In a recent interview, OCEG‘s Scott Mitchell discusses integrating your compliance training with the entirety of your GRC program (such as your policy management system and whistleblower hotline) with The Network’s Jimmy Lin, VP of Product Management & Corporate Development.
Scott Mitchell: How important do you think, or I suppose you and I would both agree it is important, but if the call to action is ‘if you see something, be able to act on it in some way, shape or form’, and even if we look at really the background of where The Network started many, many years ago around the whistleblower hotline solution, but how connected should education and communication be to things like your policy management system, your whistleblower hotline, etc., aside from saying it should all be connected. Is there a sweet spot or are there certain connections that are more important than others?
Jimmy Lin: To me the trend that I believe the industry needs to move into is really this blurring of the lines between policies and training, this concept that we used to get a nice legal written document as a policy. Here is a 10-page document on what not to do and we know that people don’t read it, we know that they don’t embody it, they don’t understand it, for that matter. It’s sort of written very technically. I think those aspects, when you think about how training can really help pull out the gist of what you’re trying to get employees to think about, when you want them to understand what their behavior should be, what they should be acting on and what are specific things they should be look for. Not only what are the things they shouldn’t do, but what are the things they should do. A call to action of ‘if you see this do, this next,’ right. I think a lot of employees get confused about ‘oh, I saw something but I don’t really know what to do with that information. I saw someone hacking our accounting system. Who do I tell? What do I do with that? Should I even say anything?’ So, I think there is a lot of confusion around that, that when you think about training and policies I think there’s really a 2 for 1 there that we have to thinking about, that that’s really just one long spectrum of how we communicate and get our employees to really embody those values and those polices and not just about hey, there is a policy on the shelf but then there’s also training that goes with the policy.
Scott Mitchell: So kind of add that as an integrated piece.
Jimmy Lin: Yes, and thinking about that really is one big continuum of how do I drive that message to the employee base? I think there are a lot of other aspects that obviously help drive how you think about training, specifically. So, if you’re getting a lot of incident reports around harassment from your Atlanta office well, how do you drive sort of remediation on that? There may be additional harassment and discrimination training everybody has to go through. It may just be that folks weren’t aware of the policy or understand what harassment looks like. So, how do you drive that particular message? That can be a strong influence for training, but I think at the end of the day if your training is well coupled with your policy base then you don’t have a decoupling of what your policy says and what your training is trying to expound on.
Scott Mitchell: Yes, and as you update one you know by definition you update the other, especially if it’s part of an integrated program.
Jimmy Lin: Right, and I think really the integration is thinking about how you illustrate that policy, how do you bring that to life? Going back to our discussion about trying to address different generations of work force, there are a lot of the younger generation that likes to see the interactive. They want to see, they want to be shown, ‘what do you mean by that? Show me that scenario.’ I think that can really benefit everybody to understand not only conceptually, ‘hey, this is what harassment looks like’ but ‘hey, this is how it may play out in real life,’ right, and being able to apply that at least in your mind of ‘hey, I think I’ve seen that kind of situation before’ or ‘oh, last week I saw Joe talking to Suzy that way. I wouldn’t have thought of it as harassment then, but now after I’ve gone through the training and better understand what it is and what our policy is around it I may go back and call that out.’
For More Information About Compliance Training And Policy Management Systems, Check Out These Resources:
- Blog Post: Building A Policy Management System For Behavior vs. Control
- Blog Post: 4 Ways To Ensure Ethics And Compliance Training Is Effective
- Blog Post: A Policy Management System That Promotes Engagement
Whitepaper | Investing In A Policy Management System & Compliance Training - The Front End of Compliance
Investments in the “front end” of compliance management, in areas such as policy management and compliance training, drive employee awareness of new and updated standards and help mitigate the risks when misconduct occurs. Organizations that fail to invest in this “front-end” compliance run the risk of poorly communicated or outdated policies and a lack of employee engagement. This whitepaper, authored by Blue Hill Research and commissioned by The Network, discusses the importance of “front-end” compliance and explains the four phases of compliance activity required to turn regulatory requirements into effective compliance practice.