I recently came across a fascinating book entitled “The Meaning of Meat and the Structure of the Odyssey” by Egbert Bakker. In this work, Bakker looks at the culinary aspects of Odysseus’ journey home from the Trojan War. Peter Thonemann, writing in the TLS, said that “Bakker’s book is a powerful illustration of the importance of food and culinary practices to past society.” In other words, the eating habits could be used to not only understand the past but also perhaps train those in the present about the “wider moral culpability” found in Homer’s work.
I thought about this different way of learning as I was reading a recent article by the Open Compliance and Ethics Group (OCEG) President Carol Switzer in the Compliance Week magazine, entitled “Playing the Game of Risk in Workplace Education”. Her article was coupled with a roundtable discussion of the subject and another in the OCEG, GRC Illustrated Series entitled “Risk-Based Education and Training”.
In the article, Switzer reminds us “one size does not fit all in deciding the content and intensity of training needs for each role or individual”. Recognizing that it all starts with a risk-based analysis of who needs the training is just the start. Switzer believes that by engaging employees in the training, it can become more effective. She looks to the world of gaming when stating that, “Well-designed games encourage engagement, and more engagement means more reinforcement, and that leads to better recollection and application of the information. Situational decision making drives the player to think, not just act. Making wrong choices and seeing the consequences leads to desire to act the right way and gain rewards, be it advancing to the next level of the game, earning a prize for success, or understanding that in the real workplace world the reward may be achievement of personal and organizational objectives.”
In her roundtable, she posed the question, “How do you suggest companies decide on the appropriate amount of training? Earl Jones, Shareholder at Littler Mendelson PC, responded that a company needs to evaluate where its risks are, “If the company is betting on international expansion, then intensive anti-bribery and corruption intensive training is a necessity for key employees. Also design training to build and protect sources of value. If an intangible asset, like a brand, is an important source of value, thoroughly train employees to identify, understand, and react to events or behavior that could impair the brand.”
When it comes to the scope and style of training, Steve Perreault, Global Head of eLearning GRC for Thomson Reuter, suggested you should assess your training by employee groups. You should “Understand things like: How likely is a group of employees to participate in activity that is related to a particular regulatory area? How complex is that regulation? What controls are in place already? Is this employee group responsible for making sure others comply with policies and regulations? You also have to consider what you will need to provide to evidence to regulators and courts that the program exists and is effective. Once you get that figured out, you must ensure that you stay on top of changes in legislation and enforcement, and revise policy, procedures, and training accordingly.”
Switzer next turned to measuring the effectiveness of training and how a company might determine this. Alisha Lynch, Global Ethics and Compliance Education Leader at Dell Inc., said, “Determining the scope and style of training should have several input sources. Most organizations have three- to five-year strategic plans, and training programs should be designed to support those plans and initiatives. One good analogy is that a training initiative should be like a physical fitness regime. You cannot exercise the same muscle every time to make significant improvements, and you cannot ignore the diet. A culture is like a diet. If the organization designs and delivers great training but the culture is toxic, probably no improvement will be made.”
In the GRC Illustrated Series, it suggests that companies take a risk-based approach to provide appropriate levels and types of training and education to different individuals across the organization. Some of the factors they suggest you review are the role of the individuals, geography, and their level of exposure to particular risk areas. Such an approach moves away from the ‘tick-the-box’ approach that generally renders such compliance useless. It also helps to ensure that there is a more effective use of budgetary resources by focusing training efforts to maximize the return on the investment. The piece advocates a three-pronged approach.
The first step is to define what you are trying to achieve. The piece recognizes that “while some organizations limit their training programs to what is legally required, more successful ones know that there are many reasons for developing a thoughtful, well-designed approach to employee education.” It puts forward that if training is done right, it will help the organization to achieve several goals. These include: the business Objectives; managing threats and business opportunities; it will address change in positive manner; it can help to ensure integrity and the company’s reputation; it can strengthen the business’s culture and ethical conduct; and, lastly, it can provide evidence that the company has complied with legal requirements such as the US Sentencing Guidelines and the Ten Hallmark’s of an Effective Compliance Program.
The next step is to design the training program, which is further broken down into three steps, which drill down into the specifics of training. By using these three steps, you can help to assure that the training will be effective for the individual but also for the nature of the risk involved.
The first is to design the training program. Steps include the development of curriculum using a risk-based model. You should set uniform methods for acquiring content, maintaining records, and reporting. This should be followed by the establishment of standards for selecting appropriate content, delivery methods, frequency, and assurance based on risk exposure. You can review any technological solutions for both e-learning delivery and documentation. Finally, you will need to consider training content revision when requirements or risk analyses change.
After the design of the training program, the next level is to design the specific training courses. Here you should establish your learning objectives and map the training to legal and competency requirements. You must always remember who is your audience and what their characteristics might be. You need to ensure that the content is timely and the instructors are effective. Finally, you will need to determine not only the most appropriate mechanism to deliver the content but also define the key performance indicators and determine methods to audit them.
The final design level is the individual’s training plan. Here you need to analyze what the person’s role is within the organization and use this to determine mandatory and risk-based training needs. You will need to consider modifying the risk profile based upon assessments given before and after the training is delivered and then adapt the training as an employee’s role and risk profile changes within an organization
For the delivery of the training materials, they also have a tripartite scheme. They break it down into high risk exposure roles; medium risk exposure roles and low-risk exposure roles.
High Risk Exposure Roles – are defined as those employees whose roles in an organization can significantly impact the company. Here expert subject proficiency is demanded and individuals should be able to act with confidence in a wide range of scenarios and conditions based on a strong understanding of the risks, requirements, and penalties. Training may be repeated frequently using several methods of delivery, have greater assurance through testing and certification of course completion, and include ongoing risk profiling of individuals through assessment of behavior choices in online courses or live simulation exercises.
Medium Risk Exposure Roles – are defined as those employees who face risk on regular basis or present a moderate level of negative impact to a company if they mishandle the risk. These individuals should know the risks, requirements, and penalties and should be able to apply their knowledge to common scenarios using standards and tools given to them. Training should have content to make them proficient in the subject, be refreshed periodically, use a mix of modes of delivery, and have methods to prove evidence of understanding.
Low Risk Exposure Roles – are defined as those employees with a low likelihood of facing the attendant risk. Persons in this category should be made aware of the risks, requirements, and penalties, as well as the organization’s expectations about how to address it. They should know relevant policies and procedures and where to get assistance in addressing a risk or making a behavior decision.
As with all areas in an anti-corruption compliance program, Switzer and the OCEG suggest that you monitor and audit your program so that you can review it and improve as circumstances warrant. I would add that you should also Document, Document and Document what you are doing for the same reasons. Just as Bakker’s new look at the culinary aspects of the classics can provide new insights into interpretation, it also shows the training that was written into Homer’s Odyssey.