I just read a great article from David Becker called "What's Your E-Learning Strategy for Compliance Training?" which you can find on the eLearning Guild website. You'll need to login to read it though, so I thought I'd post up the most important points I've extracted.
It's a timely article about being cost-effective with compliance training based on a) relevant risks b) method of training delivery.
Becker says risk can be assessed in 3 ways:
- Likelihood that a given risk will become a reality
- How often this risk will occur
- Impacts on the organization should it do so
He sites examples of companies that run in to specific industry-related problems such as sexual harassment, privacy, and health & safety. His message reads loud and clear that there is no blanket rule to cover all companies when it comes to compliance training. An extreme example would be a company that manages construction work sites does not need to offer staff water safety training. Although that seems obvious, Becker's research reveals a lot of companies are unnecessarily spending money on compliance training that has no real relevance once a risk assessment is done.
The development of a compliance training program is a 3-part process:
- Identify risks to be controlled
- Establish training objectives and address them
- Design and implement learning
Once you've established the risks specific to your environment and company (#1), Becker says these risks are then 'subject to a hierarchy of controls, with the higher controls being better than the lower ones at managing the risk.'
You then need to look at each risk and decide which control applies. Do you want to:
- avoid or eliminate the risk
- reduce the likelihood of it occurring, and minimize its impacts should it occur
- transfer the risk by outsourcing the activity or insuring against it
- retain the risk, in which case you budget for the risk being realized
With low risks where the chance of occurrence is high but the impact on the organization is low, something simple and cost-effective like an online training module with a basic assessment where results are recorded, transfers compliance responsibility to the employee. With a high risk that could potentially cause brand damage, a blended learning solution may be needed.
It goes without saying the depth of training implemented will vary according to other factors such as the 'organization