Assessments to ensure you had competent workers used to be an absolute. Before working for a company, you would have to pass typing tests and demonstrate the veracity of your résumé's stated skills with an in-house, supervised assessment.
Likewise, training used to be mandatory, especially when the latest version of a system was deployed. But times have changed, and the quality of work has as well -- but not for the better.
Many organisations prefer to allow users to pursue training organically. So if employees want to learn more, training is perhaps made available through an online service or in-house leaning modules. Maybe there is an incentive plan in place for learning, maybe not.
Rather than ensure people are trained to the nth degree when a new OS or Office version is deployed, companies often give users no training or just very basic training to help them get by in the new system.
Aside from the obvious message this sends employees -- that they're not really cared for, and skills aren't a priority -- it's a mistake from a business perspective to do this loosey-goosey training. It doesn't just hurt feelings, it hurts productivity.
You take an employee who's been using Windows XP for more than a decade and put Windows 7, 8, or soon 10 in front of them. Or a new version of Office. Or any tool. Sure, they will learn enough to do the same job they used to do. But they don't improve; they simply learn the new way to do old things.
How is this a good idea? Why bother giving them faster equipment, improved OS capabilities, and so on without insisting they advance in their knowledge and understanding of the tools and work processes?
Another result of this minimalist approach to training is all over your company: People with decades of job experience can barely do more than type a letter in Word, or who add up data by hand in Excel and manually enter the result in the spreadsheet's totals.
People need real training, and that training needs to be either mandatory or aggressively incentivized (including being part of the review, promotion, and salary process).
If you go the mandatory route, you need to detail specifically how much training you expect users to pursue (number of courses, or amount of time) and/or which courses are required. You then need to follow up and ensure the employees follow through -- and provide clearly stated consequences if they don't.
Some training at your company is likely already mandatory, like sexual harassment training and safety training, but what about training that focuses on Internet safety, proper workplace procedures to prevent corporate espionage, exposing zero-day vulnerabilities, and spear-phishing? (And if you have employees who don't know what those terms mean, you are severely undertraining your people for the modern world.)