With corporate scandals and cyber-attacks a fixture in the news cycle, organizations with mature training see greater positive outcomes, survey finds
Leading ethics and compliance software and services company NAVEX Global® today announced the release of its 2017 Ethics & Compliance Training Benchmark Report. The survey data shows that return on investment is greater for organizations with training programs deemed mature or advanced, helping them achieve risk mitigation and culture change.
“More than half of our respondents classified their training programs as at least mature and said they are better able to determine and then show the linkage between program maturity and training objectives to executives,” said Ingrid Fredeen, J.D., NAVEX Global’s vice president of online learning content and the report’s author. “Being able to sharpen the business case for training is important for compliance programs hoping to secure more funding at this critical time, when a scandal or cyber-attack can have swift and sweeping negative effects on an organization and its brand.”
The survey findings represent more than 900 respondents, over half of whom were senior managers or directors. Forty-eight percent of respondents said their training programs were maturing – meaning they have a basic plan for the year that covers risk and role-based topic assignments. Effectiveness measures for these programs are limited to completion rates and qualitative feedback.
Another 10 percent of respondents said their programs were advanced – meaning they have a sophisticated multiyear training plan that covers a variety of topics assigned to specific audiences based on need and risk profile that includes live and eLearning, short-form and long-form courses and a variety of engaging formats. These programs also have a disciplined approach to reporting and measuring training effectiveness that focuses on training outcomes. Larger organizations were more likely to have mature or advanced programs.
“Making an investment in employee training can be a significant expenditure for organizations,” Fredeen said. “But as this year’s results show, without the investment, efforts can be wasted because the program is not effective or supportive, and employees can become disengaged.”
Echoing previous year’s results, training at the highest levels continues to be a potential problem spot. Thirty-six percent of respondents said their organizations don’t provide ethics and compliance training to their boards – and another 21 percent said they didn’t know whether they did. Additionally, just 25 percent of organizations train their boards on cybersecurity.
But survey respondents are clearly concerned about complying with laws and regulations, likely influenced by recent corporate scandals and cyber-attacks. The order of the top two training objectives identified by respondents flipped this year compared with 2017, with complying with laws and regulations edging out creating a culture of ethics and respect for the spot.
“Those two objectives are usually atop the list, but the switch in order this year is likely a result of people thinking differently about the need for training programs,” Fredeen said. “Some organizations could be wondering what is under a rock today that could go public tomorrow.”
Many respondents (about a third to half) indicated that they were unsure what outcomes their ethics and compliance training program has achieved, as few attempt to demonstrate a return on investment. Analysis suggests that organizations with sufficient budget (mainly ones at an advanced stage of maturity) experience lower employee turnover. However, about a quarter of organizations don’t have a dedicated budget for ethics and compliance training, similar to the 2016 findings.
“That’s a troubling finding, one that’s shared equally across organizations of all sizes,” Fredeen said. “The difficulty in showing return on investment and effectiveness, of course, ties back into a lack of dedicated budgets. Dedicated budgets also ensure predictability and allows for long-term planning – especially in an environment in which compliance professionals are regularly asked to do more with less.”
Other key findings include:
- Organizations define a culture of ethics and respect in various ways; the two most common definitions highlight a culture that creates a workplace that encourages people to speak openly and aligns with regulatory requirements.
- Just 41 percent of respondents said they provide training on cybersecurity, a surprising finding given the regular appearance of cyber breaches in the news.
- Just 43 percent provide training on speaking up and reporting/anti-retaliation.