Examining Integrity in IACET-Accredited Continuing Education Units (CEUs): A Case Study
International Association for Continuing Education and Training (IACET) standards offer prescriptive guidelines for maintaining the integrity of online continuing education units (CEUs).
However, these guidelines are just that — guidelines. Application is often inconsistent, compromising learning outcomes and creating risks for member organizations.
In this article, we look at two online learning events hosted by IACET-accredited organizations. In both cases, significant vulnerabilities were identified that could undermine the integrity and value of the credit—and even place organizations in legal or regulatory jeopardy.
Scenario One: The Live Lecture
Our first scenario involved a professional designation process in which individuals obtain CEUs by attending a live lecture. In this scenario, guidelines require that the presenter monitor attendee participation during the session. Afterward, a code is given to learners to unlock a comprehension test based on the content covered in the presentation; CEUs are awarded after successfully completing the test.
In theory, this setup seems robust—there is monitoring during the event and a knowledge check afterward. However, we found that both controls were easily circumvented by the learner.
Our learner, in this case, a pug named Phoebe, registered for the course, activated an avatar on their video feed, and tuned out for most of the live lecture. They returned at the end to get the access code and used a GPT browser plug-in to complete the exam and obtain their CEUs successfully. There were no checks on actual participation and no way of detecting the use of AI tools that can bypass learning objectives.
Scenario Two: The Activity-Based Course
In the second scenario, the learning event incorporated activity checkpoints to ensure continuous engagement with an online course. Learners were required to interact regularly with the content by clicking buttons or watching videos that needed to finish before they could progress. The course’s structure imposed some controls over this by requiring the participant to start a new module at certain intervals.
When we tested it, however, the total interaction time was less than 45 minutes for a 10-hour course. At no point was the participant—once again, our pug Phoebe—required to demonstrate reading or comprehension of the covered material. The activity requirements, which amounted to little more than a requirement to click a button or move the mouse periodically, were easy to bypass without actively engaging in the content. In the end, we found that it was possible for a wholly unqualified participant (in this case, a dog), to obtain multiple CEUs with minimal participation.
Lessons Learned
Neither of these scenarios is hypothetical. Both represent the real-world findings of our investigation of actual CEU-awarding, IACET-accredited organizations. In both cases, exploiting loopholes and undermining learning objectives was very easy. While live verification and activity-based interactions may seem like solid compliance measures, we found they are highly vulnerable to manipulation through low-cost and low-tech methods.
In the first scenario, live verification by a presenter failed because it was a passive form of engagement; the learner did not need to participate actively. In the second scenario, even with activity checkpoints, the learner’s engagement could be circumvented by simple technological aids. Both permitted GPT tools that completed all assessment questions on the learner’s behalf.
Our Role in Maintaining IACET Compliance
We are an IACET sponsor and partner that works with member organizations to help them understand their vulnerabilities. We offer one-on-one consultations and stress tests to identify stronger compliance measures that can be implemented by the organization with minimal disruption to the learning process.
We believe that maintaining the integrity of CEU programs is essential, particularly in an age where technology offers numerous ways to sidestep learning. For IACET-accredited organizations, it's not enough to simply check off a compliance box; you must actively work to ensure your learners participate and comprehend the material.
CEUs should reflect real learning and engagement. Our goal is to ensure that they do and, by doing so, protect the integrity of the IACET standard and the reputation of accredited organizations.
About the Author
With over 30 years working at the nexus of organizational risk management and technology, Robert Day's experiences have ranged from military firefighting and founding tech ventures to private investigation and post-fatality litigation assessments. Mr. Day specializes in the critical interplay between risk and technology and believes that the thoughtful use of technological advancements can create increased opportunities to protect human life without compromising an organization’s commercial viability.