As I’m sure you’ve read about in my colleagues’ blogs, we just held our Client Advisory Council (CAC). We hold this event annually but this was my first time attending. I’m new to the governance, risk and compliance (GRC) arena and this was a great opportunity for me to engage in meaningful conversations with thought leaders, industry experts and clients.
The sessions and conversations during the event were thought provoking and helped to drive valuable discussions among the group. As a Product Manager working in an agile environment, many of the sessions and conversations during the event reminded me of similarities between the needs driving an agile development environment and an entity’s compliance training program.
What is Agile Development?
Agile development came about from a group of people trying to find a better way to manage software development, a way that would be more efficient and effective than the traditional waterfall approach.This group created the Agile Manifesto which ultimately led to a flexible way of managing IT projects and development teams that inherently drives collaboration and visibility across teams and business units. Based on the manifesto, while a plan is valued, the ability to respond to change is valued more; while processes and tools are valued, individuals and interactions are valued more.
Merriam-Webster defines agile as “quick, smart, and clever” as well as “able to move quickly and easily”. A primary focus of and benefit from being agile is the ability to effectively and quickly respond to change. Something that resonated with me throughout the speakers’ sessions and conversations with clients alike is the need for companies to be able to respond to change in an agile manner, especially as it relates to their compliance training programs.
What Can Compliance Learn From Agile Development?
“Effectively responding to change” is a pretty general statement. What does this mean as it relates to a company’s compliance training program? During the CAC, FCPA expert Tom Fox presented a session on Managing Fraud and Corruption Risks in Mergers and Acquisitions where he focused on the importance of pre M&A due diligence and post M&A remediation with emphasis on global markets. I thought this was a great example. Does your business ethics training program provide the flexibility and responsiveness to manage the inherent time constraints of an M&A environment? What about the complexities and risks involved with global emerging markets?
Companies require employees to complete code of ethics training and read and attest to policies as part of the employee on-boarding process. But what about being able to distribute policies and compliance training to employees outside of the initial employee on-boarding period? This is a common mistake we see in the marketplace; companies tend to view code of ethics training as a “once and done” exercise. When an employee transfers departments or geographical locations, are applicable policies and training materials distributed? What about when the code is refreshed?
Staying Current in Today’s Rapidly Changing World
I recently reviewed the 2013 Corruption Perceptions Index which scores countries and territories “based on how corrupt their administrative and political institutions are perceived to be.” The Index assigns a score between 0 and 100 with zero being the most corrupt. Of the 177 countries included in the index, over two-thirds of them scored below 50. Somalia, North Korea, Afghanistan, Sudan, South Sudan, Libya, and Iraq were the countries perceived to be most corrupt. No countries received a perfect score of 100 and the United States was ranked 19th. Looking at this same index from 2010, the top seven most perceived corrupt countries included only 4 of the 7 from 2013. A robust business ethics training program should take into consideration the rapidly changing world landscape and the corruption risks that follow.
Going back to my earlier example, if you only give your employees compliance training during on-boarding, what happens when these geo-political currents change? It should become a high priority to refresh anti-bribery training with a particular focus on those geographies. Ethics and compliance professionals would do well to adopt an agile mentality when it comes to anti-bribery training, or really any kind of employee compliance training.
Agile Compliance Training Tools
There’s great value in having a compliance training program that includes thorough processes and robust tools. As a Product Manager, solving market problems through software is my bread and butter. But if the tools don’t take into consideration the individuals and interactions behind those tools, they’ve missed their mark. A recent article highlighted in The Network’s WIND (Weekly Industry News Digest – you can subscribe here) publication reminded me of this key agile value.
IndyCar driver Helio Castroneves was placed on probation through June 30th for violating the Verizon IndyCar Series social media policy when a tweet was sent from his official Twitter account featuring a thumbs down image in the middle of the series’ logo along with comments criticizing Race Control for their actions, or lack thereof, during the race. The violation was not Castroneves’ first. Three years ago, he was fined $30,000 for tweeting disparaging remarks about IndyCar’s president of competition Brian Barnhart from his Twitter account.
While it’s important and necessary to have tools that track employees’ attestations to policies and completion of training courses, it’s also important to remember the primary goals and objectives of a successful compliance training program. At the end of the day, it’s not about rolling out the training; it’s about ensuring your employees are well-educated and understand the behavior you expect and what to do when they witness behavior that doesn’t comply. Utilizing an agile mindset will help ethics and compliance professionals achieve that goal.