By 2025, corporate compliance departments will reduce annual compliance training by 50%, displacing costs in favor of embedded workflow-based controls to guide employees, according to Gartner, Inc.
“Many compliance leaders are dissatisfied with the effectiveness of their existing program activities,” said Chris Audet, senior director, research in the Gartner Legal, Risk & Compliance practice. “Existing training activities are not meeting key risk mitigation objectives, and there is evidence that embedded controls are more effective.”
Embedded controls are built-in, process-based mechanisms that shepherd employees to compliance within their workflows and may be detective, preventive, or corrective. According to an April 2021 Gartner survey of 755 employees, when organizations implement embedded controls, the number of employees who miss compliance obligations drops by more than half (58%).
“Part of the appeal is that embedded controls can reduce compliance burden on employees, by transforming compliance obligations from something extra to remember into timely prompts and guidance at the point where compliance is required,” said Audet. “Simply forgetting compliance training is one of the top causes of control failure and trying to mitigate with more training is likely to lead to more assurance fatigue.”
Compliance leaders plan to increase their resource allocation towards embedded controls by 82% this year, so it is likely this demand will catalyze the market to support compliance leaders through configurable applications designed to mitigate risk within business workflows.
“Despite the clear demand, there is currently little to no marketplace dedicated to embedded controls,” said Audet. “However, compliance leaders may seek to leverage technologies already in place across the organization, such as integrated HR management tools and chatbots.”
Given that compliance budgets are not increasing much, Gartner experts expect the funding for new embedded controls to be offset by a significant reduction in compliance training activities.
Compliance leaders looking to implement embedded controls should perform a risk assessment to identify the workflows that contribute most to risk. They should also find the employees within those workflows who are most likely to cause control failure because of the burden of remembering, understanding and executing on compliance obligations. This will identify the ideal starting points to pilot embedded controls.
As leaders look at the areas of compliance that create the most burden (e.g. training) on employees, it will help them to identify the areas of greatest return for embedded controls.
“Embedded controls have the potential to deliver significantly better compliance outcomes when compared to training,” said Audet. “These controls should reduce the overall burden of compliance on employees and create less assurance fatigue.”
Gartner clients can find more details on the specific risks, implications, and suggested actions to manage these hot spots in Predicts 2022: Corporate Legal and Compliance Tech Opportunities Amid Continued Volatility.
Non clients can watch the webinar: Gartner Top Legal and Compliance Tech Predictions for 2022 and Beyond
About Gartner for Legal, Risk & Compliance Leaders
Gartner for Legal, Risk and Compliance Leaders provides expert guidance and tools to help leaders across legal, risk, audit and compliance departments more effectively manage an increasingly complex risk landscape and build next-generation functions. Additional information is available at gartner.com/en/audit-risk and gartner.com/en/legal-compliance. Follow news and updates on LinkedIn and Twitter. Visit the Gartner Legal & Compliance Newsroom for more information and insights.