Compliance Dashboard: Trust, but Verify

Engineering policies that are not measured are policies that are not followed.

The compliance dashboard converts our delivery workflow from aspiration into auditable evidence.

What the Dashboard Measures

Every engineering deliverable produced through our workflow is supposed to follow the same path: plan, independent review, implement, independent review, ship. The compliance dashboard answers a simple question: did it actually happen?

For any window of work — the last 24 hours, the last week, an entire project — the dashboard scans every commit, classifies which ones required review, and checks whether review evidence exists for each. The output is a single number: the percentage of reviewable work that received independent review.

Why the Question Matters

Without measurement, workflow compliance drifts. Reviewers get busy, deadlines compress, and "we'll review the next one" becomes the default. We saw this directly in our own historical data: when we first instrumented the dashboard, compliance was running at 4 percent. That number was a wake-up call. It has since climbed past the 80 percent threshold and stayed there because the dashboard makes drift visible the day it happens, not the quarter after.

How Compliance Is Calculated

The calculation is deliberately transparent so that any client or auditor can reproduce it from the underlying repository:

1. Scan recent commits over a configurable window (default: 24 hours).
2. Classify each commit by its purpose. Documentation, formatting, sync, and merge commits are skipped — they do not require independent review. Feature work, fixes, refactors, performance changes, and security work are flagged as reviewable.
3. Check each reviewable commit for review evidence. Evidence sources include approved plan markers, recorded review files in the planning archive, formal review reports, and review keywords in commit messages.
4. Calculate the rate: reviewed commits divided by reviewable commits, expressed as a percentage.
5. Compare against the threshold: 80 percent by default, configurable per project.

Example Output

============================================================
Compliance Report — Last 24h
============================================================

Total commits:      42
Skipped (docs/etc): 19
Reviewable:         23

Reviewed:           1
Unreviewed:         22
--------------------------------------------
Compliance rate:    4% (threshold: 80%)
Verdict:            FAIL

This is the actual output from an early audit run. The verdict line is what made the problem actionable: not a 60-page report, but a one-line score that anyone on the team could read in three seconds.

Enforcement Levels

The dashboard is one half of the compliance story; gates that block out-of-policy work are the other. We operate at two enforcement levels depending on project criticality:

For client engagements, we default to hard enforcement. The cost of letting one undetected unreviewed change slip into a deliverable is higher than the cost of a five-minute review pause.

The Audit Trail

Behind the dashboard's single compliance number sits a structured log trail that makes every claim verifiable:

Each log is append-only and timestamped. If a regulator, partner, or client asks "did your team follow your stated review process on project X between dates A and B?", the answer is reconstructable from the logs alone — we are not relying on memory or after-the-fact reconstruction.

Why This Matters for Clients

Three concrete benefits flow from running this dashboard on every project:

1. Defensible deliverables. When we hand over an analysis, we can show that every reviewable change passed through independent review. The audit trail is part of the deliverable, not separate from it.
2. Early drift detection. Compliance dropping from 90 percent to 70 percent over a week is a leading indicator that something has changed in how the team is working. We see it immediately rather than discovering it during a delivery review.
3. Accountability without ceremony. The dashboard does not require status meetings or compliance officers to function. The numbers update automatically, the gates fire automatically, and the logs accumulate automatically. The team's energy stays on engineering work.

Integration With Project Delivery

For client engagements, the compliance dashboard runs nightly via scheduled jobs. When the rate drops below the threshold, the system automatically opens an internal ticket capturing the affected commits, the missing evidence, and the responsible reviewers. By the time the next workday starts, the gap is already on someone's queue.

For high-criticality work — safety-relevant analyses, structural assessments backing regulatory submissions, or anything labeled engineering-critical — we track a separate, stricter compliance rate. This rate has its own threshold and its own escalation path. The principle: not every change carries equal weight, and the measurement should reflect that.

Key Takeaway

The compliance dashboard is what turns a stated workflow into a verifiable workflow. We do not ask clients to take our word for whether our engineering process was followed. The number is published, the logs are auditable, and the gates fire on every commit regardless of who is at the keyboard. That is the difference between a quality system and a quality slogan.

Want auditable engineering with measurable workflow compliance built in? Contact ACE Engineering to learn how this dashboard pattern integrates with your project governance.