How Businesses Can Stay on Top of Changing Compliance Regulations
Businesses in highly regulated industries such as finance and healthcare are constantly faced with changing compliance regulations. The same goes for businesses working closely with state and local governments. New policies and rules often need to be aligned throughout multiple levels of an organization, and the role of "ethics and compliance professional" often falls on the human resources (HR) managers and information technology (IT) departments overseeing responsibilities such as infrastructure management, network security, and mobile device management (MDM) to ensure the business remains compliant.
But how can businesses remain compliant? According to new research from NAVEX Global, the answer may be by using better automated policy management software. The company's 2016 Ethics & Compliance Policy Management Benchmark Report surveyed 1,075 respondents globally (75 percent in the US) across a wide range of industries. These industries included healthcare, manufacturing, and banking and finance to nonprofits, insurance, energy and utilities, government and administration, and technology businesses. The report surveyed senior executives and managers in charge of ethics and compliance about their current challenges with policy management, and what strategies and solutions could improve the process in their organization.
We spoke to Randy Stephens, Vice President of Advisory Services at NAVEX Global (and the report's co-author) about key takeaways from the research, and how businesses can tackle proactive compliance, both from a technology and an organizational standpoint.
"What we've found is, generally, and this was not a surprise, a lot of people are unhappy with their policy management programs when it comes to compliance. Even with those who are happy, there's always room for improvement," said Stephens. "We saw that both the budget and responsibility for policy management can be spread across a large group of business units, and that dispersed responsibility within the organization can contribute to a lack of efficiency."
Breaking Down the ReportThe NAVEX Global research sample spanned respondents at small (25 percent), midsize (31 percent), and enterprise (43 percent) businesses, with revenues spanning from less than $50 million to more than $1 billion, as well as government and nonprofit organizations. The most common type of respondents were dedicated ethics and compliance professionals, but the research also included respondents like business analysts and HR, IT, internal audit, legal, risk management, and security professionals managing compliance within their organization.
The following are a few key takeaways from the report. Respondents could select multiple answers:
- Nearly half of organizations (47 percent) said their top policy management challenge is keeping policies up to date with new and changing regulations.
- Other top policy management challenges included training employees on policies (40 percent), policy redundancy and inaccuracy (32 percent), demands specifically related to legal compliance (31 percent), easy access to current policies and procedures (28 percent), and document management (DM) (23 percent).
- More than 50 percent of organizations have seven or more departments with some ownership of policy management and budgeting process, and nearly 50 percent said they either don't have funding for policy management or that it's part of a company-wide budget.
- 57 percent of respondents use online training to ensure policy comprehension, followed closely by 55 percent who use in-person training.
- The report found that automated software improved policy management execution by 16 percent overall, with particular effectiveness in improving the efficiency of policy quality, communication, workflow, and access.
NAVEX Global provides compliance and policy management software, services, and consulting. Stephens acknowledged that the company does have a vested interest in the use of automated software but stressed that the report is vendor-agnostic.
"One of the top challenges is keeping up with changing laws and regulations," said Stephens. "That's one of the areas where people really struggled. The way the automated process comes into play is that the policies in an effective program are regularly reviewed—updating, translation, version control, everything you need to make sure people have access to the latest policy. Ultimately, what was most obvious in the report is that the people with an automated policy management process, a software-driven strategy, were the ones that perceived their programs to be the most effective. And that was true of every single criteria."
5 Policy Management Steps Your Business Can TakePolicy management software can differ a lot depending upon the industry. From online health insurance-compliance training software such as Accountable to specialized solutions for existing collaboration and DM software such as Microsoft SharePoint Online, solutions come in all shapes and sizes, and vary depending upon how deeply they're integrated with existing systems.
4. Online TrainingStephens said one of the main takeaways from the survey is that online training is the most effective way to deliver policy change updates and ensure organization-wide awareness. PCMag has reviewed a number of great online learning platforms and learning management systems (LMS) that can deliver this type of training information to employees, including Editors' Choice Docebo.