Last month I spoke about the six themes that repeatedly appear in discussions around successful compliance programs; six categories that each month we are looking at individually and in greater detail. I covered alignment last time, so today I want to look at the issue of the risk based approach to compliance.
When talking about risk based approaches, it is worth bearing in mind that when assessing risk, you need to consider
- Job roles – what do specific roles/titles require to perform their jobs? Does their job expose them to risk, can their actions result in risk to the organization?
- Geographies – how do laws, regulations, business practices and cultural issues of different geographies affect organizational risk?
- Nuances of the organization – what topics or issues relate to your industry or organization present the greatest risk to the organization
Theme 2 – Risk based approach
It is imperative that executives not just define, but own the risk management process. A huge part of this process is the prioritization of risks. Then once the risks are identified, and divided into high and low-risk categories, training efforts must be focused on the High-risk issues. Training methodologies with the highest rigor should be utilized for the high-risk issues; low-risk issues should receive minimal attention.
Furthermore, it is equally essential that your organization’s risks are aligned to both support key business goals and incorporate smoothly into your strategic plan. Typically we see revenue growth, expense reduction, risk reduction, and employee safety as the main areas of such focus.
Now that you have established your compliance strategy, it is time to turn your attention to your training program, which should be designed to train the right people, on the appropriate subjects, in the right way. To get the best results, training should be embedded in the daily routine of employees and practiced on the job. As I mentioned previously, application of rigor for high risk compliance training is essential; targeting the appropriate people with the training methodology that ensures retention and behaviour change is critical.
Real world example
A distribution company determined that given the nuances and different requirements of different part of their organization, their traditional compliance training while covering a variety of topics and on a regular basis to a large audience, was simply not the most efficient – or effective – way to train. For example, a Business Development Manager in one region might need more on Antitrust and less on Anti-Corruption training, while someone in another region might need more Anti-Corruption, or groups with access to material information would need an Insider Trading focus.
However, because Skillsoft content can be customized to address different needs for different audiences, they were now in a position to offer a variety of relevant training to each sector, giving focused courses to the most appropriate audience at the most appropriate time.
While it is accurate and correct to say that all training needs to be strategic, because compliance is complex and labyrinthine, it more than most needs to be designed and delivered where it is needed most. When evaluating options for a compliance training programs, consider individual and team goals, geographies – and alignment with the high priority risks for each for the organization. That will help to establish a comprehensive and targeted learning solution that best fits the needs.
One size does not fit all. Compliance training programs work best when they tailored to fit and meet the particular demands or requirements of the targeted learners.
Norman Ford is the VP of Operations at Compliance Solutions for Skillsoft.