A lot of organizations I work with to develop scorecard measures struggle identifying the right measures for their legal and compliance departments.  When you are dealing with regulatory requirements—things your organization has to do—it can be difficult to come up with meaningful measures.

They argue, convincingly, that it does not make sense to track the percentage of audits completed or identified risks for which a mitigation plan has been developed when these are almost invariably 100% all of the time. What’s the value in that?

These are not outcome measures, but outputs—things that get done.  Outcomes in the legal and compliance areas are even harder to measures because they usually amount to measuring a negative: If you do everything right, you prevent a bad situation from arising.  It’s like how the U.S. Department of Homeland Security every once in a while, has to say, “We prevented X number of terrorist attacks in the past Y years.”

So, what should you measure?  My suggestion is to look at those activities you always do and ask: Can we do it better or faster?  Faster is much easier to measure because you are looking at cycle times and the data should be easy to gather.  Are we doing 100% of audits within the required timeframe?  Are we completing them within a reasonable amount of time—from start to finish?

“Better” is a little bit harder, but we may be able to track data about mistakes being made or “re-work.” Or, maybe we even survey our “customers” and they can tell us how they feel about the process.