Think of it as the compliance version of The Butterfly Effect – a small, unnoticed, action, or failure to act, somewhere in the organization that balloons over time into a much larger, material issue.
Maybe an employee is late on an annual cybersecurity training, barreling through their inbox without considering the single, innocuous link they just clicked will open the door to a massive data breach. Maybe workers at a branch office are spending a lot of time accessing policies around misconduct – and fearing retaliation, they report concerns of a hostile workplace to the media instead of an internal reporting channel. Or maybe employees across the organization are consistently reporting a specific issue made prominent through evolving societal trends, risking a toxic morale problem due to the lack of a corresponding company policy on the matter.
Each of these scenarios represents a case in which Compliance, with visibility of their operations “under a single pane of glass” may have been able to detect concerning trends and act before it was too late. This platform approach – uniting activities like internal reporting, training and conflict of interest disclosures – allows an organization to collect data that can be utilized to understand the health of the compliance program, mitigate risk and make course corrections as needed.
It’s easy to imagine a platform approach being advantageous for Compliance – and, in turn, the organization as a whole. Is a work site with a high level of a certain type of reporting receiving proper training around the corresponding issue, for example? On the flip side, do low scores in a certain training module at a branch office suggest a cultural problem and the potential for misconduct? Are employees reporting potential conflicts of interest that could tarnish your reputation?
These signals all suggest opportunities for Compliance to intervene early. Yet too often, internal reporting, training, disclosure management and other activities live in their own functional silo. Managers of those operations may each have a seat at the table, but without a single platform view, the risk still exists of a key trend falling through the cracks.
So, what does it all mean?
These observations help suggest the value of a platform approach to compliance. When compliance data is consolidated in one system, organizations can consistently analyze the relationship between the rates of completion for their training courses and the reports they receive from their whistleblowing and incident management programs. By compiling this data into a comprehensive report and analyzing it by risk type, organizations can obtain valuable insights into any potential areas of risk within their operations.
This analysis can be instrumental in identifying patterns or trends that may signal the necessity for redeploying or adding training courses aimed at mitigating specific risks. For example, if an organization looks at the risk type of retaliation and sees a high rate of incidents related to that type, they can compare it to their harassment training completion rates or scores. If the training scores are low or completions are down, this can spur the organization to be proactive and deploy or encourage their employees to complete the course.
View original article at Risk & Compliance Matters
