Mission Critical: Managing Compliance Training
By David Wentworth, Senior Learning Analyst, Brandon Hall Group
In 2012, The U.S. Occupational Safety and Health Administration (OSHA) conducted 93,438 inspections; found 200,662 violations; and levied nearly $200 million in fines (http://www.BLS.gov). As of February 1, 2013, the SEC had collected $2.68 billion in penalties and other relief in response to the financial crisis (http://www.SEC.gov). These are just two of the seemingly innumerable regulatory bodies that can have a tremendous impact on how an organization conducts itself.
Compliance is a topic organizations often struggle with. It can be difficult to manage; it is not always the most engaging subject; and it requires input from many parts of an organization. Among all of the issues the Learning function deals with, compliance is the one that can have the greatest consequences if it is mishandled. Most organizations are at least somewhat under the influence of an external agency (or even several)—download Figure 1 below.
In a recent Brandon Hall Group Compliance Survey, more than two-thirds of organizations said that demonstrating compliance to an outside agency was either very or critically important. Even those organizations that say they do not need to report to an outside agency are likely to have internal compliance issues they need to address, including, but not limited to, company policies and procedures.
The importance is not limited to a small segment of the organization. It is not simply the responsibility of one person or even a team of people. Almost two-thirds of survey respondents said that more than 75 percent of their workforce is affected by compliance, meaning the implications go much further than many realize.
With so much riding on compliance, companies constantly are looking for better, more effective ways to meet their compliance obligations.
Critical to the Business
Make no mistake: Companies understand just how important compliance is to the organization. According to the Brandon Hall Group Compliance Survey, between outside regulators and internal rules, compliance shows up twice on a list of the top five most important learning programs. Regulatory compliance is No. 2, right behind leadership development; company compliance is No. 5.
When we talk about compliance, it can mean many different things to different organizations. Download Figure 2 below to see a general breakdown of what is included in compliance training for the average organization.
Another huge factor in compliance is the industry. There are industries such as aviation, banking, pharmaceuticals, health care, and mining in which regulation is an everyday concern. Other industries may only need to worry about compliance once a year. Highly regulated industries often have different concerns than other lines of business, including:
- Authenticity. It is not enough that employees take a course. Many highly regulated organizations require multiple levels of validated identity authentication, whether with e-signatures or physical identification.
- Integrity. These organizations require a secure learning system infrastructure. With more services being delivered in the cloud, companies are more focused on information security system standards (e.g., ISO, IEC).
- Confidentiality. The cloud presents issues around data privacy and control, so deployment options such as Secure SaaS (software as a service) become important.
- Availability. The architecture must allow material and systems to be available around the clock, but at the same time not interrupted by intrusion or denial-of-service-type attacks.
- Auditability. The ability to run internal audits of the compliance system and provide information to external auditors is paramount.
- Compliance regulations. The highly regulated industries have their own set of industry-specific regulations to which they need to adhere, and tracking and managing them can be a challenge.
If compliance is an important issue to your organization, one of the first steps that should be taken is to create a group or function that is dedicated to compliance. The survey found that 78 percent of organizations have such a group. The key is getting the right people involved. Compliance is not only a Learning issue, nor solely an HR issue. An effective compliance governance team is made up of representatives from a wide range of functions that may be affected by compliance. This can include Legal, Operations, Quality, Finance, IT, or the C-suite.
Depending on the breadth and depth of necessary compliance training, delivery can become complex. To manage that complexity, most organizations turn to a third-party learning management system (LMS). In fact, 50 percent of organizations in the survey use this type of platform to execute compliance training. However, 31 percent use a system they’ve developed in-house. Typically, it is security or integration issues that drive the need to keep systems like this in-house, but the advances in SaaS delivery and cloud technology are quickly making those concerns obsolete.
Even if everything can be managed and delivered flawlessly, it can all be for nothing if the system is unable to properly track and report on the compliance training. Many industries find themselves in relatively regular auditing cycles, while others need to be prepared for more ad hoc inquiries into their compliance levels. Either way, the inability to produce clear reports to regulators can nullify even the best training. Less than 60 percent of respondents indicated that their company was either highly or very highly prepared for a compliance audit.
Regardless of the governance and delivery of compliance training, it eventually all boils down to the content. Where does the most effective compliance content come from? The survey found that the vast majority of organizations (65 percent) are designing and delivering content they have created in-house. The rest comes from training providers or the regulatory agencies themselves. But how effective are these materials?
The survey found that most companies believe their own in-house material is the most effective, with customized content from a training provider a distant second. It would appear that compliance is such a critical topic that many organizations do not trust anyone outside to create effective content. Even when they do use content from an outside source, many companies will customize the content to better suit their needs.
Interestingly, companies find material from the regulators themselves to be the least effective content for compliance.
Steps to Success
Take a regimented approach to compliance to ensure that nothing falls through the cracks and ends up causing problems down the road. Preparation is the key. Lay out all of your organization’s regulatory obligations and detail what is required to meet them. Once that is set up, it becomes a matter of:
- Communicating requirements to users. Make sure everyone knows what is required of them and why.
- Pushing out compliance training. Get the right training to the right people.
- Monitoring compliance and follow-up. Keep track of the process and make sure it is being executed properly.
- Validating and auditing. Conduct internal audits to identify potential issues before they are found during an audit by an external agency.
A system that allows an organization to automate some or all of these processes can greatly cut down on the resources required to maintain high levels of compliance while at the same time increasing confidence that everyone is staying in compliance.
To read a related complementary white paper on the Strategic Potential of Compliance Training, visit http://go.brandonhall.com/potential_of_compliance_training_TM
David Wentworth is a senior learning analyst at the Brandon Hall Group. With more than 10,000 clients globally and 20 years of delivering research and advisory services, Brandon Hall Group is an established research organization in the performance improvement industry. Brandon Hall Group has an extensive repository of thought leadership research and expertise in its primary research portfolios—Learning and Development, Talent Management, Sales Effectiveness, Marketing Impact, and Executive Management. At the core of its offerings is a Membership Program that combines research, benchmarking, and unlimited access to data and analysts. Members have access to research and connections that help them make the right decisions about people, processes, and systems, coalesced with analyst advisory services tailored to help put the research into daily action. For more information, visit http://go.brandonhall.com/homeand http://go.brandonhall.com/membership_TM