Lead the AI era of GRC at Elevate 2026 — Join us April 22–24 in Atlanta Register nowarrow_forward

menu

Lead the AI era of GRC at Elevate 2026 — Join us April 22–24 in Atlanta Register now

arrow_forward

language

Products

arrow_drop_down

Solutions

arrow_drop_down

Resources

arrow_drop_down

Diligent AI

Request a demo

Governance

Risk

Compliance

Audit

Diligent Boards

Automate meeting prep, secure sensitive data and give directors the clarity to make the best decisions.

BoardEffect

Secure, flexible board management software for nonprofits and higher education.

Community

Increase transparency, streamline governance and empower your school board or local government.

Diligent Market Intelligence

On-demand access to exclusive shareholder activism, executive compensation and ESG data.

FEATURED

Diligent One Platform

Centralize and unify all your board management and GRC activities

Role

Use Cases

Company Type

Industries

General Counsel

Safeguard your organization with centralized oversight of governance, risk and compliance.

Corporate Secretary

Run governance flawlessly with AI tools that eliminate busywork and ensure audit-readiness.

Executive Assistant

Streamline board prep, communications and approvals with AI workflows for seamless meetings.

C-Suite

Accelerate decisions and inspire confidence with AI-powered reporting and real-time risk intelligence.

Directors & Trustees

Prepare faster, mitigate risk and make smarter decisions with purpose-built board tools.

Risk Manager

See enterprise risk in real time, act decisively, and deliver AI-powered insights.

Information Security

Unify IT risk, compliance and cyber oversight in one secure platform.

Compliance Officer

Turn regulatory obligations into clear, actionable metrics — proving compliance and ROI.

Internal Auditor

Connect audit management, analytics and monitoring in a secure, AI-powered hub.

FEATURED

Diligent One Platform

Centralize and unify all your board management and GRC activities

Content Library

Case Studies

Virtual Summits

Events

Resources Hub

Discover all of Diligent's insights in one place. Stay ahead of trends with expert perspectives, exclusive research and information you won't find anywhere else.

MEDIA TYPE

Blog Guides Videos Podcasts Content Toolkits Research & Reports

BY TOPIC

Governance Risk & Audit Compliance AI & Cyber Public Sector Diligent Institute

FEATURED

Diligent named a Leader in 2025 Gartner® Magic Quadrant™ for GRC

Compliance metrics: Are yours good, bad, ugly or non-existent?

June 7, 2024

•

4 min read

Kristy Grant-Hart

Head of Compliance Advisory Services

Share:

We all know we’re supposed to have metrics. We need to show the effectiveness of our program. We need to track our progress. We need to identify risk through data. But, often, that’s easier said than done.

Globally, regulatory expectations are high

Expectations regarding metrics and data analysis continue to rise. In the 2023 version of the Department of Justice’s Evaluation of Corporate Compliance guidance, the word “metrics” is mentioned repeatedly. Prosecutors are instructed to ask:

What metrics does the company apply to ensure consistency of disciplinary measures across all geographies, operating units and levels of the organization?
What information or metrics has the company collected and used to help detect the type of misconduct in question?
How have the information or metrics informed the company’s compliance program?
Does the company apply timing metrics to ensure responsiveness?

Expectations are even higher when it comes to monitoring and effectiveness. The words “monitor” or “monitoring” are used 14 times in the guidance, while the words “effective” and “effectiveness” are found a staggering 56 times in the 21 pages of the DOJ’s guidance.

It’s not just the DOJ. Regulators from the U.K., EU, Asia, Australia and beyond have all commented on the role of metrics, monitoring or data analytics.

Good versus bad metrics

It’s tempting to measure whatever you can, but if the metric you’ve chosen isn’t giving you good information, it isn’t worth tracking.

Good metrics provide very important information.

They can tell you whether your program is effective.
They can help you to prove that your program is adding value to the business.
They can also tell you whether your program is improving over time.

Bad metrics don’t provide any of this information. Creating and reporting on bad metrics has two disadvantages. Management isn’t getting anything out of the metrics, so they won’t pay attention to them. What’s worse – management may think you’re not adding value because your metrics don’t show effectiveness, efficiency or positive change in the organization.

How can you tell the difference between a good and bad metric?

The key question: ‘So what?’

Good metrics will always answer the question, “so what?” If, as famous management consultant Peter Drucker said, “what gets measured improves,” then it matters that what you measure gives a clear answer to this most important question.

Let’s say that 96% of your employees finally finished the Code of Conduct training. So what? Does that mean the training was effective? Does that mean they enjoyed it? Does that mean they learned anything?

If you choose to track the percentage of the employee population that accesses compliance-related policies and procedures on the intranet, so what? Well, a growth in people accessing policies and procedures may indicate that there is an interest in the policies and an awareness that they exist.

KPIs and metrics

Many metrics benefit from the assignment of a key performance indicator (KPI). KPIs can help tell the story of your program and put the metric in context.

Let’s go back to our metric tracking the percentage of employees that accessed compliance-related policies and procedures on the internet. You may find that last year, less than 1⁄2 of 1% of the employee population accessed the compliance-related policies and procedures page of your company’s intranet.

In response, you may set your KPI at 5% annually. The metric has now been put into context, and a KPI has been assigned to it so that it is obvious whether the company is making progress toward the goal.

Choosing metrics that matter

Data that quantifies effectiveness and identifies risk makes your program stronger. By choosing the right metrics, you’ll ensure the success of your program, and ultimately, your career as well.

Interested in learning more about choosing the right metrics and using AI to streamline creation, monitoring and efficacy? Watch our webinar replay, Mastering Compliance Metrics: 7 Elements of an Effective Compliance Program, now.