Awareity’s Rick Shaw recently had the opportunity to speak with Tulsa Public Schools’ Assistant Athletic Director Mick Wilson. TPS is always looking for ways to save time and improve the way the athletic department manages their obligations and Wilson shares several tips for improving compliance and touches on hot topics like concussions, training, etc.
A quick excerpt from the interview is below. To hear the full 15 minute segment, click here.
How is TIPS improving the way you make coaches aware of new information and training?
The biggest thing we have been able to do so far is really to get the information out to people. People can login and access information, policies, handbooks and materials that need to be in front of them, including some video links so our coaches can login and look at everything. In Tulsa Public Schools, we deal with 400-500 coaches throughout the district – it is difficult to get everyone in one room, we try to do that once a year. We teach them how to login and access information through the year.
We were also able to develop a compliance test. Gil and I both spent time at the NCAA level. Many conferences require you to complete a NCAA test to make sure coaches know the rules regarding recruiting. We are doing the same thing here, requiring coaches to not only review information, but to pass an exam through the Vault. You are seeing a lot of states requiring schools to have concussion policies, heat prevention guidelines, etc. and you can do that all with TIPS; it has been real helpful for us.
How are you ensuring compliance with the OSSAA policies and rules?
When we started this, we really liked the idea wanted to do it. We wanted to be the first school district in the state to require our coaches to pass a compliance test. When we were developing, we worked closely with OSSAA to develop the test, get their interpretations, review questions back and forth. Now with concussions being a major area of emphasis with the national association, the governing body for all high school athletics, NHHS, coaches are required to watch the education video yearly. This year, the heat is also a big concern with record temperatures; that information must be disseminated to all coaches (required by manual and state activities association). Rather than having someone sign off on a sheet of paper or getting everyone together, we can use Awareity to login, document time/date they accessed it, if they have an active certificate, etc. From a legal standpoint, they are now responsible for agreeing to the policy and they can pass that information along to their students. This is an annual requirement and they can easily login and meet those requirements.
We have also talked about putting our coaches manual online for them to login and review and also have that information there to review as needed. May also include things like recruiting, physicals, consent forms, etc. We have also included the National Association’s Coaches Code of Conduct that has been adopted nationwide. We have also talked about tying in our transportation requests down the road.
I recently came across a discussion between Markkula Center for Applied Ethics’ Executive Director Kirk Hanson and Craig Nordlund, former general counsel of Agilent Technologies. Nordlund believes the concern for ethics must be shared by everyone in the organization, but suggests ethics programs will be ineffective without leadership from the company’s top executives.
It is hard to argue with his comment stating “ethics programs will not work unless there is leadership on ethics from the company’s top executives”.
However, lessons learned and incidents seem to clearly reveal that leadership from the company’s top executives is not enough.
So why is creating an ethics culture so difficult for organizations? Perhaps ethics training is not enough or not even part of the solution?
The definition of training is a process to teach or learn a skill or job…and like the title of the article (Creating an Ethical Business Culture), I would agree that ethics is more of a culture than a job or skill.
Training is typically a once-a-year task on a learning management system with a one-size-fits-all general training module that everyone clicks through aimlessly because it is on the checklist of items that their organization thinks they need to do.
The definition of awareness seems to be a much better fit if an organization is serious about creating an ethical business culture. Awareness is to be aware of the difference between two versions, watchful and wary and having or showing realization and perception or knowledge. Awareness is not taught once-a-year, awareness (especially situational awareness) is an ongoing process that must be specific to the organization’s culture and supported by top executives.
Every individual is part of the ethical business culture so organizations must also make sure they have a platform to manage, update, communicate, document and measure situational awareness at the indiviidual level…because most everyone knows if you can’t measure it, it doesn’t exist.
A review of security practices and investments at 46 global organizations finds that compliance with industry security standards actually saves money over the long-term. A recent Ponemon Study revealed that companies that consistently comply with security requirements and standards save three times more in security-related expenses annually than non-compliant companies.
Lessons Learned: Compliance does not equal security, but security can benefit from compliance. Organizations investing in comprehensive compliance programs are better prepared to prevent expensive breaches, lawsuits, fines, etc. and save money and resources over time.
Recent attacks continue to show that spear phishing is quickly emerging as one of the society’s greatest threats. Technology alone is NOT going to solve this problem. It is critical for consumers to be more vigilant and aware of what they are clicking on, sites they are visiting, e-mails they are responding to, etc.
Lessons Learned: Financial insitutions should make consumer education a higher priority. Awareness training, handouts, seminars, etc. can be a great way for organizations to connect with their customers, improve trust, enhance reputations and help prevent potential incidents, breaches, lawsuits, etc. down the road. Security awareness training and education can become a competitive advantage for those institutions willing to lead the way.
OCEG recently announced poll results from a One Minute Poll about Policy Management. In their poll, 429 members replied to the following question:
How do you primarily manage lifecycle of internal policies, procedures and guidelines?
Lessons learned: Bad guys already know what the results from this poll clearly reveal…People are an organization’s weakest links. As long as 86% or more of organizations continue to use status quo methods that provide little or no accountability and little or no auditability to ensure situational awareness at the individual level, organizations will be vulnerable to attacks, mistakes, lawsuits, fines and disconnects that have a negative (potentially significant) effect on their bottom line.
Miami-based Pacific National was fined a $7 million penalty for violations to the Bank Secrecy and USA Patriot acts.
Lessons Learned: Fines for gaps in AML practices are becoming more severe. Financial organizations must ensure they have the appropriate policies and procedures in place and ensure their people are aware and accountable for their decisions to meet ongoing compliance requirements. Organizations also need legal-ready and audit-ready documentation to avoid expensive fines, lawsuits, and embarrassing headlines.
The Department of Education and Office of Civil Rights sent out a “Dear Colleague” letter in October 2010 outlining schools’ responsibilities for being aware of, responding to and preventing future incidents of bullying, discrimination and harassment. In response to the National School Board Association’s letter questioning a school’s responsibilities, the Department of Education response clearly states it did not overreach in its original guidance to school officials— it only reiterated existing laws and policies and gave examples of how school districts can help combat bullying and harassment.
Lessons Learned: Schools have been put on notice and must develop comprehensive programs to respond to incidents of bullying and they must take actions to prevent future bullying incidents. Schools who fail to take appropriate actions risk losing educational funding and expensive lawsuits at a time when a funding cliff is looming large. Lessons learned also demonstrate that status quo approaches are not effective in preventing bullying so it will be critical for school boards and school leaders to implement more effective prevention and intervention programs immediately and document all incidents of bullying and harassment on an ongoing basis.
Virginia Tech was fined the maximum fine allowed under the Clery Act of $55,000 for waiting almost two hours before warning students, faculty and staff of an active shooter on campus.
Lessons Learned: Colleges and Universities must develop, implement and follow clearly defined policies and procedures for notifying students and staff in emergency situations. School Administrators may want to create customizable, organizational and situational specific templates prior to an incident so the warning messages are already defined and the appropriate processes are understood by all appropriate personnel. Organizations must also have customized emergency and crisis management plans and ensure all individuals (students, faculty, staff, administration, law enforcement, etc.) understand their roles and responsibilities before, during and after an incident occurs. Lastly, lessons learned clearly teach schools that proactive and prepared prevention efforts are much less expensive than the incidents, fines, lawsuits and reputational damages.
The U.S. Department of Education released the Handbook for Campus Safety and Security Reporting providing step-by-step procedures, examples, and references for higher education institutions to follow in meeting campus safety and security requirements.
Lessons Learned: College and University administrators are overwhelmed with responsibilities for HEOA, FERPA, HIPAA, Clery Act, OCR ‘Dear Colleague’ Letters, and much more and therefore guidance from the Federal Government can be helpful. It is critical for School Administrators to utilize resources and develop comprehensive campus safety programs and create a culture of compliance and preparedness that is ongoing. Traditional methodologies are clearly not working based on new handbooks, new regulations and mounting obligations and traditional tools are not capable of keeping up with all the new changes, so School Administrators must be open to new tools and new ideas to ensure better safety in schools.
A recent survey revealed that HIPAA is the most challenging regulation to businesses today.
Lessons Learned: Regulatory requirements are updated regularly…Hackers, risks, threats, etc. are constantly changing. Staying up-to-date and within compliance is challenging, but critical. Organizations must ensure all employees (and third-parties) understand their responsibilities to protect sensitive information.