First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

5 practical principles for policy & procedure management

policy and procedure

Many failures in business today could be addressed or even prevented with better policy management. Data breaches, workplace accidents, employee misconduct, third-party incidents, customer complaints, and more are often traced to policies that were absent, ineffective, or out of sight, out of mind.

What if policies were more than just about dos and don’ts for employees and legal protection for business? Imagine if policies were also about what Jack Welch, former chairman and CEO of General Electric, views as critical to success: employee engagement and customer satisfaction.

For policies to bring out the best in employees and delight customers, as well as serve the company’s best interests, you’ll need to follow five key principles of sound policy management.

1. Influence employee behavior with policy communications

The best, most adhered to policies don’t just live in a policy manual filed away. Policy adherence thrives on communication, training, and testing. Publish and distribute policies, making sure to articulate what a given policy is and why it matters. Give employees a test to check their comprehension of the policy. As it takes an average of 21 days to form a new habit, employees need repeated exposure to a policy for integration into their daily routine.

2. Highlight policies after incidents to head off issues or convey tone from the top

Workplace incidents require investigations, corrective action plans, and reports as part of remediation. But don’t stop there. Use incidents to communicate and emphasize rules and policies. With sexual harassment becoming a growing concern and many organizational leaders wanting to implement a speak-up culture, existing and new policies need to be revised or written and shared across the organization. When combined with an anonymous whistleblower program, policies can affect real change.

3. Link policies to controls for contractual agreements & regulatory requirements

Policies related to contractual agreements help ensure that participants act in accordance, resulting in less risk of conflicts and issues. Prove compliance with regulations by showing a linkage between policies and controls. The linkage provides a defensible record that helps protect the company.

As Michael Rasmussen writes in the GRC Pundit Blog, “to defend itself, the organization must be able to show a detailed history of what policy was in effect, how it was communicated, who read it, who was trained on it, who attested to it, what exceptions were granted, and how policy violation and resolution was monitored and managed.”

The best company defense is thoroughness and traceable roots to laws, standards, and guidelines.

4. Update or create policies as business changes & events occur

Polices aren’t set in stone. They’re subject to change at any time. As previously discussed, policies link to controls created from regulation citations. Events like incidents and management initiatives, as well as regulatory changes, create the need for policy updates and new policies. It happens with such frequency that it’s a good idea to review policies annually. Every policy change, update or new, must be written, recorded, and shared with its intended audience.

5. Leverage technology for policy management

You can create a policy easy enough using a word processor. That’s great if you’re a small company and just need an employee manual. If you’re a corporation with a sizeable workforce, multiple offices, and have customers and vendors in many locations or countries, word processing and spreadsheets don’t cut it. You need a technology solution that saves time, saves money, and does more.

Sound policy management with the right technology can address or even prevent many business failures while helping protect the company. And for company goals to be more employee and customer-centric, the management/technology solution is a catalyst for employee engagement and customer satisfaction.

By Mike Ogden

Follow me

Ethics &Compliance Matters ™, Navex Global ®

Ethics & Compliance Matters™ is the official blog of NAVEX Global®. All articles posted on the Inside Internal Controls blog originally appeared on NAVEX Global’s Ethics and Compliance Matters Blog. The blog leverage the news, insights and best practices you find here to stay ahead of GRC trends, and take your compliance program to the next level. Read more
Follow me

, , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.