From time to time, people ask why policies matter. The answer, at its most basic, is that when an organization fails to establish strong policies, the organization quickly becomes something it never intended.
Good policies define the organization’s governance posture, corporate culture, behavioral boundaries, and objectives.
Without the guidance provided by well-written and effectively managed policies, corporate culture may morph and take the organization down unintended paths. Policies are critical to managing risk; every policy is a risk document that aims to control behavior-related risks.
The longer answer is a bit more complicated…
Why policies matter
Policies set the standard for acceptable and unacceptable conduct by defining boundaries for the behavior of individuals, the operation of business processes, and the establishment of relationships.
Starting with a code of conduct defining ethics and values across the organization—and filtering down into specific policies for business units, departments, and individual processes—the organization states what it will and will not accept and defines the culture of integrity and compliance it expects.
Policies are part of what can be called governance documents, which also include related standards, procedures, and guidelines. Policies can be understood collectively to encompass both the official policies themselves and the broader collection of governance documents.
Policy engagement is the result of effective policy management
Organizations need to rethink how they are managing and communicating policies in their environment.
Haphazard approaches that scatter policies across different internal websites and portals in different formats is not relevant to today’s workforce. And it handicaps the organization in managing policy communication and awareness in an era that requires complete visibility and operational effectiveness and understanding of policies. This is particularly true of the millennial generation.
However, policies—when done right—articulate and build the desired corporate culture and drive standards for individual and business conduct throughout their lifecycle in the organization.
Policies articulate the governance culture
Policies address more than how to meet legal requirements; they also drive the performance objectives of the organization.
Without policies, the organization has not made clear what people or business units may or may not do in seeking to meet those objectives. Individuals are left to make decisions and may take the organization where management does not want it to go. Governance is not taking place.
Can you imagine an organization that did not have policies? How could it ever reliably achieve objectives as there would be no consistency in behavior, processes, and transactions?
Policies articulate the risk culture
This includes the establishment of risk management responsibilities, communication, appetite, tolerance levels, and risk ownership.
Policies reduce bias in decision-making. Every organization takes risk — it is part of the business and sometimes helps to get the business where it wants to be. But without clearly written guidance and ownership, risk governance will be ineffective, and risk decisions will be made by everyone based on his or her personal appetite for risk.
Essentially, every policy is a risk document. There would not be a policy if there were not a risk. Further, every policy must be risk-informed; the policy exists in response to a risk or anticipated risk and needs to be understood in that context.
Policies articulate a culture of compliance
Policies define what is acceptable and unacceptable. This starts with legal and regulatory requirements: communicating how the organization will stay within legal boundaries given the various jurisdictions in which it operates.
Policies also establish the values, ethics, commitments, and social responsibility of the organization when it comes to matters of discretion.
Policies, particularly policies that are enforced, provide an organization with a defensible position against the actions of rogue employees and demonstrate how the organization meets legal, regulatory, contractual, and other requirements.
Even when well-written policies are issued, the game is not over. An organization can have a wide array of policies that simply “sit on the shelf” or are not adhered to, and the organization can end up in hot water.
We know that an organization may develop a corrupt culture even with the right policies in place, but we also know that it cannot have a strong, effective culture without them.
Engagement across the policy lifecycle
Issuing well-crafted, and appropriately targeted policies is a necessary first step in the policy lifecycle to clearly define and communicate the organization’s boundaries, practices, and expectations.
Policies are the vehicles that communicate and define values, goals, and objectives so that culture does not morph out of control. This enables the organization to embed culture into the action and behavior of processes, transactions, relationships, and individuals.
A strong embedded culture is driven by an effective policy management lifecycle that provides consistency in behavior, reduces costs and inefficiencies, and supports growth and change management. This leads to higher employee engagement and achievement of objectives.
The need for integrated training and policy management technology
In the end, organizations need structured processes to manage the entire policy management lifecycle, from creation through maintenance and eventually retirement of policies.
This particularly includes the ability to deliver a technology architecture to manage the policy management lifecycle and effectively engage employees on policies and ensure their awareness, training, and understanding of them in their individual business contexts.
The 4 pillars of an effective policy management portal
The pillars of an engaging and integrated policy and training portal are that it is:
- Unified – Employees come to one policy and training portal to find everything needed. Policies are not just documents, but integrated resources and tools. Video and resources are integrated alongside written policy.
- Relevant – The policy portal reflects changes in employee role and context. The most critical “need to know” policies are easy to find. Users can customize and organize the policy portal to their needs.
- Interactive – Understanding is increased through embedded media. Games, scenarios and interactive content is used to reinforce key points within policies. Pop-ups provide access to definitions and resources in written policies.
- Social and Personable – Employees can share policies and provide comment and interaction on policies. The portal makes it is easy for employees to get questions answered. The employee has a corporate avatar that is linked to badges and progress in policy and training tasks.
Achieve effective, engaging policy management with Ekko
Join me next week on February 22, to take a deeper dive into the relationship between and the importance of policy, training and engagement, and to find out how Ekko’s integrated suite of compliance, learning and engagement tools helps heavily-regulated industries increase employee engagement with policy and procedures.
Not sure you can make it to the live session? Register here and we’ll send you the recording anyway.