Compliance Week had another one of its editorial roundtables this week, and as usual I had the privilege of leading an excellent discussion with compliance and risk executives facing some of the most formidable governance challenges out there. Our full coverage of the forum will appear in Compliance Week’s Dec. 1 newsletter, but for now I want to jot down some quick impressions.
First, the working title of our roundtable was “Metrics for Compliance and Risk Management”—but very quickly I realized that metrics for compliance are no longer a primary worry for this crowd. By now, six years into the Sarbanes-Oxley era, the manic focus on compliance has faded. Everyone knows what metrics to track: calls to the whistleblower hotlines, training certifications, internal control weaknesses, progress on remediation plans, and so forth. At the roundtable I asked every participant to give examples of the metrics they use, and the compliance metrics were all essentially the same; one executive actually said, “Oh, you know, we track all the usual stuff.” Granted, getting those compliance measurements done might not be easy, but apparently most executives do know what metrics they should use.
