If your organization is like many in a recent study, you might struggle to answer that question. That’s because many organizations do not attempt to demonstrate a return on investment (ROI) for their ethics and compliance training program.
The 2017 Ethics & Compliance Training Benchmark Report, released by NAVEX Global, found that one-third to one-half of the 900 surveyed organizations were unsure about the outcomes their training programs achieved.
In addition, one-quarter of survey participants lack a dedicated budget for this type of training. “That’s a troubling finding, one that’s shared equally across organizations of all sizes,” said Ingrid Fredeen, JD, author of the report and vice president of online learning content at NAVEX Global. “The difficulty in showing return on investment and effectiveness, of course, ties back into a lack of dedicated budgets. Dedicated budgets also ensure predictability and allow for long-term planning, especially in an environment in which compliance professionals are regularly asked to do more with less.”
The survey found that organizations with “mature” or “advanced” ethics and compliance training programs are usually larger organizations and that they have had the most successful ROI. “More than half of our respondents classified their training programs as at least mature and said they are better able to determine and then show the linkage between program maturity and training objectives to executives,” said Fredeen. “Being able to sharpen the business case for training is important for compliance programs hoping to secure more funding at this critical time, when a scandal or cyber-attack can have swift and sweeping negative effects on an organization and its brand.”
Those with maturing training programs (48%) “have a basic plan for the year that covers risk and role-based topic assignments,” and they measure the effectiveness of their programs with completion rates and qualitative feedback, NAVEX Global reported.
Meanwhile, the survey found that participants with advanced training programs (10%) “have a sophisticated multiyear training plan that covers a variety of topics assigned to specific audiences based on need and risk profile,” and they use “a disciplined approach to reporting and measuring training effectiveness that focuses on training outcomes.”
Even though complying with laws and regulations was the top training objective among participants, 36% do not provide ethics and compliance training to their boards, and an additional 21% are unsure whether they do. A mere 25% provide cybersecurity training to their board members, and only 41% offer cybersecurity training at all.