Nazir El Kahi (firstname.lastname@example.org) is a Healthcare Compliance Officer for Medical Devices & Consumer Health sectors at Johnson & Johnson (Middle East) Inc. in Dubai, UAE.
In July 2020, the Department of Justice and the Securities and Exchange Commission released an updated version to a Resource Guide to the U.S. Foreign Corrupt Practices Act, which is a detailed compilation of information and analysis regarding the Foreign Corrupt Practices Act (FCPA) and related enforcement. The guide addresses a wide variety of topics, one of which is the evaluation of an effective corporate compliance program. According to the guide, an important hallmark of a well-designed compliance program is having appropriately tailored trainings and communications delivered to the different organization stakeholders.
Having a robust, mature compliance program is a key priority and necessity for any organization, but when it comes to conducting effective training and education and developing efficient lines of communication, how can organizations make the greatest impact? To investigate this, we will explore areas around identification, mapping, and classification of stakeholders and how to keep these parties engaged and informed on risks.
Conducting effective training and education
Compliance policies and procedures cannot work unless they are effectively communicated and implemented throughout an organization. For this to happen, a company must ensure that periodic training and certification are conducted for all employees irrespective of their role, level, or function.
Many questions might arise around how to build and conduct an effective training program, such as whom to train, how to train, and—most importantly—what to train. To answer these questions, we will be looking at two main categories: (1) risk-based training methods and (2) aspects of the form and content of the training.
The first step in implementing an effective training program is knowing who your stakeholders are. An organization must have a clear and well-documented process of identifying and mapping the different stakeholders within the various functions to provide trainings tailored to employees depending on the control function and high-risk areas identified. As an example of a tailored training, a training tailored to sales and marketing employees would include cases discussing situations they might encounter in their roles, which would differ from those of supply chain managers.
Also, inadequate and inconsistent employee training increases the risks of noncompliance. Thus, an organization needs to also consider the frequency (e.g., quarterly vs. annual) and duration of such trainings, which should be tailored as well, based on roles and high-risk areas identified. For example, a general refresher training should be allocated a shorter time per session compared to training about a high-risk area, which might need a more in-depth training session. Moreover, it has been recently suggested for adult learning to go more toward short and bite-sized learning modules.
In addition, making compliance training and education a job requirement for all employees helps to strengthen the compliance program and drive the culture of compliance in the organization.
Lastly, a very important aspect to take into consideration is the fact that a one-size-fits-all approach does not work for measuring and conducting an effective compliance training in an organization, as this approach assumes all employees learn in the same way. Training should be differentiated to suit the needs of each control function; only then can employees receive the best possible learning experience.
To measure the effectiveness of your training, many learning management systems can offer simple pulse surveys, feedback, and engagement tools that are user-friendly, which can assist you in getting immediate evaluations of training programs so you can assess and identify areas for improvement.
Form, content, and effectiveness
An organization should ensure that, in addition to providing the training in the form and language appropriate for the audience or stakeholders, different channels of delivery are also considered (e.g., offering a mix of web-based and in-person trainings that are conducted at varying intervals or frequencies). The rationale for the chosen delivery method should be documented. Such trainings typically cover policies and procedures, applicable local and international laws, industry standards and guidelines, practical advice to address real-life scenarios, and case studies.
It is also important to consider including a diverse portfolio of materials, because they provide the means to train your employees. Many training materials are used to facilitate the learning process and are usually designed to support adult learning, taking into consideration the various styles that seem common among employees who will be in the training program. The list is exhaustive and could include, for example, presentations, articles, case studies, videos, role-plays, smartphone apps, newsletters, posters, etc.
Regardless of how an organization chooses to conduct the trainings, the information should be presented in a manner appropriate for the targeted audience, and a mechanism should be in place to measure the effectiveness of such trainings. This can involve conducting quizzes or assessments after each training session and/or collecting feedback from the audience regarding its format, content, duration, and trainers. This is very important information that will help you enhance and improve your training and compliance program and ensure that knowledge transfer has occurred as intended.
Lastly, the organization should properly document and address the situations in which employees failed all or a portion of the testing or assessment so the training program can continuously fill the gaps and reach its audiences more effectively. That is why it is also critical to use trackers and dashboards to keep track of the employees trained, when they completed the training, who conducted the training, and the topics covered during the session.