Have you considered the topics that you’re NOT going to train your employees on this year? It’s easy to think of all the topics you know you want to cover – or are legally required to cover; the reasons for these courses, such as FCPA training or HIPAA compliance training courses, are obvious and easy to justify. It’s almost harder to feel at peace NOT training an employee on a topic. Even once you’ve made the decision of what to cover, how do you determine the level of training required for each employee? Perhaps some employees require an advanced, in-depth, hands-on training on a certain topic, but others require a mere cursory overview.
OCEG Chairman Scott Mitchell and Jimmy Lin, Vice President of Product Management and Corporate Development at The Network, discuss how to take a logical, risk-based approach when designing your compliance training program. Scott starts the conversation by pointing out that many companies train all employees on certain areas, like bribery, despite the fact that many of those employees will never be in a position to bribe someone, for fear of looking as though they’re not doing enough. Jimmy responds with a variety of strategies that can be successfully implemented once you have a deeper understanding of your risks and employee base.
Scott Mitchell: Is there ever a point at which you say well, we’re not going to train and educate in this particular area? So, if one takes that risk-based approach to a logical conclusion, it seems like if we exclude the regulators and if we exclude the government for a moment, it would seem as though from a business perspective you would genuinely find certain areas where it doesn’t make sense to train these people on this particular risk area.
But then, if we do include the regulators and the government, it’s almost like you would loathe doing nothing in a certain area because you don’t ever want to be perceived as doing nothing, even though the risk assessment may come back and say this population really isn’t at risk. We keep using the example of being able to bribe anyone. They’re just not in a position to do it. How do you balance that using that risk-based approach with at least getting coverage across the board despite low risk and still doing something? Or, do you find areas where indeed you do nothing? It’s like, oh no, you literally don’t need to train them in these particular areas.
Jimmy Lin: Well, I think that’s also speaking to the fact that you need more of that detailed view of your employee base to be able to do that. You need to understand who is doing what job and what potential it has to influence or not influence in those particular areas. So, when I think about the different strategies that organizations have employed, we have clients that think very advanced in nature and think about the fact that even though from a risk-based standpoint there’s less need within a certain target population of employees, they may still do sort of the bare minimum, sort of the check-the-box, you know, ‘hey, at least I gave them some awareness, I did something, right, so you can’t say I didn’t do anything.’
I think that’s still a very valid approach of making sure that you’ve at least had a, I’ll call it a foundational approach, for that broad base, but then when you really understand that oh, this set of employees, whether it’s because of the level of the organization, the access to systems that they have, the country that they might operate in, whatever those sort of parameters are, when you factor those in and you say well, specifically, these 46 employees need extensive training. It may be a combination of classroom training, of reminders every month, different programs that might go to them where you say ‘I know I have a high risk there and so I’m going to put in a lot more effort there,’ but it doesn’t mean you completely ignore other segments. So, I think striking that balance of making sure that you’ve at least built a foundation enterprise-wide, but really understand what are those risk groups, and how do you target those risk groups, and how to utilize your resources to target them. I think that’s extremely important in sort of thinking about the design of your compliance training program.
Next Step: The ROI of Compliance Training
We’ll be building on this conversation next week with David Houlihan, Principal Analyst of Blue Hill Research. Once you’ve implemented a risk-based approach, you’ll want to measure the impact compliance training has on your organization, but it can be difficult to figure out which metrics will most accurately and comprehensively measure your return on investment. David will share with us an overview of the role of employee engagement in the execution of training and effective measurement methods, as well as a variety of case studies.
For More Information About Building and Tailoring Compliance Training Programs, Check Out These Resources:
- Blog Post: Doubling The Impact of Your Ethics and Compliance Program
- On-Demand Webcast: Empowering Middle Management to Elevate Your Ethics & Compliance Program
- On-Demand Webcast: Justifying a Compliance Training Program Budget Increase In a Time of Scarcity
WEBCAST| The ROI of Compliance Training
Join us and David Houlihan, Principal Analyst of Blue Hill Research, for The ROI of Compliance Training as he discusses the underlying business needs and dynamics related to the role of employee engagement in the execution and value of training. Sign up today to save your seat!