Seven Ways Assessments Fortify Compliance

Posted by John Kleeman
Picture of a tablet being used to take an assessment with currency symbols adjacentWhy do most of the world’s banks, pharmaceutical companies, utilities and other large companies use online assessments to test the competence of their employees?

It’s primarily because compliance fines round the world are high and assessments reduce the risk of regulatory compliance failures. Assessments also give protection to the organization in the event of an individual mis-step by proving that the organization had checked the individual’s knowledge of the rules prior to the mistake.

Here are seven reasons companies use assessments from my experience:

1. Regulators encourage assessments 

Some regulators require companies to test their workforce regularly. For example the US FDIC says in its compliance manual:

“Once personnel have been trained on a particular subject, a compliance officer should periodically assess employees on their knowledge and comprehension of the subject matter”

And the European Securities and Market Authority says in its guidelines for assessment of knowledge and competence:

“ongoing assessment will contain updated material and will test staff on their knowledge of, for example, regulatory changes, new products and services available on the market”

Other regulators focus more on companies ensuring that their workforce is competent, rather than specifying how companies ensure it, but most welcome clear evidence that personnel have been trained and have shown understanding of the training.

People sitting at desks with computers taking tests2. Assessments demonstrate commitment to your workforce and to regulators

Many compliance errors happen because managers pay lip service to following the rules but indicate in their behavior they don’t mean it. If you assess all employees and managers regularly, and require additional training or sanctions for failing tests, it sends a clear message to your workforce that knowledge and observance of the rules is genuinely required.

Some regulators also take commitment to compliance by the organization into account when setting the level of fines, and may reduce fines if there is serious evidence of compliance activities, which assessments can be a useful part of. For example the German Federal Court recently ruled that fines should be less if there is evidence of effective compliance management.

3. Assessments find problems early

Online assessments are one of the few ways in which a compliance team can touch all employees in an organization. You can see results by team, department, location or individual and identify who understands what and focus in on weak areas to look at improving. There is no better way to reach all employees.

4. Assessments document understanding after training

Many regulators require training to be documented. Giving someone an assessment after training doesn’t just confirm he or she attended the course but confirms they understood the training.

5. Assessments increase retention of knowledge and reduce forgetting

Can you remember everything you learned? Of course, none of us can!

There is good evidence that quizzes and tests increase retention and reduce forgetting. This is partly because people study for tests and so remind themselves of the knowledge they learned, which helps retain it. And it is partly because retrieving information in a quiz or test makes it easier to retrieve the same information in future, and so more likely to be able to apply in practice when needed.

6. By allowing testing out, assessments reduce the time and cost of compliance trainingTake test. If pass, skip training. Otherwise do training.

Many organizations permit employees to “test out” of compliance training. People can take a test and if they demonstrate good enough knowledge, they don’t need to attend the training. This concentrates training resources and employee time on areas that are needed, and avoids demoralizing employees with boring compliance training repeating what they already know.

7. Assessments reduce human error which reduces the likelihood of a compliance mis-step

Many compliance failures arise from human error. Root cause analysis of human error suggests that a good proportion of errors are caused by people not understanding training, training being missing or people not following procedures. Assessments can pick up and prevent mistakes caused by people not understanding what they should do or how to follow procedures, and so reduce the risk of error.

 

If you are interested in learning more about the reasons online assessments mitigate compliance risk, Questionmark are giving a webinar “Seven Ways Assessments Fortify Compliance” on April 11th. To register for this or our other free webinars, go to www.questionmark.com/questionmark_webinars.

2018 Questionmark Conference Recap – 2019 Announced

Posted by Kristin Bernor

Wow, just wow! The 2018 Questionmark User’s Conference inspired all that are new to Questionmark and those that have been long time customers. Being able to share experiences and use case scenarios was exhilarating. The three day learning experience was a deep dive into learning, fun, and networking – the enthusiasm was truly contagious. From the opening general session where new features and functions were released to the trolley ride over to the railroad museum where guests were greeted with amazing local food and music, this year’s conference was without a doubt the preeminent complete user’s group experience!

Amazing customer presenters were on hand to deliver testimonials to their peers on best practices and lessons learned to truly maximize the power of their assessments. We greatly appreciated case studies presented by our valuable customers from Progressive Insurance, American Institute of Certified Public Accountants, Southwest Gas, Intuitive Surgical, Rio Salado College and Caterpillar.

A lively panel discussion focused on transformation and growth and how assessments are integral to all organizations in order to succeed in those areas. Panel participants included Andrew Dominguez of Southwest Gas, Tricia Allen of Polycom, Bernt Nilsen of Norsk Test and Dave “Lefty” Lefkowith of Louisiana Department of Education. Their invaluable insights into creating high performing teams through assessments was an “aha moment” for many and we are truly grateful for their participation.

Engaging sessions that delved into best practices of using assessment to identify knowledge gaps, improve performance and make informed and defensible decisions were widespread. Questionmark Founder and Executive Director, John Kleeman, presented a session based on a recent white paper, “Assessing for Situational Judgment”. Another well attended session detailed extending your assessment management capabilities with Questionmark apps and left attendees excited to get back to the office and implement.

Evenings provided many opportunities for networking, fine dining and fun. Small group “dine-arounds” — a long-time, popular tradition at our annual conference — gave us all a great chance to take in the sights as we strolled through beautiful, historic Savannah. Delegates and staff attending our Thursday evening reception, hosted at the Georgia State Railroad Museum, enjoyed delicious food, great music and networking.

The conference closed with the unveiling of next year’s Questionmark Conference dates and location. Drum roll please…

Save the date for Questionmark Conference 2019 us in San Diego at the Hard Rock Hotel, February 26 – March 1, 2019 for even more learning, networking and fun!

Watch the conference recap below!!

GDPR: 6 months to go

Posted by Jamie Armstrong

Anyone working with personal data, particularly in the European Union, will know that we are now just six months from “GDPR day” (as I have taken to calling it). On 25-May-2018, the EU General Data Protection Regulation (“GDPR”) will become applicable, ushering in a new privacy/data protection era with greater emphasis than ever on the rights of individuals when their personal data is used or stored by businesses and other organizations. In this blog post, I provide some general reminders about what the GDPR is and give some insight into Questionmark’s compliance preparations.

The GDPR replaces the current EU Data Protection Directive, which has been around for more than 20 years. To keep pace with technology advances and achieve greater uniformity on data protection, the EU began work on the GDPR over 5 years ago and finalized the text in April 2016. There then followed a period for regulators and other industry bodies to provide guidance on what the GDPR actually requires, to help organizations in their compliance efforts. Like all businesses that process EU personal data, whether based within the U.S., the EU or elsewhere, Questionmark has been busy in the months since the GDPR was finalized to ensure that our practices and policies align with GDPR expectations.

For example, we have recently made available revised versions of our EU OnDemand service and US OnDemand service terms and conditions with new GDPR clauses, so that our customers can be assured that their agreements with us meet data controller-data processor contract requirements. We have updated our privacy policy to make clearer what personal data we gather and how this is used when people visit and interact with our website. There is also a helpful Knowledge Base article on our website that describes the personal data Questionmark stores.

GDPR

One of the most talked-about provisions of the GDPR is Article 35, which deals with data protection impact assessments, or “DPIAs.” Basically, there is a requirement that organizations acting as data controllers of personal data (meaning that they determine the purpose and means of the processing of that data) complete a prior assessment of the impacts of processing that data if the processing is likely to result in a high risk to the rights and freedoms of data subjects. Organizations will need to make a judgment call regarding whether a high risk exists to require that a DPIA be completed. There are scenarios in which a DPIA will definitely be required, such as when data controllers process special categories of personal data like racial origin and health information, and in other cases some organizations may decide it’s safer to complete a DPIA even if not absolutely necessary to comply with the GDPR.

The GDPR expects that data processors will help data controllers with DPIAs. Questionmark has therefore prepared an example draft DPIA template that may be used for completing an assessment of data processing within Questionmark OnDemand. The draft DPIA template is available for download now.

In the months before GDPR day we will see more guidance from the Article 29 Working Party and national data protection authorities to assist organizations with compliance. Questionmark is committed to helping our customers being compliant with the GDPR and we’ll post more next year on this subject. We hope this update is useful in the meantime

Important disclaimer: This blog is provided for general information and interest purposes only, is non-exhaustive and does not constitute legal advice. As such, the contents of this blog should not be relied on for any particular purpose and you should seek the advice of their own legal counsel in considering GDPR requirements.

Questionmark Conference 2018 – Registration is Open!

Posted by Brian McNamara

We are excited to announce that registration for Questionmark Conference 2018 is now open!

Questionmark customers will gather March 6th – 9th in Savannah, Georgia, for three days of learning, networking and professional development opportunities.   Whether you are a new user or a pro, Questionmark Conference is the ideal place to get vital information, insight and learning about the latest assessment technologies.

Join us at the Westin Savannah Harbor to enjoy southern hospitality with your peers and the Questionmark team to:

  • Learn about new Questionmark features and functions
  • Attend engaging hands-on product training sessions
  • Network with fellow Questionmark users
  • Get valuable tips, insights and best-practice guidance
  • Plan for the future with a sneak peek at the product road map

Registration is now open at special early-bird rates. Visit the conference website today for details!

Questionmark Conference 2018: Assess for Success | March 6-9 in Savannah

GDPR is coming. Are you ready?

Posted by Julie Delazyn

Don’t get left behind as the most important change in data privacy takes effect May 2018. The new General Data Protection Regulation (GDPR) intends to strengthen and unify privacy and data protection and any organization that stores or manages data about Europeans will need to comply.

With eye-watering regulatory fines of up to €20 million or 4% of global annual turnover (whichever is greater), a credible compliance strategy is essential.

Join us for a FREE 45 minute Webinar July 26, 2017, to understand how online assessments can help you meet your GDPR challenges.

The webinar will cover:

  • What the GDPR is and who it impacts
  • Why you should care about GDPR compliance
  • How to overcome the challenges presented by GDPR — including the learning curve for your employees
  • How assessment can help mitigate GDPR risks and aid your compliance strategy
  • Considerations for implementing assessment management software to aid in compliance

We look forward to speaking to you at the webinar!

How to use assessments for GDPR compliance

Posted by John Kleeman

In about a year’s time, on 25 May 2018, a major new European law, the GDPR, comes into effect. It will update current laws and set new requirements for handling personal data. The GDPR will replace country-specific current data protection laws and will impact any organization anywhere in the world that stores or manages data about people who live or work in Europe. With implementation of the GDPR just a year away, organisations need to prepare themselves now to implement it.

This post explains how an online assessment management system like Questionmark can help your organization comply with the GDPR. We also invite you to a free webinar where you can learn more about how assessments can help you comply.

What will be the fines for failing to comply with the GDPR?

European regulators are suggesting that those who don’t comply will face large fines. The law itself says that fines can be up to €20 million or 4 percent of turnover (whichever is more). The Irish data commissioner has said that there will be no leeway or grace period, and that noncompliant firms will be heavily fined — this under a data protection regime generally considered to be more business-friendly than those in some other countries. Some European regulators are also preparing the ground by issuing high fines under existing data protection regulations. For example, the Italian Data Protection Authority has just issued an €11 million fine.

What is the learning challenge for GDPR?

The GDPR has specific requirements for training personnel and for monitoring the effectiveness of the training. In addition, most companies will be incentivized to train their employees to ensure that personnel understand the GDPR and their own company policies/procedures – since failing to follow the rules will make companies liable for fines.

The GDPR legislation is 88 pages long and the rules are complex. Within most companies, many different departments will be responsible for handling and processing data: HR, IT, sales and marketing, technology and product development and more. All these departments will need to climb the learning curve to know and understand how the GDPR applies to them.

Thus, a key part of the compliance challenge for GDPR will be ensuring that your personnel learn and understand the rules.

How assessments can help

An assessment management system like Questionmark’s lets you:

  • Create quizzes, tests and exams on the GDPR’s or your company’s policies and procedures
  • Deliver them to personnel at home, work or on mobile devices
  • Analyze the results to help you find weaknesses or potential problems
  • Store the results as trustable evidence that your people understand

Trustable, online assessments can help in many ways with GDPR compliance.  They are the best way to help ensure your employees understand the rules and to reduce the likelihood of mistakes that lead to fines. Assessments are also the best way of providing evidence that you did train your personnel well. This evidence could mitigate the amount of a fine, in the event of a privacy misstep.

Questionmark’s webinar

To help you understand more about how online assessments can help you meet your GDPR challenge, we invite you to a webinar presented by myself and Questionmark’s UK Marketing Manager, Chloe Mendonca on Thursday 29th June, 2017.

The webinar will cover:

  • What the GDPR is and who it impacts
  • Why you should care about GDPR compliance
  • How to overcome the challenges presented by GDPR — including the learning curve for your employees
  • How assessment can help mitigate GDPR risks and aid your compliance strategy
  • Considerations for implementing assessment management software to aid in compliance

We look forward to speaking to you at the webinar. Click here to register.

GDPR Webinar Image