Tracking effectiveness
What credible evidence looks like
As due diligence expectations move from policy to practice, the question organisations are asked is changing. It is no longer only "what have you done", but "did it work", and "how do you know". Answering that second question requires a different kind of evidence - evidence of effectiveness, not just evidence of activity.
Many organisations already hold large volumes of documentation: policies, training records, audit reports, supplier declarations. The presence of these documents is often mistaken for the presence of evidence. The two are related, but they are not the same thing.
Activity is not the same as effectiveness
A training session delivered, a policy issued, or an audit completed are all activities. They show that something happened. They do not, on their own, show whether the issue the activity was meant to address has improved.
Effectiveness looks at what changed afterwards - whether incidents reduced, whether corrective actions were sustained at the next audit, whether worker feedback on a specific issue shifted over time. This is a different layer of evidence, and it is the layer most often missing.
What makes evidence credible
Credible evidence is traceable - it is clear which risk or action it relates to, and where it came from. It is consistent over time, so a single positive data point can be seen in the context of a trend rather than treated as proof on its own.
It also holds up to some form of verification beyond self-reporting. Evidence that consists entirely of an organisation's own statements about its own performance carries less weight than evidence that can be cross-checked against audits, grievance records, or independent feedback.
Where evidence commonly falls short
A common pattern is the one-off audit: a finding is recorded, an action is agreed, and the file is closed - with no record of whether the action was implemented or whether it addressed the underlying issue at the next review. Without that follow-up, the audit shows activity, not effectiveness.
Another common pattern is fragmentation. Evidence relevant to a single risk area may exist across supplier files, audit reports, grievance logs, and internal emails, in different formats and held by different teams. When that evidence is requested, the work of pulling it together can take longer than the original due diligence activity did.
Building a tracking approach that holds up
The starting point is to define, for each significant risk area, what "working" would actually look like - a measurable change, not just a completed task. From there, evidence can be collected against that definition on a consistent cadence, rather than gathered retrospectively when a report is due.
Kept this way, evidence becomes something an organisation can retrieve, explain, and account for when asked - rather than something assembled under pressure. Helping organisations build this kind of structure, using the records they already generate, is core to how Strategine supports its clients.
Next step
Ready to close the gap between policy and practice?
We help organisations turn due diligence commitments into a working system, using the evidence they already have.