compliance training as a governance, risk, and compliance (grc) fundamental
DESCRIPTION
Blue Hill Research outlines the importance of compliance training for an organization's bottom line. Principal Analyst David Houlihan digs into how taking a "fire prevention" approach as opposed to a "fire fighting" ultimately helps your businessTRANSCRIPT
©2014 Blue Hill Research. All Rights Reserved. ©2014 Blue Hill Research. All Rights Reserved.
Compliance Learning as a GRC fundamental
David Houlihan, Principal Analyst, Blue Hill Research
©2014 Blue Hill Research. All Rights Reserved.
What You Need To Know
• With compliance demands on organizations increasing, investments are needed to help control costs related to compliance efforts and to minimize the risk of penalties.
• Integration of compliance training as a fundamental element of compliance strategy and enterprise governance, risk, and compliance (GRC) suites is often overlooked as a means to help prevent costs related to compliance efforts.
“Corporate boards and executive leaders now view compliance as a top risk. Compliance officers must expand policies that translate
regulatory standards into new requirements for the workforce.…”
©2014 Blue Hill Research. All Rights Reserved.
The Impact of Compliance Training
Fire Prevention Firefighting
Because employee activity is often an organization’s greatest compliance risk, effective training helps organizations to reduce the potential for organizational penalties and liabilities.
Assessments of training effectiveness must be made with an eye on this ultimate impact on compliance costs
©2014 Blue Hill Research. All Rights Reserved.
Compliance Learning in the GRC Portfolio
Enterprise GRCCross-enterprise solution intended to create centralized information and process control.
Despite its potential, training is often only partially addressed in GRC deployments in favor of a focus on oversight, remediation, and discipline.
Even where vendors incorporate LMS within GRC, the interrelationships between training and compliance data is often overlooked
Analyze Risks Set Controls Monitor Identify Vulnerabilities
Respond to incidents Report
Core GRC CapabilitiesTraining
Learning Management Solution
Manages administration and documentation regarding enterprise training programs
©2014 Blue Hill Research. All Rights Reserved.
Enterprise Perspectives on Training Investments
o Line of business: o Initially, improved education will result in increase in reports and questionso Over time, more compliant behavior reduces the potential for violations, which in
turn reduces operational demands
o Information Technology: o Incorporation of training and LMS within the GRC suite helps lower IT overhead
by consolidating solutions
o Finance: o Identifying the ultimate impact of training in terms of reduced overhead and
avoided penalties and exposures is a challenge. . .o . . .but essential to understanding the real impact on the organization
©2014 Blue Hill Research. All Rights Reserved.
Key Factors to Consider in a Training Solution
• Expense of communication• Scalability of communication• Time required to obtain mastery• Employee engagement in training• Degree of internalization and retention• How closely supplied content supports objectives
©2014 Blue Hill Research. All Rights Reserved.
Thank you!
To join the conversation, follow us on
1
Learn more about Snapchat on our blog or download our full research report