Risk Perception & Employee Misconduct Gap

A recent Skillcast survey has highlighted the significant gap between the incidence of misconduct observed by employees at UK firms and the risk perception of decision-makers.

See our Risk Management Training Package

Key finding

From our UK Corporate Compliance Survey in May 2019, which covered 4,000 employees and decision-makers at UK firms, we observed a significant gap between the incidence of misconduct observed by employees and the risk perception of decision-makers. And notably, this gap widens the larger the size of the company.

Misconduct observed by UK company employees

In the survey, we asked employees at UK companies if they had witnessed any of the common acts of employee misconduct in the past twelve months. The responses (see Figure 1) revealed that:

The vast majority (67%) had not witnessed any act of misconduct in the workplace
Health & safety, and discrimination & harassment breaches were by far the most common examples of misconduct witnessed
Personal data & IT security breaches and fraud were cited by a tiny minority
Instances of money laundering, sanctions, bribery & corruption, competition law/collusion were practically insignificant

Figure1-Observed-Misconduct-All-sm

Risk perception of UK company decision-makers

To the decision makers at UK companies, we put the question slightly differently. We asked them what acts of employee misconduct they fear most in their business. The responses (see Figure 2) revealed that:

The risk perceptions of decision-makers were a lot higher, but the profile matched the risks being reported by employees
40% of the decision-makers reported not being at risk of employee misconduct in their business - this figure ranged between 15% at larger firms, 26% at medium-sized firms and 65% at small firms
As with employees, Health & safety, and discrimination & harassment risks also figured highly with the decision-makers
But, unlike employees, the decision makers have an equally high threat perception from personal data & IT security breaches and fraud
Decision makers perceive the risk of money laundering, sanctions, bribery & corruption, competition law/collusion to be lower but still very significant

Figure2-Risk-Perception-All-Decision-Makers-sm

The gap between incidence and perceptions of misconduct

The above findings show that, overall, decision-makers have a far higher risk perception than the incidence of misconduct observed by employees (see Figure 3).

FIgure3-Perception-Vs-Incidence-sm

The incidence of misconduct observed by employees is relatively unchanged irrespective of the company size (see Figure 4).

Figure4-Observed-Misconduct-By-Size-sm

However, the risk perception of the decision-makers is vastly different, with those at large firms significantly more worried about employee misconduct than those at smaller firms.

Figure5-Risk-Perception-By-Size-sm

Consequently, the difference between the incidence observed by employees and the risk perception of the decision-makers is far wider at large and medium-sized firms.

Figure6-Risk-Perception-Vs-Observed-Misconduct-Small-sm

Figure7-Risk-Perception-Vs-Observed-Misconduct-Medium-sm

Figure8-Risk-Perception-Vs-Observed-Misconduct-Large-sm

Why is the gap between observation and perceptions of misconduct greater at larger companies?

This discrepancy between small, medium and large firms above is significant and based on the results of polling over 2,000 employees and 2,000 decision-makers. Making sense of it, though, is open to conjecture. A multitude of factors could be at play. We propose two premises below and invite you to add others based on your own experience.

Decision makers at smaller firms feel more in control of the actions of their employees, and hence their risk perception is closer to the observation of misconduct reported by employees. At larger firms, decision-makers feel less in control and hence have a heightened perception of risk.
The observation of misconduct reported by employees will inherently underestimate the actual incidence of misconduct due to employees' limited access to information and misunderstanding of what constitutes misconduct. Consequently, the risk perceptions of the decision makers should be expected to be higher to match the actual incidence and to factor in lower tolerance of misconduct. The fact that decision makers at smaller companies have lower risk perception may be because of poor understanding or higher tolerance of breaches than the decision makers at larger companies.

Looking for more compliance insights?

If you'd like to stay up to date with best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech, and RegTech news, subscribe to Skillcast Compliance Bulletin.

To help you navigate the compliance landscape, we have collated searchable glossaries of key terms and definitions across complex topics, including GDPR, Equality, Financial Crime and SMCR. We also track the biggest compliance fines, explaining what drives them and how to avoid them.

You can follow our ongoing YouGov research into compliance issues, attitudes and risk perceptions in the UK workplace through our Compliance Insights blogs.

We also have additional free resources such as e-learning modules, microlearning modules, and more.

If you've any questions or concerns about compliance or e-learning, please get in touch.

Share to:

Written by: Vivek Dodd

Vivek Dodd MS, CFA is a Director of Skillcast. He has helped hundreds of companies to meet their mandatory compliance training requirement using e-learning courses and tools. His special interest is instructional design and the use of asynchronous learner interactions to effect behavioural change. He is a speaker on compliance training conferences, writes articles on compliance training and e-learning in various journals.