Compliance Risk Swiss Cheese Model

Posted by

Simon Truckle

on 21 Sep 2021

Whilst many compliance procedures may appear faultless in principle, in the real world, most have holes in them. But how can you remedy that?

Compliance Risk Swiss Cheese Model

Nowadays, those managing organisational risks have a lot to consider.

Recent research by IBM found that of 500 companies surveyed each one shelled out an average of £3m a year to cover damages related to data breaches.

And that is just one of a myriad of similar areas of risk.

What you need is a comprehensive strategy for managing these risks. Fortunately, one already exists, and it's called The Swiss Cheese Model.

Applying the Swiss Cheese Model to compliance

The Model was developed by James Reason, a cognitive psychologist and professor at the University of Manchester. It has been widely used to manage risk in the aviation and health industries.

When applying the model to compliance, you first need to consider each of the safeguards you have in place in your organisation as a layer. But not a completely solid layer, rather more like Swiss cheese, whilst offering protection, each contains small holes.

Because organisations are dynamic, holes open and close constantly - and if they were to line up, a regulatory breach could get through. But, by layering these defences, you can prevent any single point of failure.

I explained the model with examples at our Transforming Compliance Summit.

Implementing a layered approach to compliance

Whilst each of these individual layers may already be available in your organisation, for the approach to be effective, they must be integrated.

That means that information from each layer is shared to ensure a complete holistic view of any risks.

This approach is baked into the Skillcast Compliance Management Portal.

Each component has been designed from start to finish on the same technology platform, providing seamless knowledge transfer between each element.


What layers of defence can reduce compliance risks?

  1. Compliance training
    Provide targeted compliance training to your employees, especially new hires and those in high-risk functions.
  2. Policy attestation
    You may have all the right policies, but you need to be sure your employees read them, understand them and commit to complying with them to make them effective.
  3. Declarations or disclosures
    Financial firms use them frequently to ask employees for their conflicts of interest, but companies of all types can use declarations to prevent breaches.
  4. Compliance registers
    Compliance registers can help you with approvals recording of gifts, hospitality, donations, outside business interests and personal account dealing.
  5. Offline training activities
    As a significant percentage of corporate learning takes place as in-person training, it is crucial that you can capture this activity.
  6. Intelligent learning
    By using AI techniques, Intelligent Learning can adapt your content to align it with specific roles and knowledge levels of each learner.
  7. Analytical assessment
    Assessments that provide a granular breakdown of scores against competencies and reveal knowledge gaps across your business.
  8. Compliance surveys
    Compliance surveys help you understand key risks, knowledge gaps, and overall awareness and are a key element of compliance planning.


Why is an integrated approach needed?

Whilst many organisations may have each of these component layers available, in many cases, they may be using a variety of tools ranging from excel spreadsheets, database tables to bespoke solutions. This makes it very difficult to identify a single source of truth about the risks you are facing.

With fully integrated data, Risk Managers can see a single-source view of each employee to spot potential red flags. This single dashboard view, showing each employee’s status against ALL of the layers is the only way to avoid gaps.

The system also needs to integrate with your existing data sources, such as LMS, HR records and Data Management Systems allowing you to leverage any existing investment you have in place to provide a single holistic solution.

By using Skillcast Compliance Portal you can create a single learner view, where named individuals are seamlessly joined to information about everything from attestations to seminar attendances. What's more, it is designed to integrate with your existing systems to ensure that data is available wherever you need it.

Looking for more compliance insights?

If you'd like to stay up to date with best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech, and RegTech news, subscribe to Skillcast Compliance Bulletin.

To help you navigate the compliance landscape, we have collated searchable glossaries of key terms and definitions across complex topics, including GDPR, Equality, Financial Crime and SMCR. We also track the biggest compliance fines, explaining what drives them and how to avoid them.

You can follow our ongoing YouGov research into compliance issues, attitudes and risk perceptions in the UK workplace through our Compliance Insights blogs.

Last but not least, we have 80+ free compliance training aids, including assessments, best practice guides, checklists, desk-aids, eBooks, games, handouts, posters, training presentations and even e-learning modules!

If you've any questions or concerns about compliance or e-learning, please get in touch.

We are happy to help!

Compliance Bulletin

Compliance Bulletin

Our monthly email provides best practices, expert opinions, industry insights, news and key trends in regulatory compliance training, digital learning, EdTech and RegTech.