Australian business and market regulators are becoming more assertive in enforcing legal compliance and many regulators are being afforded more power to pursue suspects. Both the ACCC and ASIC, for example, have recently been given more power to investigate suspicious activities, and the maximum penalties and fines for those found guilty of offences have been increased significantly. In response, businesses are becoming more proactive in allocating greater resources to ensure compliance processes are up to date, and adequate in the eyes of the regulators.
To reduce the risk of regulatory investigation and the potential subsequent intrusions, businesses are using compliance programs to help prevent scrutiny. However effective compliance programs and processes serve to offer up more than just preventative strategy. Jason Rohlf names 4 basic functions of a compliance program in his article GRC: So Simple, A First Grader Can Understand It:
- Implement controls to protect employees and assets
- Identify and manage organisational risks
- Educate employees on the laws associated with their roles, and the penalties for breaches
- Facilitate employee training, leading to improved performance
While these 4 functions broadly cover the basics of a compliance program, an efficient and effective compliance program will also serve to provide an extremely valuable and useful resource: a full deposit of employee compliance testing data. In the modern business age, most people will agree that information is power. Likewise with business performance, the data collected from employee compliance training testing can provide detailed insights into the performance of individuals, business groups, or the business as a whole.
For example, testing data gathered may highlight to the compliance program administrator or manager an individual or business group who is incorrectly answering a question or failing a course, multiple times. This information can tell an administrator a number of things:
- The individual or group participating in testing may not be aware of the acceptable behaviour in that role or section, and requires further training and education in this area;
- The individual or group may not be appropriate for that particular role or function, and should be reallocated to a different function more suited to their strengths; or
- Current compliance training and testing procedures may be ineffective and a review should be undertaken of the components that make the compliance training program.
Detailed testing data records are also crucial when dealing with regulators who are investigating a business. To prove to the regulator that the business has adequate training processes in place, testing data will serve to demonstrate that the business has taken their duties as responsible employers seriously. Being able to quickly gather data, present reports and demonstrate adequate testing processes means the business is more likely to quickly and effectively satisfy the regulatory intrusion, thus minimising the effect such an intrusion will have on business functions.