Compliance teams that don’t embed their controls into employee processes face a significantly higher rate of compliance failures, according to a survey by Gartner, Inc. The survey of 755 employees in April 2021 found these failures linked to unnecessary compliance burdens for employees.
Survey highlights include:
- 32% of employees surveyed said they couldn’t find relevant information when they missed a compliance obligation;
- An additional 20% didn’t recognize information was even needed;
- 19% simply didn’t remember.
- The remaining 29% of employees who missed a compliance step said they didn’t understand (16%) or just failed to execute the step (13%).
“Creating rules and obligation for employees without properly integrating them into the processes these employees have to carry out leads to multiple causes of control failure where employees can’t find or comprehend the information they need, or don’t recognize or remember when it is needed,” said Chris Audet, senior director, research in the Gartner Legal & Compliance practice. “Embedding controls led to a 30% drop in the number of employees who report they are highly burdened in this way by compliance obligations.”
“The survey also showed nearly one in five employees missed at least one compliance obligation where guidance was not embedded,” said Audet. “Embedded controls help to reduce the burden employees face in remembering, understanding and executing on compliance obligations and that in turn, this leads to reduced risk.”
Compliance teams typically embed controls into processes relating to the most high-risk employee functions, seniority levels, and tasks. However, compliance burden is also driving risk in organizations, leading to control failures.
“Compliance burden might be generating risk in the functions, employee levels, and in the tasks compliance has attended to least,” said Audet. “Identifying where compliance burden is highest in an organization will highlight areas that are ripe for embedded controls.”