Compliance Data Analytics

Empowering compliance with meaningful data from the right sources

Organizations with varying risk profiles, geographies and workforces collect and analyze a vast sea of data from functions such as sales, marketing and legal to predict behaviors and meet business goals. In the U.S. Department of Justice’s 2020 update to the Evaluation of Corporate Compliance guidance, the DOJ considers whether compliance functions have sufficient access to relevant sources of data to allow for timely and effective monitoring and / or testing of policies, controls and transactions.


Often the challenge for compliance lies with identifying the various risk-relevant data sources that exist across the business and understanding the story the data can tell.


The DOJ offers pointed guidance on the required detail and sophistication of compliance data and metrics. Organizations should strive to answer questions as granular as “what policies do employees access, from where, and when?” Data analysis should go beyond training completion records and incident reports to leverage cross-functional data that informs and shapes the compliance program. Organizations request support in developing these advanced and holistic data analytics approaches.

How do your compliance program reporting capabilities measure up?

Reporting Capability Maturity

Foundational Limited, basic metrics using readily available data, such as hotline and training data; periodic compilation of data; no dedicated analytics resources.


Emerging Supplement readily available compliance data with data available from across the company; metrics aligned with compliance programs to help monitor progress and effectiveness; limited resources to support analytics objectives.


Advanced Consolidating data from numerous sources together to drive unique insights; surveys and other methods to create new data sources; use of external data for benchmarking; dedicated analytics resources and tools.

We tailor a metrics framework for each client, beginning with its risk profile and business goals

Foundational Metrics

  • Reporting and hotline
  • Training completions
  • Surveys and knowledge assessments
  • Number of communications and other touchpoints

Compliance Culture & Remediation Efforts

  • Focus group / survey scores
  • Ethics enforcement message frequency from senior management
  • Incident report nature and follow-up sufficiency

HR & Public Perception

  • Background check rates, employee retention, company and leadership reputation (internally)
  • Company and leadership reputation (externally)
  • Anonymous online reviews (positive and negative)

Compliance Program Progression

  • Number of calls to the whistleblower hotline and disposition of each issue
  • Results of surveys regarding engagement, culture and awareness of the compliance program
  • Number of compliance policies
  • Number of investigations or regulatory requests responded to within the year
  • Monitoring access to compliance resources
  • Amount of money invested in compliance-related programs

Risk Reduction Efforts

  • Currency: How recent was the last risk assessment?
  • Frequency: Number of externally and internally identified high risk incidents over time and vs. a control without a risk program
  • Coverage: Number of control processes identified against a given set of risks over time with proof of control effectiveness
  • Responsiveness: How quickly the monitoring systems alert on the controls they monitor

Metrics for Risk Assessment

  • Integrity screenings
  • Tender processes
  • Cross-border customers
  • Internal audit results versus policy requirements
  • Remediation items resulting from internal investigations
  • Number of site visits by compliance experts
  • Compliance conferences or workshops

Morae’s Approach

We start by asking:

  • What are the objectives for metrics – monitor and demonstrate progress, understand effectiveness, gain forward looking insights?
  • What are key risks, policies and controls?
  • What type of data exists related to each of the risk areas?
  • Which systems does the organization use to facilitate and execute on these policies and controls?
  • How can we combine readily available data with other insights to create meaningful dashboards and / or reports for stakeholders?

Morae supports clients in their shared efforts to transform data into meaningful metrics by identifying where data lives and how to bring it together, understanding and supplementing data analysis resource allocation, and creating and enhancing report sophistication.