From our UK Corporate Compliance Survey in May 2019, which covered 4,000 employees and decision-makers at UK firms, we observed a significant gap between the incidence of misconduct observed by employees and the risk perception of decision-makers. And notably, this gap widens the larger the size of the company.
Misconduct observed by UK company employees
In the survey, we asked employees at UK companies if they had witnessed any of the common acts of employee misconduct in the past twelve months. The responses (see Figure 1) revealed that:
- The vast majority (67%) had not witnessed any act of misconduct in the workplace
- Health & safety, and discrimination & harassment breaches were by far the most common examples of misconduct witnessed
- Personal data & IT security breaches and fraud were cited by a tiny minority
- Instances of money laundering, sanctions, bribery & corruption, competition law/collusion were practically insignificant
Risk perception of UK company decision-makers
To the decision makers at UK companies, we put the question slightly differently. We asked them what acts of employee misconduct they fear most in their business. The responses (see Figure 2) revealed that:
- The risk perceptions of decision-makers were a lot higher, but the profile matched the risks being reported by employees
- 40% of the decision-makers reported not being at risk of employee misconduct in their business - this figure ranged between 15% at larger firms, 26% at medium-sized firms and 65% at small firms
- As with employees, Health & safety, and discrimination & harassment risks also figured highly with the decision-makers
- But, unlike employees, the decision makers have an equally high threat perception from personal data & IT security breaches and fraud
- Decision makers perceive the risk of money laundering, sanctions, bribery & corruption, competition law/collusion to be lower but still very significant
The gap between incidence and perceptions of misconduct
The above findings show that, overall, decision-makers have a far higher risk perception than the incidence of misconduct observed by employees (see Figure 3).
The incidence of misconduct observed by employees is relatively unchanged irrespective of the company size (see Figure 4).
However, the risk perception of the decision-makers is vastly different, with those at large firms significantly more worried about employee misconduct than those at smaller firms.
Consequently, the difference between the incidence observed by employees and the risk perception of the decision-makers is far wider at large and medium-sized firms.
Why is the gap between observation and perceptions of misconduct greater at larger companies?
This discrepancy between small, medium and large firms above is significant and based on the results of polling over 2,000 employees and 2,000 decision-makers. Making sense of it, though, is open to conjecture. A multitude of factors could be at play. We propose two premises below and invite you to add others based on your own experience.
- Decision makers at smaller firms feel more in control of the actions of their employees, and hence their risk perception is closer to the observation of misconduct reported by employees. At larger firms, decision-makers feel less in control and hence have a heightened perception of risk.
- The observation of misconduct reported by employees will inherently underestimate the actual incidence of misconduct due to employees' limited access to information and misunderstanding of what constitutes misconduct. Consequently, the risk perceptions of the decision makers should be expected to be higher to match the actual incidence and to factor in lower tolerance of misconduct. The fact that decision makers at smaller companies have lower risk perception may be because of poor understanding or higher tolerance of breaches than the decision makers at larger companies.
Looking for more compliance insights?
If you'd like to stay up to date with best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech, and RegTech news, subscribe to Skillcast Compliance Bulletin.
To help you navigate the compliance landscape, we have collated searchable glossaries of key terms and definitions across complex topics, including GDPR, Equality, Financial Crime and SMCR. We also track the biggest compliance fines, explaining what drives them and how to avoid them.
You can follow our ongoing YouGov research into compliance issues, attitudes and risk perceptions in the UK workplace through our Compliance Insights blogs.
Last but not least, we have 60+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, handouts, posters, training presentations and even e-learning modules!
If you've any questions or concerns about compliance or e-learning, please get in touch.
We are happy to help!