I’m a Learner. That’s one of my strengths—at least according to the Gallup CliftonStrengths assessment. And I think they got it right. It’s slightly unsettling how much those kinds of things gather insights about us in just a few questions, but if we’re open to feedback, we can leverage the ways our brains work best.
And the feedback that it gave me, as a Learner, is that I like to find out as much as I can about things I’m passionate about. One of the ways that tendency manifests itself is that I usually play out scenarios all the way to the end to see where they can go. Which brings me to an earlier blog post of mine…
A few weeks back I wrote a blog about applying the SMART goal-setting framework to build a compliance training program (find a refresher here). And I got some great feedback on that idea (thanks, Team Broadcat)! So, because I vibe off of playing out ideas, let’s keep on keeping on with this one!
Or, at least, *my* way. | Source: The Mandalorian on Disney+ via Giphy.com
We all know that setting goals is essential, whether it's for curing diseases, developing sustainable tech, or, in our case, fostering a culture of compliance and ethics. But simply aiming for the stars isn't enough; we need a clear path to get there. That's where SMART goal-setting comes in. With SMART, you can make sure every aspiration—from project goals all the way to larger company objectives—has everything you need to achieve it.
So, as a refresher, what exactly are SMART goals?
SMART is an acronym that stands for five crucial qualities your goals should have: Specific, Measurable, Achievable, Relevant, and Time-bound. It's a way of setting objectives that are clear, trackable, and attainable. Think of it as a blueprint for turning those lofty resolutions into usable frameworks.
For us, we’re going to break down each component in detail and apply them to the world of compliance and ethics.
Specific
The first step is to be specific. 🎯 In other words, you want to set a clear objective. Here’s an example: Instead of a broad goal like "improve our ethics culture," the “S” of a SMART goal would be "reduce the number of ethics helpline reports related to retaliation by 25%." See the difference?
The first was way too lofty to put together any actions that will help you achieve it. The second focuses our attention on a core program (our helpline) on a target risk area (harassment) and seeks to make a measurable and impactful change (reduction of 25%).
Here's another example: Instead of "update our data privacy systems," a specific goal could be "implement a new GDPR-compliant data encryption protocol for all customer data stored in the cloud." ☁️
So, where do we even begin setting a specific goal? The strategy that makes the most sense is one you probably learned in grade school… Allow me to reintroduce you to the 5WH (who, what, where, when, why, and how)!
- Who: Who is involved?
- What: What do I want to accomplish?
- Where: Where will this take place?
- When: When will this happen?
- Why: Why is this goal important?
- How: How will this happen?
By referring to these six questions as you’re developing your SMART goal, your answers will ensure that you’re making choices that are specific and on-topic.
Measurable
Next, we need to make our goals measurable. This means having an objective way to evaluate success or failure, such as, a number increase or decrease, a percent change, or some other quantifiable element. 📐
In our anti-retaliation example, we’re measuring the percent decrease in retaliation complaints, but if we’re looking toward a process-improvement goal, we could instead measure the time it takes to resolve a complaint.
For the data encryption goal, we could measure "percentage of customer data encrypted," "number of employees trained on the new protocol," or "time taken to fully implement the encryption across all systems."
Here are some key questions to help you work through what you may be able to measure related to the specific goal you’ve set:
- How will I know when I've reached this goal?
- What metrics or data points will I use? (Bonus Q: Do I have access to those data elements, or do I need to request it from someone?)
- What are the ways I can track my progress?
- What are some milestones I can implement that will ensure I’m moving forward?
If you can’t quite pinpoint where to start with this, try benchmarking your current program first. That will help you identify the norm for those specific situations at your org. But if you don’t have that data, or if it’s something relatively new, that’s OK. Try using industry standard benchmarks or polling some colleagues. Even just a little bit of level-setting data will help you develop a measurable goal.
Achievable
Here is where we start getting a little more subjective. An achievable goal is one that’s challenging but still within reach. 🌟 To do that, ask yourself this question: Is the goal within your project scope? If not, it's not achievable. Aiming to eliminate all retaliation complaints overnight is probably not achievable. However, a goal to "implement a new anti-retaliation training program and reduce reports by 20% in six months" might be.
Some things might never be achievable, no matter
how SMART you are! | Source: Giphy.com
Here are some things to consider when determining that Goldilocks sweet spot (not too easy and not too tough; just right).
- Do I have the necessary resources and capabilities to achieve this goal?
- Have others done something similar successfully?
- Either way, what can I learn from their experience?
- Is the timeline realistic? (Remember: You have a full-time job and other responsibilities—professionally and personally.)
So, now that we’ve fleshed this out a bit, here’s another example: Instead of aiming to eliminate all cybersecurity threats, an achievable goal might be "reduce successful phishing attacks by 15% within the next quarter by implementing multi-factor authentication and conducting employee training."
And just to level check us again:
- Are we specific? Yes. We’re focusing on the risk of phishing attacks and the concern that a successful one would be damaging to our org.
- Are we measuring it? Yes. We’re looking to reduce the risk landscape by 15%.
- Is it possible to achieve this? Yes—via two action items (implementing MFA and training) and giving ourselves three months to complete those things.
Let’s talk about stretch goals!
Stretch goals are purposefully challenging. For example, if you usually get 30,000 monthly visitors to your website, a stretch goal would be to get 50,000 monthly visitors. That's a big increase, but still within the realm of possibility. Just make sure you make your stretch goals ambitious, not impossible—like aiming to go from 30,000 monthly visitors to 300,000 monthly visitors in the same amount of time. ⛔
Realistic and Relevant
This is where a reality check (which also, conveniently, starts with R) enters the chat. Here we’re focusing on two Rs: Realistic and Relevant. The "A" and "R" of SMART are closely related but have nuanced differences. ⚖️ To wit, a goal may be achievable, but if getting there would require every team member to work overtime for six weeks straight, then it's not realistic.
Let’s also look at relevance: Our goals must align with the overall objectives of the organization and its compliance program. Reducing risks—like harassment or cyber incidents—is highly relevant. Both those things create a safer work environment and mitigate legal and reputational risks.
An example for a financial institution might be "improve anti-money laundering (AML) compliance by implementing enhanced due diligence procedures for high-risk customers, aligning with regulatory expectations and reducing the risk of financial penalties."
Would that goal also be relevant at a mid-range department store? Probably not. (OK, sure, it might be, but think about scope and priorities. As our founder, Ricardo, said, "think about what keeps you up at night and start there.")
To make sure your goals capture both these concepts (realistic and relevant), ask yourself:
- Does this goal align with our overall strategy (both the business’s and your E&C program's)?
- Is it the right time to pursue this goal?
- Will this goal have a significant impact?
- Does it align with our values?
Time-bound
Finally, every goal needs a deadline. ⏰ "Reduce complaints by 20%" is good, but "reduce complaints by 20% by the end of Q3" is better. A deadline creates a sense of reasonable urgency and helps us track progress effectively.
Ready for some good news? When you get to the “T,” you only need to ask yourself two questions:
- What is a reasonable deadline?
- What needs to happen by when?
ONLY. TWO. THINGS!! | Source: Ted Lasso on Apple TV via Giphy.com
So, a goal with all the SMART elements in place would be: "Implement a conflict-of-interest disclosure process (Specific) that includes quarterly certifications from all employees (Measurable) using existing HR systems (Achievable) to ensure compliance with ethical standards (Relevant) by the end of the fiscal year (Realistic and Time-bound)."
These questions might be the easiest conceptually but could be some of the hardest to stick to (there are only 24 hours in a day, amirite?!). If that’s the case, keep “what needs to happen by when” in mind and try to set milestone deadlines that support your overall deadline. Using the example above, you might map out the disclosure process in Q1, test by Q2, evaluate and iterate by Q3, and roll out the process by Q4.
Remember to give yourself some grace if you don’t hit your marks. Life happens. Adjust and try again. 💜
Getting SMARTer
Yeah, this is going to take some work—nobody ever said smart was easy! But the SMART goal framework provides a powerful structure for achieving compliance and ethics objectives. By setting clear, measurable, achievable, relevant, and time-bound goals, you move beyond simply talking about compliance to creating a truly ethical and compliant organization.
Remember, SMART is not just about setting goals for the sake of accomplishment; it's about creating a path, taking responsibility, and fostering a culture where ethical conduct is the norm. Kinda sounds like taking an idea as far as it can go, huh? Which, I gotta say, makes the Learner in me very happy.
*****
Wanna be really smart? Find out more about Compliance Design Club!