The Challenge: Monitoring at Scale
Organizations often struggle with monitoring because they approach it ad-hoc. They respond to problems after they occur rather than creating systems that prevent them.
Based on OCC’s experience auditing hundreds of organizations, here’s how to structure monitoring that actually works.
Key Components of Effective Monitoring
1. Clear Definitions
Define what you’re monitoring. Vague standards like “maintain integrity” are impossible to monitor. Specific, measurable criteria like “all approvals documented within 48 hours” are actionable.
Implementation: Create a monitoring matrix that lists:
- What will be measured
- How it will be measured
- Who measures it
- How often
- What triggers escalation
2. Independent Review Function
Monitoring cannot be performed only by people invested in the outcome. Establish a review function that is:
- Independent from operational decisions
- Staffed by people without conflicts of interest
- Given adequate resources
- Protected from retaliation for findings
3. Data-Driven Approach
Monitor based on data, not gut feel. Track:
- Compliance rates (percentage of transactions meeting standards)
- Violation frequency
- Violation severity
- Corrective action effectiveness
Tools: Use spreadsheets, databases, or specialized compliance software depending on your scale.
4. Multiple Monitoring Layers
Effective systems use multiple monitoring approaches:
Layer 1 - Preventive: Controls built into processes to prevent violations Layer 2 - Detective: Regular sampling and audits to catch violations Layer 3 - Corrective: Swift corrective action when violations are found
5. Regular Reporting
Create regular reports that:
- Show compliance trends over time
- Identify patterns
- Highlight areas needing improvement
- Document corrective actions taken
Reports should go to decision-makers and, when appropriate, the public.
6. Continuous Improvement
Use monitoring data to continuously improve systems. If your monitoring finds the same violation repeatedly, the system itself needs to change—not just apply more discipline to individuals.
Real-World Example
One organization we monitored tracked document retention. They discovered:
Month 1: 62% compliance (documents retained properly) Month 2: 71% compliance (after training) Month 3: 89% compliance (after system improvements)
By monitoring the data, they learned that:
- Initial low compliance wasn’t due to indifference
- Training helped but wasn’t sufficient
- Process changes (automatic archiving) achieved sustained improvement
Common Mistakes
1. Assuming Punishment Drives Compliance Punishing individuals doesn’t fix broken systems. Fix the system first.
2. Monitoring Without Consequences If no one cares about the results, monitoring becomes theater. Real monitoring must lead to real action.
3. Understaffing Review Functions If you don’t allocate resources to monitoring, you’re signaling it’s not important. Allocate accordingly.
4. Quarterly-Only Reviews Monthly or more frequent reviews catch problems before they become systemic.
Starting Your Monitoring Program
Phase 1: Identify 3-4 critical areas to monitor Phase 2: Define specific, measurable standards Phase 3: Establish baseline (where are you now?) Phase 4: Implement monitoring process and initial training Phase 5: Create baseline report (Month 1) Phase 6: Monitor progress and refine approach
Long-Term Benefits
Organizations with strong monitoring systems:
- Catch problems early before they escalate
- Demonstrate accountability to stakeholders
- Make data-driven improvements
- Build cultures of compliance
- Face fewer external audits and penalties
Next Steps
If your organization needs help structuring a monitoring program, OCC’s consulting team can assess your current systems and recommend improvements tailored to your specific needs.