By William Kruse …
Businesses have to manage myriad types of risk in their workforces. These include theft, employees deviating from company policies or the law, and workers exposing their employers to lawsuits from clients or other employees. So what are the best ways for businesses to manage these risks?
Companies that lack a framework of data and analysis to gauge risk more precisely can only guess the best ways to bolster their company culture to reduce risk
When managing risk, companies often rely on imprecise methods to determine the degree of risk an individual or a group of employees may pose to an organization. Examples of these methods include identifying employees as having high-risk potential based on their geographic location, job description or level of education required for a role.
However, these methods are often inefficient and, in some cases, ineffective in identifying and prioritizing risk. Companies that lack a framework of data and analysis to gauge risk more precisely can only guess the best ways to bolster their company culture to reduce risk.
When businesses strive to create a culture of compliance, one challenge lies in measuring its strength. Some companies send employees through an annual training program or put up posters once a year to promote safety or discourage theft, for example, and call it good. But building a culture that actively promotes compliance requires more than ticking “training” or “posters” off a list. Creating such a culture involves sending many consistent messages to employees through various channels. Compliance is meaningless unless it’s continually measured and made actionable.
And a culture of compliance isn’t just a nice thing to have. For most businesses, it’s a requirement. The United States Sentencing Commission modified the federal sentencing guidelines in 2011 to include standards for an effective corporate compliance and ethics program. These guidelines are now the de facto criteria that prosecutors and regulators use to determine whether they should charge a company with a crime for potential legal violations, and the severity of any civil enforcement action.
Companies must be able to prove that they have implemented internal control systems that are sufficient to address their organizations’ specific risk profiles.
For every one of the standards – from establishing policies, procedures and controls to the requirement to monitor and audit programs for effectiveness – one central theme stands out: Companies must be able to prove that they have implemented internal control systems that are sufficient to address their organizations’ specific risk profiles. They also must be able to measure the results of these actions to establish that their systems are working.
Businesses that seek to manage risk and build a culture of compliance need to shift to more effective and actionable methods, such as analyzing survey results, metadata, incentive patterns and hiring information. Targeting employees for training based on problems that have occurred in the past, for example, is managing by looking in the rearview mirror.
By using data-driven methods and predictive analytics, companies can predict where problems might occur in the future and act to prevent them before they happen. They also can reduce risk and payouts to injured clients and government regulators.
Read full article here …