PROVIDING EFFECTIVE SECURITY AND COMPLIANCE TRAINING
There are certain consistencies when you join virtually any organisation, one of which is taking part in mandatory training. This can cover a wide range of topics that help reduce enterprise risk depending on the organisation, such as health and safety, anti-bribery and money laundering, data protection and information security.
Mandatory training is necessary, as not only does it set the stage for the new employee to know what is expected of them, it can also provide a refresh of information to those who either have been with the organisation for a lengthy period or who have recently moved.
However, there are several criticisms levelled at mandatory training. Depending on how it is offered, it can be dull and repetitive, especially if provided just as blocks of text with no visual components. Likewise, the length of the course can create issues – too short and the information may not get across to the employee, too long and it can feel tedious.
If not designed or worded correctly, questions and answers to test employee competency can be confusing and potentially prevent employees from moving further through their training unless answered correctly. If an employee keeps answering the same question several times with no clear indication of what the answer might be within the body of the training, this can be a frustrating learning experience.
There are several vendors that provide mandatory training packages, which an organisation can adapt as required. Organisations could also create their own training courses, using elements of these packages to create a course suited to their needs. However, depending on the size of the organisation, some of these plans could be quite expensive and, at a time when budgets are being carefully reviewed to save money by many organisations, may not be cost-effective or appropriate.
Oct-Dec 2022 Issue
ISACA Emerging Trends Working Group