GRC professionals are spending a lot of time compiling reports. In fact, the Global GRC Survey 2018 found that 42 percent are spending over a week every month compiling reports.
This is 2.7 extra days every month spent reporting compared with 2015
With more time and energy than ever spent reporting on key performance indicators, it's important to focus on what matters most.
Below we've used the Governance, Risk and Compliance survey results to answer what KPIs your CEO needs to see and explained how our software tool can help you save weeks getting this information.
Don't tell me your job is compliance. We can't have somebody in charge of quality. We're all in charge of quality. When Land Rover Jaguar send out a car, everyone in the factory agrees they are responsible for quality. If there's something wrong with it, we collectively have got that wrong. And that's the mindset change that's needed in many companies. Mostly, Quality is about money. Top management are very interested in money. If you don't think money is on your agenda, then think again. You have to speak the language of the business.
John Oakland, Oakland Consulting.
The GRC Metrics Your CEO cares the most about
1) Cost of Poor Quality
The Cost of Poor Quality (COPQ) is the total lost due to either internal or external quality issues. These are unwanted overheads due to poor systems, processes or practices, and can severely reduce business profitability.
COPQ can be measured by:
- % rework
- Defects %
- Right first time percentage
- Time dedicated to root cause analysis / resolve issues
- Scrap / wasted product / time
Our software enables businesses to track and measure these costs using CAPA Manager. Cost data is captured so trends can be analysed, risks can be reviewed and preventive action can be put in place.
CEOs want this data because reducing this waste is one of the fastest way to make the business more profitable.
Image: Integrated software modules enable you to plan, manage and assign roles and responsibilities so everyone in your business can play their part in practising good governance, risk and compliance. All activity is displayed on a single KPI dashboard, giving your leadership team a picture of the business.
2) Customer retention
Acquiring new customers is expensive. Most businesses rely on repeat business from their existing customers.
High customer retention levels demonstrate your business is well aligned, that you are delivering on value and keeping your promises.
A kink in the chain will result in higher customer churn rates. Ignored customer feedback, a drop in Net Promoter Score , and higher customer churn rates will all reduce your profitability.
Our customers use Complaints Manager to log customer feedback, assign roles and responsibilities and monitor trends over time. The reporting tools enable you to drill down and answer questions such as:
- Are we noticing more complaints or issues from a certain department, supplier, type of customer, product?
- Do we need to adjust the business strategy or the process and operations?
3) Asset value
Few businesses keep an updated list of assets and equipment owned. Consequences are inevitably costly. Being unable to fulfil an order because you don’t have the equipment to do the job. Buying duplicate items of equipment. And wasting money, time and effort purchasing equipment you do not need.
Your CEO wants to be able will want to know that investments are being maintained and will want a forecast of any assets which will require cash.
Our customers use Equipment and Asset Manager to manage;
- Tangible and intangible asset register (e.g. DPR)
- Asset life cycles, including calibration, maintenance schedules, eol plans.
- Asset values
Every business needs to be identifying and managing both internal and external risks.
Your CEO wants to know about any vulnerabilities, new risks and new opportunities which will help to make the business more profitable.
Qualsys's customers use Risk Manager to identify, assess and manage risks. Risk suggestions can also be raised for a more collaborative approach.
Risk KPIs include:
- Impact assessment results - potential costs
- Outstanding compliance risks
- Risk treatment
- Internal audit performance and audit scores
- Business continuity plans / disaster recovery > performance testing metrics
Your CEO wants to know whether your business has a culture of quality. A culture of quality can seem difficult to measure, but engagement with quality, governance, risk and compliance management is a good indicator.
- Risk suggestions from across the business
- Training scores e.g. using Training Records Manager to send a quiz
- % of policies read and understood by employees
- Number of change requests / process changes
- Time taken to resolve issues
Document Manager, Training Records Manager and Change Manager are all used by our customers to measure culture and provide CEOs with an understanding of where improvements and investment is needed.
An efficient management system will enable your business to react faster to risks and be more able to make the most of new opportunities.
Metrics will be very specific to each organisation, but may include:
- Documented policies, procedures and processes
- On time in full (OTIF)
- Speed of responses to any findings
- Training days completed
All of Qualsys's GRC software modules will help improve the efficiency, resilience and profitability of your business.
What you should do now
Join our GRC Metrics workshop.