5 Practical Principles for Policy & Procedure Management

Originally published on

Many failures in business today could be addressed or even prevented with better policy management. Data breaches, workplace accidents, employee misconduct, third-party incidents, customer complaints, and more are often traced to policies that were absent, ineffective, or out of sight, out of mind.

What if policies were more than just about dos and don’ts for employees and legal protection for business? Imagine if policies were also about what Jack Welch, former chairman and CEO of General Electric, views as critical to success: employee engagement and customer satisfaction.

For policies to bring out the best in employees and delight customers, as well as serve the company’s best interests, you’ll need to follow five key principles of sound policy management.

1. Influence Employee Behavior with Policy Communications

The best, most adhered to policies don’t just live in a policy manual filed away. Policy adherence thrives on communication, training, and testing. Publish and distribute policies, making sure to articulate what a given policy is and why it matters. Give employees a test to check their comprehension of the policy. As it takes an average of 21 days to form a new habit, employees need repeated exposure to a policy for integration into their daily routine.

Download: 2019 Definitive Corporate Compliance Benchmark Report

2. Highlight Policies After Incidents to Head off Issues or Convey Tone from the Top

Use incidents to communicate and emphasize rules and policies.

Workplace incidents require investigations, corrective action plans, and reports as part of remediation. But don’t stop there. Use incidents to communicate and emphasize rules and policies. With sexual harassment becoming a growing concern and many organizational leaders wanting to implement a speak-up culture, existing and new policies need to be revised or written and shared across the organization. When combined with an anonymous whistleblower program, policies can affect real change.

3. Link Policies to Controls for Contractual Agreements & Regulatory Requirements

Policies related to contractual agreements help ensure that participants act in accordance, resulting in less risk of conflicts and issues. Prove compliance with regulations by showing a linkage between policies and controls. The linkage provides a defensible record that helps protect the company.

As Michael Rasmussen writes in the GRC Pundit Blog, “to defend itself, the organization must be able to show a detailed history of what policy was in effect, how it was communicated, who read it, who was trained on it, who attested to it, what exceptions were granted, and how policy violation and resolution was monitored and managed.”

The best company defense is thoroughness and traceable roots to laws, standards, and guidelines.

Download: Definitive Guide to Policy and Procedure Management

4. Update or Create Policies as Business Changes & Events Occur

Events like incidents and management initiatives, as well as regulatory changes, create the need for policy updates and new policies.

Polices aren’t set in stone. They’re subject to change at any time. As previously discussed, policies link to controls created from regulation citations. Events like incidents and management initiatives, as well as regulatory changes, create the need for policy updates and new policies. It happens with such frequency that it’s a good idea to review policies annually. Every policy change, update or new, must be written, recorded, and shared with its intended audience.

5. Leverage Technology for Policy Management

You can create a policy easy enough using a word processor. That’s great if you’re a small company and just need an employee manual. If you’re a corporation with a sizeable workforce, multiple offices, and have customers and vendors in many locations or countries, word processing and spreadsheets don’t cut it. You need a technology solution that saves time, saves money, and does more.

Sound policy management with the right technology can address or even prevent many business failures while helping protect the company. And for company goals to be more employee and customer-centric, the management/technology solution is a catalyst for employee engagement and customer satisfaction.

Chat with a solutions expert to learn how you can take your compliance program to the next level of maturity.

Our Vision for Risk Management: A Message to Our Customers

Our vision, since the founding of NAVEX Global, is to provide our customers with a holistic approach to Risk Management. This vision was the impetus for our recent acquisition of integrated risk management software provider, Lockpath.

Previous/Next Article Chevron Icon of a previous/next arrow. Previous Post

SFO Aims at Increasing Transparency with New Guidance, but Does It?

The Serious Fraud Office (SFO) has recently published new “Corporate Co-operation Guidance” with the intention of providing transparency into what organisations might expect when self-reporting. Whether the guidance actually achieves this purpose is still up for question and shall be explored further.

Next Post Previous/Next Article Chevron Icon of a previous/next arrow.


Subscribe Now!
Definitive Guide to Compliance Program Assessment
Download Guide