compliance leaders need to engage the first line of defense to quantify costs and benefits of compliance from business leaders’ individual perspectives. It is one thing to consider compliance risk in the abstract, it is quite another to ask individuals to assign a financial value (e.g., financial value of their professional reputation, financial impact on their careers if the organization suffers a compliance failure).
Evaluate ROI risk-by-risk
Some compliance departments seek to apply ROI to the compliance function as a whole. These assessments can be useful during annual budget setting and to gain additional (or not lose existing) resources. They typically rely, however, on metrics that do not easily translate to ROI.
If your organization’s compliance program is mature enough to consider ROI, it likely will have already performed a robust risk assessment of the probability and impact of fraud and other compliance breaches.
Rather than trying to develop a single, comprehensive ROI metric for an entire compliance function, start with the most pressing and significant risks. Then work hand-in-hand with business personnel to identify and quantify potential returns and investment for each one of them.
- Next page