When a company realizes it is falling short of its goals for improving operations, expanding offerings, or connecting with customers, it will typically define what it wants to achieve, identify relevant metrics, and then test various strategies until the metrics show progress toward the goal. It’s a method that works, and businesses use it to handle any problem they actually care about. As a result, the adage “We measure what we treasure” applies.
But something odd is going on when it comes to diversity, equity, and inclusion (DEI). Although tracking data is key to doing better in this arena, most companies have yet to adopt evidence-based, metrics-driven practices—even though they’ve acknowledged DEI as a moral imperative and recognize how it can help their bottom line.
That is illogical. In reality, without metrics to assess current status and track progress, DEI activities will always be a guessing game. And, as CFOs are beginning to discover, this may be quite costly. According to Iris Bohnet of Harvard Kennedy School, US corporations spend around $8 billion per year on DEI training—but achieve very little. This isn’t a new occurrence: Alexandra Kalev, Frank Dobbin, and Erin Kelly published a significant research in 2006 that indicated that many diversity-education programs resulted in little or no increase in the proportion of women and minorities in management.
It is not enough to just emphasize the value of diversity if you want to see real change. Consider the following: Assume a corporation with low sales decides to solve the problem by holding a serious, companywide discussion about how much everyone appreciates sales and then organized a national Celebrate Sales Month. Do you anticipate a significant increase in sales as a result?
Probably not. A company that’s committed to solving its problems uses metrics to identify trouble spots, establish baselines, and measure progress. So why aren’t companies doing that in the DEI arena?
Much of the answer has to do with risk. All too often, when an HR chief or a DEI head proposes a metrics-based plan for achieving DEI goals, it gets rejected because others in the company worry about the legal exposure it creates.
To be fair, some types of diversity metrics can indeed be useful to plaintiffs’ employment lawyers because they can provide concrete evidence of discrimination against a protected group. It’s understandable that in-house attorneys and midlevel managers may be uncomfortable collecting certain information for fear of helping adversarial lawyers write class-action briefs.
But although gathering diverse data can be risky, there are risks in not doing so. Companies today acquire data about virtually everything else, so their failure to track diversity statistics sends a message of indifference—or, worse, may be taken as evidence that the company has allowed bias to flourish.
In truth, there is no need to be concerned about implementing DEI measurements. Businesses often handle sensitive information and face legal risks in order to achieve their commercial objectives. How many businesses, for example, would refuse to examine and remedy their cybersecurity weaknesses because they were afraid of being sued for a data breach? The critical question for corporate executives is this: Do we really want to find out about our DEI record after we’ve been sued?
This article will help you take stock of your DEI goals, assess your tolerance for risk, and adopt practices that will make it easier to reach your goals while also mitigating the risks.
Choose the Right Metrics
Many companies assume that diversity metrics are all about the “body count”—how many women, people of color, and perhaps members of other underrepresented groups they employ and in what positions. Those are outcome metrics, and they’re important. They’re a good indicator of bias, vital for establishing a baseline against which progress can be measured; and necessary for assessing the effectiveness of various interventions.
Every organization dedicated to DEI goals must carefully monitor result measures. In certain cases, doing so and making the data public is even mandated by law. Nevertheless, outcome metrics simply tell whether you have an issue, not where it is occurring or how to resolve it. And you may face a public relations challenge: if all you do in your DEI job is measure demographics and then hastily handle the issues that arise, you’re likely to publish the same results year after year. It may be a public-relations nightmare, and it can also be detrimental to staff morale.
To do better, you need process metrics, which can pinpoint problems in employee-management processes such as hiring, evaluation, promotion, and executive sponsorship. If your outcome metrics tell you, say, that you don’t have enough women or people of color on your staff, process metrics will tell you where exactly to focus your attention to bring about meaningful change. Examples of these metrics include the speed at which people of color move up the corporate ladder and the salary differential between men and women in comparable jobs.
Determine Acceptable Risk
Acceptable Risk can be determined using a metrics-based approach that involves assessing the likelihood and potential impact of a risk event occurring.
Here are the general steps you can follow to determine an acceptable risk using a metrics-based approach:
- Identify the risk: Begin by identifying the specific risk event that you are evaluating.
- Determine the likelihood of the risk: Assess the probability or likelihood that the risk event will occur. This can be based on historical data, industry trends, or other relevant factors.
- Determine the potential impact of the risk: Evaluate the potential impact of the risk event on your organization or project. Consider the financial, reputational, legal, and operational consequences that could result from the risk.
- Assign a risk score: Use a risk matrix or other tool to assign a risk score to the event based on its likelihood and potential impact.
- Evaluate the risk score: Review the risk score and compare it to your organization’s risk tolerance. If the score is within an acceptable range, the risk may be deemed acceptable. However, if the score exceeds the organization’s risk tolerance, you may need to take action to mitigate the risk or avoid it altogether.
- Monitor the risk: Even if a risk is deemed acceptable, it is important to continue monitoring it over time. This will allow you to detect any changes that could affect the risk score and take appropriate action if necessary.
Create a Plan for Action
Many companies that are devoted to DEI goals must carefully monitor result data. In certain cases, doing so and making the data public is even mandated by law. Nevertheless, outcome metrics simply tell whether you have an issue, not where it is occurring or how to resolve it. And you may face a public relations challenge: if all you do in your DEI job is measure demographics and then hastily handle the issues that arise, you’re likely to publish the same results year after year. It may be a public-relations nightmare, and it can also be detrimental to staff morale.
Start small
Launching a pilot is a good idea because it will help you fine-tune your intervention in an iterative fashion before rolling it out companywide—a sensible course of action when it comes to both organizational change and risk management. Starting small also helps ensure that you can identify an effective way to make progress toward your goal without undue delay. Pilots should be overseen by a cross-disciplinary change-management team that has a clear mandate, specific goals, and a limited time frame. That team will need an engaged executive sponsor and a manager who is a diversity champion, or at least someone who is open-minded and willing to be guided by HR or the project team. Don’t try to solve every problem in one fell swoop, and keep in mind that making progress on a single issue may require a multifaceted intervention.
Build the business case
Making the business case entails convincing key stakeholders in your organization that a focus on diversity, equity, and inclusion can help them thrive in their roles. Make it obvious to your CEO and the board how it will improve your company’s goods and services, public image, and earnings. Show management how effective DEI initiatives may make it simpler to engage with various clients if you work for a consumer products firm. If your organization is in the technology industry, underline how inclusiveness may help you prevent prejudice in your artificial intelligence. (For example, facial recognition technologies have a history of misidentifying persons of race.)
Control expectations through careful messaging. Don’t create expectations you can’t fulfill. The most effective message is that the company is wholeheartedly committed to unlocking the potential of its most important asset—its human capital. But DEI challenges reflect the fact that bias commonly colors many talent-management activities (from recruiting employees to developing and retaining them), and it’s often a factor in informal workplace interactions too. The best path to achieving DEI goals is to aim for a sustained series of small, incremental improvements. Success will take time, so as John Kotter recommends in his organizational-change model, use your metrics to measure and celebrate wins.
Consider limiting access to your metrics
A key difference between risk-averse and risk-tolerant companies is openness about diversity metrics. Some companies widely share enough data to paint a clear picture of the company’s DEI profile, and this approach has many advantages. In our work, especially with companies with a high level of anti-diversity backlash, we have found that letting managers see key statistics can supercharge buy-in.
But that is not the only option. Risk-averse companies can restrict the dissemination of DEI data in the same way that they restrict the dissemination of any other sensitive information, giving access only to those who are already accustomed to handling such material. For such companies, the real question is this: To create an effective DEI program, who needs to know your metrics and corrective action plans? You’ll want somebody to analyze the data and take the lead on developing the plans. Typically, that’s someone in human resources. You’re also likely to want your head of HR, your DEI officer, the members of your project team, and its executive sponsor to be informed.
All companies should think carefully about which data to share widely and which to hold closer to the vest. Sometimes keeping the circle tight can be important for morale because any problems you find might take some time to solve. Not everybody in the company must know every metric you are tracking.
Create a DEI data protocol
Remember that when it comes to DEI risks, problems often arise not from the metrics themselves but from what people do as a clearer picture of the company comes to light: the notes they take, the emails they send, and the discussions they engage in. Anyone with access to diversity metrics needs to be trained to know what is and isn’t permitted on this front and how to recognize information that should be shared only orally, not in writing. And there should certainly be no joking on paper: Often that’s where the trouble starts. People also need to be trained to avoid drawing legal conclusions about the way any employee is treated. That’s a job for lawyers.
Risk-averse companies should consider creating a data protocol with several key characteristics. It should name and describe your project. It should identify the members of your project team, including a well-trained “data protocol officer” who is in charge of properly gathering and using sensitive information. It should clarify who is authorized to analyze the data. It should establish a procedure for adding new members to the team. It should delineate the scope of the team’s work. And it should make two more things clear: that nobody may share sensitive information outside the team without the data protocol officer’s approval, and that any violation of the protocol may lead to disciplinary action.
Create a sound data-retention policy
Most companies already have a policy in place regarding how long to keep other kinds of data. If possible, adapt that for use with DEI data. But whether you choose that course of action or start from scratch, make sure that your policy complies with local and other laws. And follow the general principle that you should retain your data only as long as necessary to identify problems and measure the effectiveness of specific DEI interventions.