FS PortalPURCHASE COURSES |Financial Services PortalContact Us
Articles & Events
GRC Report Newsletter
May 9, 2022

Online Learning Takes Off


New data shows that more Australian businesses are using online training courses than ever before. Here’s three reasons why

Over half of Australians who undertake work-related training are doing it online – a huge jump from just four years ago

New data from the Australian Bureau of Statistics (ABS) shows that businesses are embracing the potential of online learning to train their employees.

According to the Work-Related Training and Adult Learning Survey 2020-21, just over half (55%) of the 4.4 million Australians who undertake work-related training are doing it online. This is more than double the rate in 2016-17 (which was only 19%).

Additionally, every Australian state and territory saw an increase in online work-related training since then, with rates in Victoria and the ACT skyrocketing by more than three times.

Clearly, businesses across Australia are choosing online training to contribute value and enhance their employees’ experience of work-related training. Here’s three reasons that explain the shift towards online learning.

Ongoing COVID concerns required businesses to get flexible with training

As COVID shut down workplaces and locked down cities, it also prevented businesses from holding face-to-face training sessions.

While rates of online training soared, work-related training in a classroom dropped by a similar level – from 69% to 37% in the last four years.

“Many states and territories, particularly Victoria, were impacted by COVID lockdowns over this time, which would have driven a rise in online learning,” said the ABS. The highest rates of online delivery were in Victoria (64%), the ACT (59%) and NSW (57%).

Crucially, there’s reason to believe that online training is here to stay. Even as some states are emerging from the worst days of the pandemic, it’s harder to get all employees together in the office at one time, let alone for a training session. Online learning is a flexible, practical and individualised solution, allowing employees to learn the material wherever they are.

More employees than ever, whether due to health concerns, caring duties or family commitments, prefer to have flexible working arrangements which involve working from home. This trend is likely to continue in the years to come.

We’re starting to recognise that employees can do effective work from anywhere – and so their training should also adapt.

Online learning is more effective in less time

Increasingly, employees in most industries face a heavy compliance and training burden. The ABS data reflects this: just under half (48%) of people who did work-related training completed three or more courses in one year.

However, training can take a significant amount of time, with 58% of respondents taking a staggering 10 hours or more to complete their most recent course.

Of course, work-related training should never be rushed. But with so many complex laws, regulations and processes to understand, it’s important that training is efficient and inexpensive.

One of the biggest benefits of online training is that it simply saves a lot more time. Instead of taking hours out of their day for a training session, employees can fit training into their schedule when it’s convenient for them.

For businesses, it can also reduce training costs and increase productivity, allowing employees to get back to important work more quickly. Online learning presents an especially effective solution for larger businesses with 100 or more employees, whose employees are more likely to have done several training courses.

Several studies also indicate that online training is more effective for employees. Compared to face-to-face sessions, where the focus is on imparting content to several people at once, online learning puts the learner in control.

Importantly, employees can learn at their own pace and review the content even after they complete the course. Drawing on powerful instructional design principles, such as interactive visuals and targeted, adaptive assessments, online training can also improve onboarding for new starters, and empower your business to promote a consistent, compliance-focused culture which increases retention rates.

Online learning is key to engaging younger generations in years to come

In LinkedIn’s 2021 Workplace Learning Report, Gen Z watched the most hours of content of any generation on LinkedIn’s learning platform, and accounted for the highest increase in learners of any generation.

Young people are used to living, studying and learning online. As businesses compete for talented young people entering the workforce, investing in effective online learning will be the key to engaging them and building new skills.

And they get valuable skills from work-related training. According to the ABS, 80.7% of people aged 15-24 said they acquired new skills or knowledge from their most recent training, the highest percentage of any age group.

When it comes to work-related training, the data is clear: online training is essential to boost your employees’ skills and strengthen your business position in the years to come.

Technology Issues


After a more normal term one finished in Australia, and term two is getting under way, the pandemic and remote learning have opened schools up to a huge range of new risks in cybersecurity with stakeholders concerned about the holes in the system.

The past two years have seen a huge spike in cybersecurity attacks globally, with research showing Australia’s school system is the 4th most targeted in the world.

Check Point Research found education was the hardest hit sector by cyber attacks, with an increase from the first half of the year.

Even more so because of remote learning and the flow-on effects into the “new normal”, schools are heavy users of digital technology, web-based platforms and data management systems, all of which are open to attack.

In addition, on the home front there is also risk posed by students in the form of cyber bullying, image abuse and online behaviour which has been the focus of cyber safety messages.

However, bad actors are now taking advantage of holes in the system to harvest personally identifiable information and unregulated third party access.

This is a problem for all stakeholders including teachers, students and parents.

Locked out

While attacks on Australian schools have increased in the past years, looking to the US, there is a global trend in schools reporting more frequent and more significant cyber security events.

In one high profile example, a ransomware attack on public schools in New Mexico saw classes cancelled for more than 75,000 students.

The attack meant teachers couldn’t open attendance records, were locked out of class rosters, grades and blocked access to the student database including emergency contacts and important student information. These attacks are forcing schools to shut as they recover data and manually wipe and reset laptops and other technology.

Types of attacks

Schools are likely to encounter very specific cybersecurity issues that can come down to individuals in the institution. The most common attacks on schools are the following:

DDoS: Distributed Denial of Service attacks cause widespread disruption to an institutes’ network stopping it from functioning.

Data theft: With schools holding important personal data including names, addresses and birth dates, all levels of education are vulnerable to data theft hacks which can come through common threats like social engineering scams.

Financial: As large volumes of cash are transferred in school fees this leaves schools open to attack unless they are properly prepared against the threat and ensure they are using secure payment portals.

These attacks can be carried out through phishing scams, designed to trick the user into divulging key passwords, ransomware attacks, preventing users from accessing data bases or files. There is a notable rise in these attacks through scams and posts on common social media platforms.

There is also risk through lack of awareness when teachers or students who aren’t trained well enough accidently compromise the network.

Education is key

On the positive side, protection against cybersecurity risks is straightforward with the right education and protective software in place.

Regularly changing passwords and ensuring they are “strong” along with updating software to maintain anti-malware protection are essential to this.

The new GRC Cybersecurity for Schools course gives school employees vital information on how to protect school data from external attacks and scams, as well as how to address a range of different cybersecurity-related situations at work, home or offsite.

All it takes is one person to forget to regularly change a password, or use something too simple, disable updates of antivirus software or lose a work device in a public space for the school to immediately be at risk.

 Back to top

Regulatory Developments


A new report from APRA reveals its expectations that regulated entities including ADIs give the same attention and prioritisation to compliance risk management that they give to cyber risk, operational risk management, and other risk classes.

Compliance risk management is often held as a barometer for how organisations approach risk management generally.

It relates to an organisation’s ability to comply with the laws, rules, regulations, and standards (both external and internal) governing its operations.

In regard to ADIs, each organisation’s compliance obligations will be driven by the industry in which it operates, and the products and services it offers.

Because of the range of potential offerings, there is no single consolidated list of obligations that all ADIs must meet. Accordingly, each ADI needs robust processes to identify all relevant obligations and to keep up-to-date with all relevant regulatory changes.                                      

APRA’s approach to compliance risk

While a number of regulators supervise and enforce different elements of an ADIs compliance management practice, APRA’s interest is particularly on an ADI’s ability to demonstrate and monitor compliance with prudential standards, and to consider APRA’s guidance.

When there’s a breach of a prudential standard, APRA focuses on the people, systems, and processes that have contributed to the incident to ensure the underlying cause has been identified and addressed.

APRA also considers an ADI’s ability to meet non-prudential obligations and laws as a way of gauging the adequacy of their risk frameworks, and risk management processes and practices.

APRA Prudential Standard CPS 220 Risk Management sets out APRA’s requirements in relation to the risk management framework of an APRA-regulated institution. It specifically requires that entities have an adequately staffed, appropriately trained compliance function, with a reporting line independent from business lines.

​​Key observations from recent supervisory work undertaken by APRA

APRA’s recent supervisory work involved examining larger and more complex entities and their attention to, and progress on, addressing issues in managing non-financial risk, specifically:

  • their compliance management strategy,
  • their implementation of frameworks and systems, and
  • their accountability and oversight mechanisms to support their strategy.

The key observations from this work have highlighted the need for entities to:

  • have a clearly defined approach to managing compliance risk,
  • have established processes to support compliance risk management practices, and
  • specify clear accountability for managing compliance risk.

Clearly defined approach

APRA observed that entities face challenges in developing and maintaining a complete view of obligations that apply to their business operations.

To ensure all obligations are captured and regularly updated, better practice involves using compliance subscription services and obtaining input from compliance subject matter experts.

This hybrid approach is enhanced when representatives from different business units and the compliance function work together to maintain a detailed understanding of all end-to-end processes.

Better practice also involves the business units and the compliance function coordinating their approach to plan for, and manage, any changes to obligations—including any major regulatory changes—to ensure the entity is compliant in time.

Established processes

APRA observed that while entities recognise the need to understand the processes associated with their offerings, it can be challenging to implement and maintain an accurate view of these processes. Entities that have moved closer to documenting their end-to-end processes are able to overlay compliance obligations on their processes, allowing them to identify gaps and then fill those gaps to show compliance with obligations.

Better practice involves understanding end-to-end processes for products and services, applying an overlaid view of compliance obligations, and implementing ongoing monitoring to identify any gaps between business process and applicable regulations and laws. This allows business units to understand their current level of compliance and to maintain processes so they are compliant by design. This should be supported by the business unit reporting to senior leadership and the board to present a complete view of obligations and processes.

Clear accountability

Clear accountability remains a key focus for APRA’s supervision teams. APRA has observed that entities closer to the adoption of the Three Lines of Accountability model are more proactive in monitoring issues as they arise and in actively managing compliance risk.

The Three Lines of Accountability model provides an effective framework for risk management and involves:

  • the business itself (Line 1), which is accountable for managing compliance risk,
  • the risk management function (Line 2), which provides oversight and challenge, and
  • the internal audit function (Line 3), which performs independent assurance activity.
Better practice involves entities creating clear accountability for compliance risk management across the Three Lines of Accountability model, as part of their compliance risk management framework. This ensures that established processes are implemented. In addition, accountability is further improved when senior leadership and the board foster a culture of treating compliance risk with the utmost importance to set the tone for all staff.

back to top

*Click the subscribe button on our homepage to subscribe.

You might be interested in...

No items found.

Get in touch

Speak to an account manager today

Off to a great start! One of our customer service representatives will be in touch with you shortly.
Oops! Something went wrong while submitting the form.