Thrive's biggest ever feature release👀
Find out more
March 17, 2023
|
8 mins to read

The 10 compliance KPIs you should be tracking in 2023

Make sure you are tracking these 10 KPIs to ensure your compliance training is working at maximum efficiency.
Ian Blackburn
Head of Analytics

Compliance KPI #1: Number of compliance issues opened

What number of compliance issues means

Number of compliance issues simply means the total number of instances where an organisation has violated a regulatory requirement or failed to comply with a relevant law, policy, or standard. These violations can vary in size and severity, so it is important to track this alongside compliance and lawsuit expenses to get a full understanding of your compliance issues.

How to track number of compliance issues

Isolate every compliance issue over a set period (a year works quite well for a full picture) and add them all together, simple as!

This is another metric that is great to track before and after implementing compliance training or embarking on a big compliance initiative.


Compliance KPI #2: Mean time to issue discovery

What mean time to issue discovery means

Also known as Mean Time To Detect (MTTD), mean time to issue discovery simply means how long it takes for an issue or problem to be discovered.

A shorter mean time to issue discovery means issues are discovered quicker (which is a good thing) and a longer mean time to issue discovery means issues are discovered more slowly (which is a bad thing). Mean time to discovery can apply to a variety of potential issues such as:

  • Software bugs
  • Health and safety violations
  • Hardware issues
  • Customer service limitations
  • Information storage bottlenecks


How to track mean time to issue discovery

This is a very easy metric to track, with a simple calculation below :

Mean time to issue discovery = overall time between issue emergence & detection for all issues / # of failures

This will give you the average time it takes your organisation to detect issues, which is the first step to fixing the problem. Speaking of which…

Compliance KPI #3: Mean time to issue resolution

What mean time to issue resolution means

Mean time to issue resolution is often used in tandem with mean time to issue discovery. Mean time to issue resolution calculates the average time between the report of an issue and when the issue is completely resolved.

As with mean time to issue discovery, a shorter mean time to issue resolution is a good thing and a longer mean time to issue resolution is a bad thing.

How to track mean time to issue resolution

A similar calculation to mean time to issue discovery can be made to calculate your mean time to issue resolution:

Mean time to issue resolution = overall time between first issue report & complete resolution for all issues / # of issues

Pro tip: complete resolution here means that the issue is no longer occurring in any form, not just that a resolution has been devised and is being tested.

Compliance KPI #4: Total regulatory compliance expense

What total regulatory compliance expense means

Total regulatory compliance expense (also known as costs of regulatory compliance) is all of the costs a company or organisation incurs to maintain regulatory compliance. This includes salaries of employees who work in compliance, any software expenses, reporting costs, costs of audits and the price of any compliance training that is required to be deemed compliant.

The average total regulatory compliance expense varies depending on industry. The more heavily regulated an industry is, the higher an organisation’s total regulatory compliance expense is likely to be.

How to track total regulatory compliance expense

To track total regulatory compliance expenses, it’s important to make sure you are completing a wide reaching audit of your expenditure, not forgetting salaries and software subscriptions, which means it would be helpful to contract the help of your finance team for this one.

Total regulatory compliance expense = Sum of all costs associated with being compliant to regulations.


Compliance KPI #5: Compliance expense per issue

What compliance expense per issue means

Compliance expense per issue is a metric used to measure how much bang for your buck you are getting with your compliance budget. You can measure compliance expense per issue on an organisational basis and also by different subsections of your compliance training, for example:

  • Compliance expense per GDPR issue
  • Compliance expense per health & safety issue
  • Compliance expense per cybersecurity issue

This way you can track what compliance issues are costing you the most, and where you may need to invest more in solutions.

How to track compliance expense per issue

Compliance expense per issue can be tracked via the below formula:

Compliance expense per issue = compliance budget / # of issues the budget is meant to cover

As mentioned above, you can do this for an organisation as a whole, or for smaller subsections of compliance training for a more granular view.

Compliance KPI #6: Average cost of compliance-related lawsuits

What average cost of compliance-related lawsuits means

Hopefully this isn’t applicable for your organisation but for the businesses it is applicable for, this metric is super important. A rather self explanatory metric, average cost of compliance-related lawsuits measures the mean expense of compliance related lawsuits, which enables you to track reductions in this metric as a result of compliance training. If your average cost of compliance-related lawsuits is trending downwards after your investment in compliance training, it's a safe assumption that you are moving in the right direction.

How to track average cost of compliance-related lawsuits

Average cost of compliance-related lawsuits is calculated with the formula below:

Average cost of compliance-related lawsuits = Overall legal expenses for compliance related issues / # of legal procedures for compliance related issues.

This one is best to track over time, as it is of imperative importance to reduce this year-on-year.

Compliance KPI #7: Post-audit issues outstanding


What post-audit issues outstanding means

Post-audit issues outstanding means the % of issues not resolved during an audit, highlighting the effectiveness of your compliance audits. A lower post-audit issues outstanding percentage is better and an indication your audits are effective at isolating compliance issues.


How to track post-audit issues outstanding

Post-audit issues outstanding can be tracked with the below formula:

Post-audit issues outstanding = (Outstanding issues after completion of audit / total issues isolated) * 100

Pro tip: this metric is expressed as a percentage, and is perfect for tracking multiple audits for efficiency.

Compliance KPI #8: Composite risk index

What composite risk index means

Similar to a compliance risk analysis, a composite risk index is a numbers driven way to assess the severity of a risk and the likelihood of this risk happening. This gives an organisation a priority list of what risks to prepare for.


How to track composite risk index

Start by writing down all the potential compliance risks your organisation may face for the coming year. Then give each risk a score out of five for likelihood of occurring and then give it a score out of five for severity to the business if it did occur.

This allows you to map all the compliance risks on a grid, with one axis focusing on severity and another on likelihood. A risk with a high severity and high likelihood requires way more attention and budget than a risk lower on the composite risk index with lower likelihood and severity.

Compliance KPI #9: Risk severity gap

What risk severity gap means

Risk severity gap is one of the more intense sounding KPIs on this list but it’s relatively simple when spelled out in layman's terms.

Risk severity gap refers to the difference between your predicted risk exposure and actual risk exposure. This means it’s a great metric for measuring whether you are being overly cautious, or potentially, not cautious enough.

How to track risk severity gap

This one requires a bit of planning and forethought to pull off. You first have to be conducting what is known as a compliance risk analysis, to assess future business risks associated with compliance. For example, legislation against the company for non-compliance. This will be then ranked dependent on how likely the risk is to occur, usually on 1-5 scale. You can then see a picture emerge of potential risks for the year.

Once the year is complete, you can evaluate your risk severity gap by looking at the most recent Compliance Risk Analysis and view where you over/underestimated risk for the year, enabling you to redirect resources and budget accordingly.


Compliance KPI #10: Employee retention

What employee retention means

Employee retention refers to how many employees stay with a company over a year period. A higher employee retention rate means that employees are staying with a company longer and is usually a sign of fulfilment in their position and a strong company culture.

Employee retention is affected by compliance as workers who feel safe, valued and aren’t worried about regulatory compliance issues are more likely to stay in the same role for longer. It also means that an organisation has lower regulatory expenses, meaning more budget for employee initiatives and salary raises, which increase employee retention.

How to track employee retention rate

Employee retention rate can be tracked with the following formula:

Employee retention rate = 100 - turnover rate

Turnover rate is tracked with the following formula:

Turnover rate = Number of employee exits/total headcount * 100

More Stories

See all

See Thrive in action

Explore what impact Thrive could make for your team and your learners today.

March 17, 2023
|
8 mins to read

The 10 compliance KPIs you should be tracking in 2023

Make sure you are tracking these 10 KPIs to ensure your compliance training is working at maximum efficiency.
Ian Blackburn
Head of Analytics

Compliance KPI #1: Number of compliance issues opened

What number of compliance issues means

Number of compliance issues simply means the total number of instances where an organisation has violated a regulatory requirement or failed to comply with a relevant law, policy, or standard. These violations can vary in size and severity, so it is important to track this alongside compliance and lawsuit expenses to get a full understanding of your compliance issues.

How to track number of compliance issues

Isolate every compliance issue over a set period (a year works quite well for a full picture) and add them all together, simple as!

This is another metric that is great to track before and after implementing compliance training or embarking on a big compliance initiative.


Compliance KPI #2: Mean time to issue discovery

What mean time to issue discovery means

Also known as Mean Time To Detect (MTTD), mean time to issue discovery simply means how long it takes for an issue or problem to be discovered.

A shorter mean time to issue discovery means issues are discovered quicker (which is a good thing) and a longer mean time to issue discovery means issues are discovered more slowly (which is a bad thing). Mean time to discovery can apply to a variety of potential issues such as:

  • Software bugs
  • Health and safety violations
  • Hardware issues
  • Customer service limitations
  • Information storage bottlenecks


How to track mean time to issue discovery

This is a very easy metric to track, with a simple calculation below :

Mean time to issue discovery = overall time between issue emergence & detection for all issues / # of failures

This will give you the average time it takes your organisation to detect issues, which is the first step to fixing the problem. Speaking of which…

Compliance KPI #3: Mean time to issue resolution

What mean time to issue resolution means

Mean time to issue resolution is often used in tandem with mean time to issue discovery. Mean time to issue resolution calculates the average time between the report of an issue and when the issue is completely resolved.

As with mean time to issue discovery, a shorter mean time to issue resolution is a good thing and a longer mean time to issue resolution is a bad thing.

How to track mean time to issue resolution

A similar calculation to mean time to issue discovery can be made to calculate your mean time to issue resolution:

Mean time to issue resolution = overall time between first issue report & complete resolution for all issues / # of issues

Pro tip: complete resolution here means that the issue is no longer occurring in any form, not just that a resolution has been devised and is being tested.

Compliance KPI #4: Total regulatory compliance expense

What total regulatory compliance expense means

Total regulatory compliance expense (also known as costs of regulatory compliance) is all of the costs a company or organisation incurs to maintain regulatory compliance. This includes salaries of employees who work in compliance, any software expenses, reporting costs, costs of audits and the price of any compliance training that is required to be deemed compliant.

The average total regulatory compliance expense varies depending on industry. The more heavily regulated an industry is, the higher an organisation’s total regulatory compliance expense is likely to be.

How to track total regulatory compliance expense

To track total regulatory compliance expenses, it’s important to make sure you are completing a wide reaching audit of your expenditure, not forgetting salaries and software subscriptions, which means it would be helpful to contract the help of your finance team for this one.

Total regulatory compliance expense = Sum of all costs associated with being compliant to regulations.


Compliance KPI #5: Compliance expense per issue

What compliance expense per issue means

Compliance expense per issue is a metric used to measure how much bang for your buck you are getting with your compliance budget. You can measure compliance expense per issue on an organisational basis and also by different subsections of your compliance training, for example:

  • Compliance expense per GDPR issue
  • Compliance expense per health & safety issue
  • Compliance expense per cybersecurity issue

This way you can track what compliance issues are costing you the most, and where you may need to invest more in solutions.

How to track compliance expense per issue

Compliance expense per issue can be tracked via the below formula:

Compliance expense per issue = compliance budget / # of issues the budget is meant to cover

As mentioned above, you can do this for an organisation as a whole, or for smaller subsections of compliance training for a more granular view.

Compliance KPI #6: Average cost of compliance-related lawsuits

What average cost of compliance-related lawsuits means

Hopefully this isn’t applicable for your organisation but for the businesses it is applicable for, this metric is super important. A rather self explanatory metric, average cost of compliance-related lawsuits measures the mean expense of compliance related lawsuits, which enables you to track reductions in this metric as a result of compliance training. If your average cost of compliance-related lawsuits is trending downwards after your investment in compliance training, it's a safe assumption that you are moving in the right direction.

How to track average cost of compliance-related lawsuits

Average cost of compliance-related lawsuits is calculated with the formula below:

Average cost of compliance-related lawsuits = Overall legal expenses for compliance related issues / # of legal procedures for compliance related issues.

This one is best to track over time, as it is of imperative importance to reduce this year-on-year.

Compliance KPI #7: Post-audit issues outstanding


What post-audit issues outstanding means

Post-audit issues outstanding means the % of issues not resolved during an audit, highlighting the effectiveness of your compliance audits. A lower post-audit issues outstanding percentage is better and an indication your audits are effective at isolating compliance issues.


How to track post-audit issues outstanding

Post-audit issues outstanding can be tracked with the below formula:

Post-audit issues outstanding = (Outstanding issues after completion of audit / total issues isolated) * 100

Pro tip: this metric is expressed as a percentage, and is perfect for tracking multiple audits for efficiency.

Compliance KPI #8: Composite risk index

What composite risk index means

Similar to a compliance risk analysis, a composite risk index is a numbers driven way to assess the severity of a risk and the likelihood of this risk happening. This gives an organisation a priority list of what risks to prepare for.


How to track composite risk index

Start by writing down all the potential compliance risks your organisation may face for the coming year. Then give each risk a score out of five for likelihood of occurring and then give it a score out of five for severity to the business if it did occur.

This allows you to map all the compliance risks on a grid, with one axis focusing on severity and another on likelihood. A risk with a high severity and high likelihood requires way more attention and budget than a risk lower on the composite risk index with lower likelihood and severity.

Compliance KPI #9: Risk severity gap

What risk severity gap means

Risk severity gap is one of the more intense sounding KPIs on this list but it’s relatively simple when spelled out in layman's terms.

Risk severity gap refers to the difference between your predicted risk exposure and actual risk exposure. This means it’s a great metric for measuring whether you are being overly cautious, or potentially, not cautious enough.

How to track risk severity gap

This one requires a bit of planning and forethought to pull off. You first have to be conducting what is known as a compliance risk analysis, to assess future business risks associated with compliance. For example, legislation against the company for non-compliance. This will be then ranked dependent on how likely the risk is to occur, usually on 1-5 scale. You can then see a picture emerge of potential risks for the year.

Once the year is complete, you can evaluate your risk severity gap by looking at the most recent Compliance Risk Analysis and view where you over/underestimated risk for the year, enabling you to redirect resources and budget accordingly.


Compliance KPI #10: Employee retention

What employee retention means

Employee retention refers to how many employees stay with a company over a year period. A higher employee retention rate means that employees are staying with a company longer and is usually a sign of fulfilment in their position and a strong company culture.

Employee retention is affected by compliance as workers who feel safe, valued and aren’t worried about regulatory compliance issues are more likely to stay in the same role for longer. It also means that an organisation has lower regulatory expenses, meaning more budget for employee initiatives and salary raises, which increase employee retention.

How to track employee retention rate

Employee retention rate can be tracked with the following formula:

Employee retention rate = 100 - turnover rate

Turnover rate is tracked with the following formula:

Turnover rate = Number of employee exits/total headcount * 100

More Stories

See all

See Thrive in action

Explore what impact Thrive could make for your team and your learners today.