4 Principle 4: Master the Nuts and Bolts

Table of Contents

Practical tips for putting together a workable program that advances your goals – on any size budget.

Getting Compliance Training Done and Delivered

Here’s something I love about the compliance world: Big, expansive thinking is great to a point . . . but then you have to stop talking and deliver.

Meaning, it’s all fine and well to opine about effective communication, but you need to get a course created, reviewed, finalized, translated, and out the door.

So this is a world where shipped is better than perfect.

Many of the compliance clients my company serves work in small departments, with limited time, people, and budgets. They often have responsibilities outside of compliance, and they have to balance their strategic initiatives (such as training) with the day-to-day firefighting of incidents, investigations, inquiries, and other urgent interruptions that could completely consume all of their time, if they let them.

It’s hard work. But, as Kristy Grant-Hart points out in her three-book series about being a “wildly effective” compliance officer,[1] hard work alone isn’t enough to succeed in compliance.

Kristy’s great insight, which drives her books, is that in addition to working hard you have to be directed, focused, and strategic. You have to get important things done while you’re dispatching with the urgent.

(Every truly great compliance practitioner I’ve worked with has had a highly developed version of this skill. So I recommend Kristy’s books if you are looking for an in-depth strategic roadmap plus practical tips and tactics for how to develop and sharpen your abilities in this area.)

So here are the practicalities – the nuts and bolts of putting together not just one course or video, but a strong, defensible program.

We’ll cover the whole lifecycle of training, from planning a curriculum to customizing your material, to getting stakeholder buy-in (critical!), and getting the training launched.

Plans Are Valuable. All Plans Are Wrong.

Eisenhower once said about preparing for battle: “Plans are worthless, but planning is everything.”[2]

In my business, we say: Planning is valuable. All plans are wrong.

So we diligently sit down and make strategic and operational plans for each calendar year, and smaller, more focused plans for each quarter. We set sales and revenue goals, plan marketing and product launches, and set budgets.

And we do this knowing that unexpected events and opportunities will come along, and we will change course. We’ll take on new projects and abandon some that once seemed important. We’ll cancel one blog series in favor of another, as we hear what the market seems to be most interested in talking about right now. If a great opportunity comes up, we’ll get rid of other, less essential tasks so we can clear up space to focus on it.

To illustrate this need for flexibility, allow me to borrow from my experience building a business. In Rethink’s earliest start-up years, when everything seemed possible and nothing seemed certain, it really helped me to view all of our initiatives as experiments in the service of a few clear and critical end goals.

Let’s say we wanted to create marketing that would consistently bring sales leads in the door. That was our end goal. How did we get there? Well, we experimented with a few possible approaches until we found something that worked, and then we doubled down on that. If another approach didn’t work as well, we’d drop it and look for something else to try.

Taking this view helped things feel lighter, more optimistic. Nothing was a failure, it was only feedback. Because each approach was just an experiment, we could be honest and clear-eyed about what worked and what didn’t. We hadn’t sold a whole team of investors on a particular tactic; nobody’s professional future was riding on any one initiative succeeding. We hadn’t spent all our money on one bet-the-company Hail Mary marketing effort or new product launch. We were just trying things out, running a bunch of low-stakes experiments to help identify what actually moved the needle in a direction that mattered.

What if a webinar only had six attendees? Okay, so we’ll do fewer webinars with that organization and more with the company that brought in a hundred people for the same topic. And if a blog post got tons of hits and led four different companies to contact us? Let’s figure out what they were responding to and do more of that. LinkedIn ad’s a dud? Let’s never do that again.

I feel like I got really lucky in taking this strategy from the start. As a team, we could be creative and curious and there was no penalty for trying something that didn’t work out.

Even now that we’re larger, it has helped to keep that same mindset, because it also (who knew?) turns out to be a recipe for making meaningful, measurable progress toward key goals—fast.

Which is why we’re talking about company building in the context of planning your compliance training program.

Given that the critical question in compliance these days is not “Do you have a program?” but “Is your program working?”, it makes sense to take a two-pronged approach to planning your training and communications program.

Don’t start out with a list of topics or an audience breakdown. First, clearly identify your end goals, for both the program and individual topics on your list.

Ask yourself:

  • What are the clear, critical, non-negotiable end goals?

  • What does the training program absolutely need to accomplish?

  • How will you know if you’ve succeeded?

Start here, then move to identifying and deciding the tactics (read: experiments) that might just get you there.

Identifying End Goals: Where Are You Aiming?

What are you really trying to accomplish with your compliance training and communications?

This can be a surprisingly hard question to answer – in part because, for many years, the goal of compliance training was simply to exist.

Let’s go back just five or six years. Someone evaluating a program might ask yes/no questions like:

  • Did we do a risk assessment?

  • Do we have a Code that reflects those risk priorities, supported by policies and procedures?

  • Are we training employees on the higher priority risks?

  • Are we (even somewhat) targeting employees based on their risks related to role, location, and/or level of authority?

  • Are we providing training to most employees in their native language?

There was a time when answering “yes” to these questions would put you on the leading edge of compliance programs. And criteria like these still matter—but now they only get you to the starting line.

Just look at the DOJ’s 2017 publication Evaluation of Corporate Compliance Programs, and its 2019 revised guidance, which ask questions like:

  • “How have senior leaders, through their words and actions, encouraged or discouraged compliance, including the type of misconduct in question?”

  • “What analysis has the company undertaken to determine who should be trained and on what subjects?”

  • “Has the training been offered in the form and language appropriate for the intended audience? Has the training addressed lessons learned from prior compliance incidents?”

  • “How has the company measured the effectiveness of the training?”

  • “What has senior management done to let employees know the company’s position concerning misconduct?”

  • “How has the company assessed whether its employees know when to seek advice and whether they would be willing to do so?”[3]

Not a yes/no question in the bunch.

Hui Chen, who wrote the 2017 document, subsequently left the DOJ and cowrote a piece for the Harvard Business Review, which more or less asked: What if many compliance efforts are just a multimillion-dollar waste of time?

Fighting words!

The authors’ proposition, which we’ll come back to in Chapter 5, is that the solution to all of this is better measurement. As Chen and coauthor Eugene Soltes wrote:

For many firms, appropriate measurement can spur the creation of leaner and ultimately more-effective compliance programs. Put simply, better compliance measurement leads to better compliance management.[4] (Emphasis mine.)

“Leaner” and “more-effective” is a great strategy, whether for a bootstrapping start-up or a compliance program with limited budgets and a risk profile that can be a moving target.

But before you can measure anything, you need clear, non-negotiable, measurable end goals that you are trying to make progress toward, because those goals will tell you what to measure in the first place.

So what are your clear, non-negotiable, measurable end goals for training? What are you trying to accomplish that really matters?

In a new business, the scorecard is revenue and profit. If you can’t make those work, you’re out of business, no matter how great your team is or how much clients enjoy working with you. You learn to measure everything that drives these, so you can see if you’re headed in the right direction and what’s driving that progress.

In compliance, what is your scorecard? If your training is a tool, what is it a tool for?

Your answers here may vary widely depending on the maturity of your program and how much or little your company and audience have changed in recent years.

But here are three ways to approach setting your compliance training goals:

1. Set a goal that involves a specific and measurable change in your audience—even if it’s small.

In advertising campaigns, goals are usually put in terms of driving a particular change in a specific audience: We want to get x to y.

For example: We talked about the “This Girl Can” campaign created for Sport England.

On the This Girl Can homepage, the goal of the campaign is stated in clear terms:

This Girl Can, funded by The National Lottery, believes that there’s no right way to get active —if it gets your heart rate up it counts. And we want more women to find what’s right for them.[5]

So the end goal was to get more women exercising, defined as engaging in any activity that raised their heart rate.

Everything created for the campaign was designed to drive this outcome. And, based on measurements taken before and after, it worked. Following the ad campaign, Sport England was able to establish that 1.6 million more UK women were inspired to exercise.

What is the specific, measurable impact you want to have on your audience?

When it comes to setting compliance end goals, one place to start to identify some end goals is to identify some gaps you wish to close, maybe in knowledge, maybe in attitudes, or maybe in behavior.

Ask yourself: what is the gap right now? And what would be credible evidence of closing that gap?

Maybe you want to:

  • Drive more calls to the hotline

  • Alert employees to phishing attempts—and improve their ability to recognize them

  • Give employees better resources related to the gifts and entertainment rules, so you can decrease the number of questions you get

  • Raise employee awareness that there is a new Code

If you don’t yet know where the gaps are, start by collecting information to learn more about possible gaps. Then identify one step you might take to address that gap. Then take it, take another measurement, and see how you did.

2. Look to the DOJ to find what matters.

Another way to approach this is to look to the Evaluation of Corporate Compliance Programs (and Chen’s Harvard Business Review article) for end goals that might matter to the DOJ, and then plot out steps toward those.

Now, let’s get real about something: A number of the tactics and techniques we’ve talked about are trending, and even becoming current practice.

Maybe not every program is moving away from starchy, legalistic boilerplate to plain language—but it’s a fairly common trend.

Maybe not every program is moving toward more modern, visually attractive training, but there are a lot more out there than there used to be.

And yes: There’s still plenty of compliance training that’s focused on what the law says, not what the law means—but there are also a lot of practitioners (both in-house and at vendors) who get this right.

But are they creating compliance training through setting audience-based campaign goals….where you collect targeted data both before and after to measure change, with the goal of methodically driving specific behaviors in specific audiences over time?

This is something advertisers do every day, but it’s NOT yet fully baked into standard compliance training practice.

Even though measurement generally has been a big part of compliance programs, it hasn’t played a large role in directing or shaping training efforts.

In other words, this is new territory—for almost all of us.

With that caveat, I’ve created a chart below.

In it, I’ve taken some questions from the DOJ guidance. For each one, I’ve identified an audience-based goal it might be nice to show in the longer term.

And then, since neither legendary brand campaigns nor compliance programs are built in a day, I’ve identified a realistic first step toward that goal.

DOJ Guidance[6]Eventual Audience-Based End Goal A Starting Point
“How have senior leaders, through their words and actions, encouraged or discouraged the type of misconduct in question?” Show evidence that a strong percentage of employees believe that senior leaders genuinely support and encourage ethical behavior. Collect data to establish a baseline for the employee view of senior management’s priorities related to this area.
Send out at least one message from senior management on this topic.
Plan to measure again in the future.
“How has the company evaluated the usefulness of these policies and procedures? . . . [D]o compliance personnel assess whether employees understand the policies?” Test employees to show evidence that they understand the relevant policies, with a trend of improvement over time. Test employees to learn if there are gaps in understanding on critical topics
Create one piece of learning or communications for one audience, specifically designed to address at least one aspect of this gap.
“Has there been clear guidance and/or training for the key gatekeepers (e.g., the persons who issue payments or review approvals) in the control processes relevant to the misconduct?” Show evidence that company gatekeepers have received—and clearly understand—the guidance they have been given in their relevant area. Create one piece of training specifically for company gatekeepers involved in control processes.
“How has the company assessed whether its employees know when to seek advice and whether they would be willing to do so?” Show evidence of an increasing trend toward seeking advice or reporting issues.Develop a survey or collect other data to establish whether employees know how to seek advice and are willing to take that step.
Create one piece of learning or communications aimed at improving at least one gap or roadblock you found.
“What has senior management done to let employees know the company’s position on the misconduct that occurred?” Establish a track record of communicating with employees any time serious misconduct occurs.Create one communication sharing a real-life case study that happened in the business, including the consequences to the offending employee.
“What communications have there been generally when an employee is terminated for failure to comply with the company’s policies, procedures, and controls (e.g., anonymized descriptions of the type of misconduct that leads to discipline)?”

We’ll talk more about measurement in Chapter 5. But as we shift toward talking about making training that has a measurable impact, it’s best to think about measurement from the beginning.

If you know what you want to accomplish and how you might show progress, and you can build a training experience with built-in measurement guidelines, you’ll get much better data than if you only try to measure things after the fact.

3. Watch out for vanity metrics.

Back when we were doing one of our first big marketing campaigns, I sought advice from a friend of mine who is a marketing consultant for brick and mortar businesses.

She gave great advice that may sound familiar:

Have a clear, focused message. Include a call to action. Send people to a landing page that makes it easy for them to get more information. Don’t just passively let the campaign run—actively work your network. (“I’ll be honest,” she said. “It’s a ton of work. That’s why it works.”) Don’t require people to navigate around or click on a lot of buttons—make it easy. (“Remember, people are lazy.”)

But one of the most important tips was: Know what matters, and don’t fall for vanity metrics that sound good but don’t actually accomplish anything.

For us, the whole point of our marketing campaign was to generate incoming sales leads. So she instructed us to measure only sales leads. Nothing else.

Page views, clicks, visitorsthose were all fun to see, but irrelevant for our purposes. Getting buzz was exciting, but beside the point.

It made things really simple. Was the campaign working? Well, how many leads were coming in the door?

In compliance, we’re used to tracking a lot of data points that are really about activity, not effectiveness. So ask yourself: What actions or outcomes really matter, and which ones are just vanity metrics?

This document is only available to subscribers. Please log in or purchase access.
Purchase Login
 

About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook X LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings