Compliance management without Compliance training will fail
With compliance management – from data privacy to cybersecurity, from quality control to anti-corruption – becoming more and more important for any kind of business, it is essential to design a compliance program that’s proportional to your company’s risks. Once the program has been established and policies and processes have been created, these have to be cascaded to all employees through compliance training.
Good training must reflect policies and procedures by showing employees the connection between the compliance objectives the company wants to achieve, and the policies and systems the company uses to manage daily operations.
Deliver training that is precise and not a one size fits all program. The material might take the form of e-learning courses; written manuals; online gaming or any other. The format does not really matter as long as employees engage with the training and can see that it is a sincere eff ort to respect their time and treat them like ‘partners’.
It is important to cater to your audience as not all employees need all training in equal amounts. Automated training programs can help you sort employee groups and training material to effectively assign the right training to the right employees. The frequency with which you send training material might need to be adjusted according tothe risk environment of different employee groups. Employees or partners working in high risk environments will need to be trained more frequently.
If you choose an external vendor to create your material, they might also be able to work with you to match training materials to your risk assessment and employee base. Effective training programs should not only address what employees do but also the environment where they do it. Developing materials in employees’ local language is the obvious example.
You might also have employee populations without easy access to computers or employees who travel extensively. A web-based training program would allow employees to take the training via their mobile device. Employ an integrated platform to track group training results and to send automated notifications to employees that haven’t completed their training.
But tracking is not an end in itself. Assess the effectiveness of your training program by tying it to desired outcomes. For example, more awareness amongst employees could perhaps trigger a higher rate of whistleblower reports. Let’s have a look at some potential training course: * The fundamentals of the GDPR, its key principles, scope of application and sanctions.
* Personal and sensitive data, threats to the safety of data and IT protocols on data security.
* How to keep digital information from unauthorized access.
* General guide to employees on how they should behave when faced with corrupt demands.
* Procurement Fraud, Billing Schemes and CEO Fraud, raising awareness on fraud schemes..
* Cartels, Abuse of a Dominant Position and Interacting with Authorities.
* Personal and Business ethics; making ethical decisions. After going through all this, you may want to assign follow-up duties.In the end, everybody should be eager to help, because he or she is trained on the importance of ethics and compliance regularly. So we’re back to processes and procedures for governing employees and third parties: how to remediate weaknesses in our business practices, or whether to introduce more controls into our organization.
If you need assistance in creating the training programs, let me know; comments are welcome – contact me at Schumacher@eitsc.com