Think of it as the compliance version of The Butterfly Effect – a small, unnoticed, action, or failure to act, somewhere in the organization that balloons over time into a much larger, material issue.
Maybe an employee is late on an annual cybersecurity training, barreling through their inbox without considering the single, innocuous link they just clicked will open the door to a massive data breach. Maybe workers at a branch office are spending a lot of time accessing policies around misconduct – and fearing retaliation, they report concerns of a hostile workplace to the media instead of an internal reporting channel. Or maybe employees across the organization are consistently reporting a specific issue made prominent through evolving societal trends, risking a toxic morale problem due to the lack of a corresponding company policy on the matter.
Each of these scenarios represents a case in which Compliance, with visibility of their operations “under a single pane of glass” may have been able to detect concerning trends and act before it was too late. This platform approach – uniting activities like internal reporting, training and conflict of interest disclosures – allows an organization to collect data that can be utilized to understand the health of the compliance program, mitigate risk and make course corrections as needed.
It’s easy to imagine a platform approach being advantageous for Compliance – and, in turn, the organization as a whole. Is a work site with a high level of a certain type of reporting receiving proper training around the corresponding issue, for example? On the flip side, do low scores in a certain training module at a branch office suggest a cultural problem and the potential for misconduct? Are employees reporting potential conflicts of interest that could tarnish your reputation?
These signals all suggest opportunities for Compliance to intervene early. Yet too often, internal reporting, training, disclosure management and other activities live in their own functional silo. Managers of those operations may each have a seat at the table, but without a single platform view, the risk still exists of a key trend falling through the cracks.
A platform approach in practice
NAVEX made efforts in late 2023 to investigate the outcomes our customers achieve when utilizing multiple services across the NAVEX One platform. We focused on internal reporting metrics due to our deep and established benchmarking of these activities. Our analysts examined metrics for customers with only internal reporting, customers with internal reporting and one additional NAVEX One service, and customers with internal reporting and two or more additional NAVEX One services.
Though our analysis was understandably imperfect – a customer may have a robust in-house training program, for example – it allowed us to take a basic temperature reading and derive some tangible metrics exploring the value of a platform approach.
Indeed, the presence of more NAVEX One services showed a clear correlation with better internal reporting outcomes:
- Customers with three or more of the compliance functions available on the NAVEX One platform saw a nearly 30% increase in Reports per 100 Employees compared to those utilizing only NAVEX hotline and incident management services
- Organizations with NAVEX One incident management alone saw a median of 1.40 Reports per 100 Employees in 2022; those utilizing one additional service saw 1.55; and those utilizing two or more additional services saw 1.81.
Customers with three or more of the compliance functions available on the NAVEX One platform saw a nearly 30% increase in Reports per 100 Employees compared to those utilizing only NAVEX One hotline and incident management services
And the positive correlations don’t stop there:
- Customers with NAVEX One hotline and incident management plus two or more services saw a more than 10 percentage point smaller share of anonymous reports compared to customers using only hotline and incident management. This generally suggests greater level of trust among reporters willing to give their name, which also leads to stronger investigations.
- Those with hotline and incident management plus two or more services saw a 16% reduction in Case Closure Time versus those with only hotline and incident management.
So, what does it all mean?
These observations help suggest the value of a platform approach to compliance. When compliance data is consolidated in one system, organizations can consistently analyze the relationship between the rates of completion for their training courses and the reports they receive from their whistleblowing and incident management programs. By compiling this data into a comprehensive report and analyzing it by risk type, organizations can obtain valuable insights into any potential areas of risk within their operations.
This analysis can be instrumental in identifying patterns or trends that may signal the necessity for redeploying or adding training courses aimed at mitigating specific risks. For example, if an organization looks at the risk type of retaliation and sees a high rate of incidents related to that type, they can compare it to their harassment training completion rates or scores. If the training scores are low or completions are down, this can spur the organization to be proactive and deploy or encourage their employees to complete the course.
Show me that data
If you’ve made it this far, this probably sounds pretty interesting to you. So, buckle up for even more exciting news. NAVEX is thrilled to announce cross-product reporting, available on the NAVEX One platform. Organizations with a combination of Whistleblowing and Incident Management and Ethics and Compliance Training on the NAVEX One Platform are able to view such data in a simple, familiar, Power BI-driven report – with more integrations to come!
Interested in learning more? We thought so. Check out NAVEX One GRC Insights.
