Back to blog listing

Strengthen Your Compliance Roadmap With Actionable KRIs

By Robert Zelinsky Robert Zelinsky on May 22, 2019

Are you aware of any sales reps exceeding event spending caps? Do you have a firm grip on your company's expenditures for things like meals, travel, and consulting fees? Are you monitoring your company's relationships with higher risk partners like patient assistance program providers, patient advocacy groups, and managed care organizations?

If any of your answers are no, or I am not sure, it's time to review your compliance roadmap for 2019 and consider how key risk indicators can inform your assessment of risk.


KRIs help an organization monitor its areas of risk by quantifying them in detail. KRIs can refer to any type of global risk factors across an enterprise - human resources, public relations, data breaches, building security, and much more - but in the life sciences industry, we often think of KRIs in terms of meeting compliance and oversight rules.

Creating KRIs involves establishing thresholds, above or below which the results are unacceptable. Risk thresholds serve as an early warning system, tipping off an organization when it enters the risky zone. In this way, KRIs allow organizations to self-regulate in an efficient and proactive way.


KRIs are part of a company’s operational compliance program. KRIs help you meet the expectations of the Department of Health and Human Services Office of the Inspector General (OIG), Department of Justice (DOJ) and other organizations. They also help you ensure your company is in alignment with its corporate values and policies.

The OIG describes 7 elements that are critical to any compliance program:

  1. Standards, policies, and procedures
  2. Compliance program administration
  3. Screening and evaluation of employees, physicians, vendors and other agents  
  4. Communication, education, and training on compliance issues
  5. Monitoring, auditing, and internal reporting systems
  6. Discipline for non‐compliance
  7. Investigations and remedial measures

Poor compliance in the life sciences industry can have a negative impact on public health and safety. Plus, it can bring unwanted federal scrutiny. KRIs help you proactively address risk where it emerges, allowing your compliance program to become a more embedded partner to the business to enable them to own corrective actions and conduct operations with more confidence.


Measuring KRIs requires a commitment of both financial and human capital, which should not be wasted on “empty calorie” KRIs. A company’s KRIs should be aligned with:

  • Ethical expectations as communicated through the code of conduct, policies, and procedures
  • The company’s strategic objectives
  • The context of new relationships and forms of engaging with providers and patients

KRIs should provide actionable insight. They should also provide relevant stakeholders with the insights they can use to reduce risk.

When developing KRIs, the prevailing wisdom is to focus on your most pressing risks and work backward to create a list of specific KRIs. From there, your KRIs can be stated in many ways. Some of the most common ways are as percentages, ratios, averages, timeframes, material amounts, number of instances, and dollar amounts.

KRIs are also frequently discussed as comparisons. You might compare a percentage from one month to the next, or examine the number of occurrences of something from one day to another. Over time, trends emerge and the KRIs help shape the behavior of the organization as it attempts to manage its risk.


To help you develop your compliance roadmap, here are some examples of KRI sources to measure. KRIs should capture risks in the context of your unique corporate operations and policies. Different companies have different risk profiles. Your KRIs should be tuned to your unique business profile.

EFPIA, PHRMA, MedTech, Innovative Medicines Canada
Track what will be reported under international rules.

Global Transparency Reporting Requirements
Look at your compliance with US Open Payments / Global Transparency Regulations and Laws.

Excessive Spend
See physicians/providers with excessive spend and transactions.

Exceeding Caps

Track whether speakers are nearing or exceeding internal caps on things like speaker fees, meals, attendance, and programs.

Measure Sales Rep spend at company-sponsored events. Also, view the total spend made to unique attendees across multiple events, which enables a reduction in repeat attendees at duplicative events.

Total Spend
Gain insight into your total spend on things like speaker bureaus, advisory boards, grants, meals, travel, and consulting fees.


KRIs don’t work unless you have clear limits set for each one. To derive these limits, you’ll need to gather information from multiple sources and synthesize them to calculate the safest limit to set. Of course, your company’s lawyer would tell you to follow the strictest limits possible.

Remember, laws, regulations, and guidelines and guidance must all be carefully considered in the context of your business operations. For example, the nature of your product may require unique relationships with third-party distributors in high-risk countries. More generalized laws like the FCPA will provide an outline of expected behavior but must be assessed in the context of your own operational risk.

Here are some examples of sources that will help you develop measurable KRIs.

  • Competitors’ examples of past failures
  • The OIG
  • The DOJ
  • The FCPA (Foreign Corrupt Practices Act)
  • EFPIA Regulations
  • Aggregate Spend Reporting Laws
  • Your company’s internal records, policies, and code of ethics
  • Pending litigation
  • Company consultants
  • A risk management company
  • Feedback from employees and whistleblowers
  • Trade publications, journals, and research
  • Your company’s legal team
  • Your company’s finance department


You may be wondering, “How do we know for sure if we’re compliant?” That’s an excellent question and the source of much hand-wringing at life sciences organizations. It’s challenging to create good KRIs, meet the recommendations of the OIG, and ensure you’re always following the letter of the law.

It’s also hard to know whether you’re getting true visibility into the actual compliance activities of your organization. According to a survey of U.S. top Chief Compliance Officers (CCOs), 90% of CCOs say their board is adequately informed of compliance and risk mitigation efforts.

However, almost 1 in 3 CCOs also admit they have never documented or formalized any compliance roles for the staff within their companies. It makes you wonder whether they’re really maintaining compliant operational business practices.

Many organizations solve this problem by using compliance management solutions: software platforms and help from outside consultants. You may need to work with a global risk management company to develop the right set of metrics and solutions.

Software platforms offer benefits like:

Real-time assessment. You can see your actual performance in real time on dashboards. This prevents decision making based on bad assumptions.

Faster reaction time. When it is clear that spending or other activities are excessive, you can handle it quickly before things get worse.

Minimizing errors. Reduce or eliminate the human errors that come with data entry and complex calculations. Prevent misunderstandings.

Better benchmarking. With the availability of real data, you can set better goals and get better at hitting them.

Halt counterproductive activity. The risk management software identifies activities that are counter to your compliance goals.


We invite you to find this kind of success with the help of Cresen Solutions. We offer a robust set of solutions, including Monitor-Mate, a global compliance monitoring platform with integrated global risk assessment functionality built right in.

We’re also the developers behind Data EZ, the powerful cloud-based platform that supports the aggregation, cleansing and standardization of data for global transparency.

If you need help determining your KRIs, we offer life sciences consulting services that help you excel at the complex tasks that come with compliance monitoring. Our talented life sciences professionals have decades of combined experience and will help your company build a compliance roadmap that supports the RAMP process to keep you on the right track.

Contact Cresen Solutions

Topics: Key Risk Indicators in Compliance Monitoring

Share this post on: