Companies are estimated to reduce annual compliance training by 50% by 2025, said Gartner recently.
This will displace costs in favour of embedded workflow-based controls to guide employees, according to the advisory firm.
“Many compliance leaders are dissatisfied with the effectiveness of their existing program activities,” said Chris Audet, senior director, research in the Gartner Legal, Risk & Compliance practice. “Existing training activities are not meeting key risk mitigation objectives, and there is evidence that embedded controls are more effective.”
Embedded controls are built-in, process-based mechanisms that shepherd employees to compliance within their workflows and may be detective, preventive, or corrective, Gartner noted.
According to an April 2021 Gartner survey of 755 employees, when organisations implement embedded controls, the number of employees who miss compliance obligations drops by more than half (58%), the firm said.
Part of the appeal is that embedded controls can reduce compliance burden on employees, by transforming compliance obligations from something extra to remember into timely prompts and guidance at the point where compliance is required, said Audet.
“Simply forgetting compliance training is one of the top causes of control failure and trying to mitigate with more training is likely to lead to more assurance fatigue,” he pointed out.
Compliance leaders plan to increase their resource allocation towards embedded controls by 82% this year, so it is likely this demand will catalyse the market to support compliance leaders through configurable applications designed to mitigate risk within business workflows, Gartner said.
Despite the clear demand, there is currently little to no marketplace dedicated to embedded controls, Audet observed.
“However, compliance leaders may seek to leverage technologies already in place across the organization, such as integrated HR management tools and chatbots,” he said.
Given that compliance budgets are not increasing much, Gartner experts expect the funding for new embedded controls to be offset by a significant reduction in compliance training activities.
Compliance leaders looking to implement embedded controls should perform a risk assessment to identify the workflows that contribute most to risk, Gartner advised.
They should also find the employees within those workflows who are most likely to cause control failure because of the burden of remembering, understanding and executing on compliance obligations, the firm said.
This will identify the ideal starting points to pilot embedded controls, Gartner added.
As leaders look at the areas of compliance that create the most burden — for example training — on employees, it will help them identify the areas of greatest return for embedded controls, the research firm noted.
“Embedded controls have the potential to deliver significantly better compliance outcomes when compared to training,” said Audet. “These controls should reduce the overall burden of compliance on employees and create less assurance fatigue.”