Compliance index model

Compliance: A matter of culture

Compliance index model: Compliance: A matter of culture Interview

Compliance measures result in costs but do they also have a benefit? It's difficult to assess the success of measures. It tends to arise – if at all – after a delay and the contribution made to success by individual measures is not immediately apparent. In the interview, Sebastian Rick and Ralf Jasny explain how the success of measures can be made quantifiable and therefore comparable using the compliance index model.

According to IDW PS 980 (Standard for general CMS published by the Institute of Public Auditors in Germany, Incorporated Association), compliance culture is one of the fundamental elements of a compliance management system. However, in practice culture is very difficult – perhaps impossible – to measure. Does the compliance index model eliminate this problem?

Sebastian Rick: It does actually. The compliance index model is the only empirically-based causal analytic model currently on the market that is able to do that. It quickly and cost-effectively gives management an in-depth understanding of the compliance culture in the company and helps them to deploy existing resources (such as budget, time and personnel) more effectively. The model is an employee-based compliance performance measurement system designed to assess – and improve – the compliance culture by using critical behavioural performance variables (for example ethical leadership) and their influence on employee behaviour. The result is a compliance index that can be used to measure and/or determine progress or the level of achievement of the performance variables within the organisation. For the first time, the model provides information about measures that promote a greater willingness to behave in accordance with the rules in the company, and makes cultural change empirically measurable. Since users are adopting a quantitative approach, they obtain "hard", reliable results characterised by a high level of objectivity and comparability. This enables progress to be initiated, monitored and promoted.

Can you give us a brief outline – that non-mathematicians will understand – of how the model works?

Ralf Jasny: In principle, the model comprises a series of statistical methods to investigate complex relationship structures between the performance variables and allows a quantitative estimation of interdependencies. To do this, the interdependencies are represented in a linear equation system and the model parameters are estimated so that the initial data collected for the performance variables is reproduced as closely as possible by the model.

In other words, the model formalises the interdependencies between the performance variables so that their impact on employee behaviour can be made measurable, quantifiable and therefore comparable. For example, the effect of ethical leadership on employee behaviour can be calculated and the model can highlight what specifically needs to be done differently to achieve a positive effect.

What is the objective of the compliance index model?

Sebastian Rick: The effects of compliance measures can be very diverse and every measure can have positive effects somehow. However, as long as the exact mode of action is not known, these effects cannot be measured and documented. The objective is therefore to highlight how each individual measure contributes to success. This is the only way that we can finally move away from merely "more and more" towards a targeted and effective approach to compliance management. Our research clearly shows that the crucial factor is not the dimensional breadth and variety of measures, but how they are perceived by employees.

What use is a code of conduct if the employees firmly believe that it doesn't have to be taken seriously?

What do guidelines and procedures achieve if employees firmly believe that they can easily be overridden or circumvented?

How successful can measures be if employees firmly believe that their sole purpose is to protect top management from prosecution?

What is the model based on? Are there empirical findings that the model is based on?

Ralf Jasny: The model is based on the very latest research in the field of organisational theory and behavioural ethics. It is the result of two empirical studies carried out at the Frankfurt University of Applied Sciences with the generous support of the Frankfurt Institute of Risk Management and Regulation (FIRM).

The first study was carried out in 2016 and involved various companies. The primary objective of this first study was to develop the measuring instrument (questionnaire) and the model itself. The major objective of the second study was to investigate the results in terms of their practical applicability.

To achieve this, the model was successfully piloted in a company in 2017 to find out whether it would provide reliable and valid results under real world conditions.

Let's look at the practical issues. How do you obtain the necessary input from employees and managers?

Sebastian Rick: The model utilises a multiple indicator approach. Indicators are directly measured observations (raw data), referred to as either elements – such as a questionnaire – or measured variables. For example, employee perceptions regarding ethical leadership are operationalised using a seven-element scale with the top leadership level as the reference body.

The employees questioned use a ten-point scale to evaluate issues such as the extent to which they believe that the top leadership level sets objectives that are achievable without violating the company's code of conduct.

In this way, the indicators enable specific measured values for the performance variables to be determined, and these are then used as a basis for calculating the model parameters. As I'm sure you can imagine, anonymity is a crucial factor. For example, no questions are asked that could allow any of the employees questioned to be identified. The employee questionnaire is strictly anonymous.

Is the model designed primarily for use in individual departments of a company that are particularly susceptible to compliance violations, or throughout the entire company?

Sebastian Rick: This is entirely down to the management. The model is fully scalable. We usually suggest piloting the model in a selected area of the company first and then rolling it out to other areas at an appropriate time.

This method enables department-specific additions to be made to the questionnaire and learning effects to be transferred to other areas of the organisation. From a risk perspective, it definitely makes good sense to start with an area that is typically very susceptible to compliance violations.

Is the model particularly beneficial to certain industries?

Ralf Jasny: By its nature, the compliance index model can generally be applied to companies from any industry. Both the measuring instrument and the model itself are designed to ensure this general applicability. Thus, any industry can benefit from the model to the same extent.

Have you come up with any generally applicable results for what has the biggest influence on compliance culture in companies?

Ralf Jasny: Yes. The key findings include that 1. an ethical leadership concept practised by the top management level is crucial for legitimising the compliance programme in the organisation. 2. a programme approach that focuses on values, consultation and responsible behaviour, as well as on monitoring employee behaviour and disciplinary measures in the event of misconduct, promotes integration of the compliance programme into the organisation's central day-to-day task based processes, and contributes to influencing employees' everyday decisions and actions.

And 3. establishing employees' perceptions of legitimacy in terms of the compliance programme, how effectively the programme increases employees' willingness to report violations and thus reduces the compliance risk. Equally, the effectiveness of the compliance programme in combating misconduct can be better explained by considering the extent to which the employees have positive perceptions regarding the legitimacy of the programme and are willing to report violations.

Asking as an interested user: How can I use the model in my specific company?

Sebastian Rick: It's easy. Just talk to us. The employee survey is carried out in writing using a standard questionnaire. It takes less than half an hour to answer the questions. To obtain quality results, it is essential that the survey is carried out totally anonymously.

This means the employees questioned have to complete the questionnaire in writing and then return it to a neutral address in a sealed envelope. The statistical information on the questionnaire has been chosen in such a way that analysis is only possible at a group level with at least 15 employees.

Based on the data collected, we then calculate the model parameters, put the results in an appropriate form for management and then present them. Based on experience, the entire process takes no longer than four weeks from start to finish.

Ralf Jasny has been Professor of Business Management and Financial Services at Frankfurt University of Applied Sciences since 2000, and is an expert in quantitative empirical social research.

Ralf Jasny has been Professor of Business Management and Financial Services at Frankfurt University of Applied Sciences since 2000, and is an expert in quantitative empirical social research. He was previously head of the Brand & Market Research department in Private Banking at Deutsche Bank AG.

Sebastian Rick is Senior Manager in the Governance & Assurance Services division of KPMG AG Wirtschaftsprüfungsgesellschaft and is an expert in quantitative methods for measuring and optimising the effectiveness of corporate governance systems.

Sebastian Rick is Senior Manager in the Governance & Assurance Services division of KPMG AG Wirtschaftsprüfungsgesellschaft and is an expert in quantitative methods for measuring and optimising the effectiveness of corporate governance systems. He was previously a research associate at Frankfurt University of Applied Sciences. He is a member of the Society of Risk Management and Regulation and the German Academic Scholarship Foundation.

[ Source of cover photo: Adobe Stock ]
Risk Academy

The seminars of the RiskAcademy® focus on methods and instruments for evolutionary and revolutionary ways in risk management.

More Information

The newsletter RiskNEWS informs about developments in risk management, current book publications as well as events.

Register now
Solution provider

Are you looking for a software solution or a service provider in the field of risk management, GRC, ICS or ISMS?

Find a solution provider
Ihre Daten werden selbstverständlich vertraulich behandelt und nicht an Dritte weitergegeben. Weitere Informationen finden Sie in unseren Datenschutzbestimmungen.