There’s an axiom in business that virtually everyone knows: If it can’t be measured it can’t be managed.
It’s a firmly-held belief that has led to the development of a host of performance metrics, and a host of incentives tied to those metrics.
On its face, it’s a good thing. Organizations need goals to help drive them forward. Analysts and investors need ways to assess company performance.
But there’s a corollary to the famous adage that few are aware of and is very dangerous. If it can’t be measured it can’t be managed. And if it is measured, it’s a compliance risk.
[bctt tweet=”@AdamTurteltaub If it can’t be measured it can’t be managed. And if it is measured, it’s a compliance risk.”]
As scandal after scandal emerges, it is far too often the case that employees were doing exactly what they were being measured on and what they were being incented to do, even if those creating the metrics and incentives never intended employees to act that way.
Mortgage brokers were measured on the number of mortgages they wrote. Investment bankers were measured on their ability to securitize those mortgages and sell them. And they achieved those goals, but skipped over the quality, legal and ethics part.
Bernie Madoff was measured by the marketplace on his ability to deliver returns and he made sure that he “made” those targets.
Enron’s performance was measured by its growth in earnings and its numbers. Unfortunately no one was checking to see if the numbers were real or made sense.
Plant managers are rewarded for days without injury, and then work with employees to hide injuries when they occur.
The problem is it’s far too easy to figure out what to measure, but far more difficult to answer two questions about the metrics:
- Now that we’ve created the metrics and incentives, how will people lie, cheat and steal to make sure they hit them?
- Do we have adequate controls in place to ensure that doesn’t happen?
They are two questions that likely are not asked enough.
Making matters worse, goals tend to move ever higher. Businesses are expected to post bigger numbers every year. So employees are given ever higher targets. Rare is the company that says, “I don’t think the market for this product or service can grow any bigger. Let’s hold our sales target where it is.”
Instead they push higher, and people push the limits, and many decide to stray from inside the lines.
An enforcement official saw it time and time again in the area of export controls. When I asked her what could compliance officers do to help prevent violations she said, “Never take a vacation in the last two weeks of a fiscal quarter.” That’s when sales people, desperate to make their quota, try and sneak the sale through.
All of this argues for looking at risk from a different perspective. In addition to looking at the external risks a company faces — where it does business, what laws must it follow, what are the currency hedging strategies — risk assessments should also look inward and ask “How is what we are measuring and rewarding building additional risk into our business?” And when the managers are discussing what and how to measure and what and how to reward performance, the chief ethics and compliance officer needs to be at the table, making sure they focus on the risk and how to address it effectively.