True Risk and Compliance Training Needs – Where to Start?

In the beginning…

When I first started out in the world of Risk and Compliance training, I was about 10 years into my career as a Learning Specialist and was accustomed to developing training based on requests from various stakeholders on training topics. I assumed that these requests were simply learning needs, and actioning them would satisfy individual and organisational capability requirements.

In the spirit of full disclosure, I adopted the same approach when I developed Risk and Compliance training in my early days of working in this specialist area. I believed that by actioning Risk and Compliance training requests I was improving the Risk and Compliance capability of individuals and the organisation as a whole. I thought by teaching people what the Risk and Compliance requirements were, they would in good faith go ahead and abide by the requirements.

It was during the GFC where I saw the impact less than optimal workplace practices could have on the global economy, and it finally dawned on me – determining your true Risk and Compliance Training Needs was not as simple as receiving a request on a topic, you needed to look deeper into the situation. I started formulating a different perspective, which culminated in the idea of 3 key things to discuss with your stakeholders when determining true Risk and Compliance needs.

3 key things

1. How clear are your Risk and Compliance obligations?

  • Knowledge: Do people know what risk and compliance obligations apply to their role?
  • Skill: Do people know how to apply the risk and compliance obligations on the job?
  • Will: Are people motivated and encouraged to meet their risk and compliance obligations?

If you answer “No” to any of these questions, it will give you a good starting point to dig deeper to find out why this is the case.

There are many reasons, such as broader cultural issues or perhaps drivers like a lack of resources or pressures to meet sales targets. Regardless of the reasons, it is important to understand the cause when determining your true Risk and Compliance needs and obligations.

2. What do your Risk and Compliance Heat Maps look like?

Heat maps can provide a valuable snapshot of how well your current Risk and Compliance obligations are being managed. Find out what’s trending in each of the associated colours by asking some targeted questions:


  • What are your most significant issues, incidents, errors or breaches?
  • Where are the greatest number of or most significant issues, incidents, errors and breaches happening?
  • Are they occurring across the board or specific pockets within the business?


  • Are there any areas of excellence/places where individuals or teams are managing and meeting their risk and compliance obligations well?


  • Don’t take your eye off Amber, it could provide a lag indicator of things improving and equally provide a lead indicator of areas that may need attention in the future.

3. What do people need to do differently?

Taking into consideration your Risk and Compliance obligations and current Heat Maps, do you need people to DO things differently, or are you able to better manage and mitigate your Risk and Compliance obligations with changes to your processes, systems or procedures?

It is true that a change in process, system or procedure may trigger a training requirement, but if this change can be automated you may well eliminate the Risk or Compliance training need.

If you do need people to change their behaviour through things like speaking up, escalating issues, following processes correctly, etc., be clear on what the requirements are and link them directly to your Risk and Compliance obligations along with demonstrating the positive impact the action will have for the customer, organisation and themselves as an employee.

Linking it all to learning…

Once you’ve started to identify your true Risk and Compliance needs and obligations, you can then begin to weave that into your learning strategy. In my next blog I’ll share my thoughts on Aligning Learning Strategy to your Risk and Compliance capability requirements.

Please feel free to sign up and subscribe to receive more insights and the latest news from RGCS. Also, don’t hesitate to contact to discuss any learning needs you may have.