Policies define expectations and boundaries for behaviour, but these expectations frequently go unmet. There are three major triggers for new policy creation or policy amendment:
- An adverse event highlights an operational risk that is not effectively controlled. A policy is required to address this risk and how this adverse event can be avoided in future.
- A strategic objective. When an organisation wants to achieve something important and commits to this in writing. The policy acts as the action plan and guidance for staff, making success more likely.
- A new regulation or law comes into force.
All organisations are subject to numerous compliance requirements. Some are common to all - HR policies, for example. Some are industry specific. Either type requires strict compliance with documented evidence. Policy management provides a formal process for acknowledging a regulatory requirement and translating this to action.
In some ways compliance-based policy management is straight forward:
- The policy objective is clear.
- The need for the policy is compelling.
Once the policy objective has been defined, it is not yet time to start creating the policy. Planning and assessment is required. This stage will allow you to understand better where the gaps are that the policy must fill.
What is wrong with skipping the assessment step?
Not taking the time to assess how your organisation is currently operating wastes resources and undermines policy management within your organisation. When staff notice that a policy has been distributed without due consideration, it confirms their assumption that policies are a box ticking exercise that they can ignore. This negative view of policy management is not uncommon.
What is common is silo decision making that creates overlapping and conflicting policies.
Skipping this assessment step may seem like an easy way to save time. Policy development does tend to be time sensitive; the regulator will set a deadline for compliance that is non-negotiation. But the most labour-intensive tasks - drafting, training and implementation - are yet to come. Tasking one or two people to an assessment project is more effective than wasting the time of domain experts and the wider workforce with unnecessary work.
Consider the critical capabilities within this stage:
- Map policies and controls to compliance requirements
- Document gap analysis and KPIs to be monitored
- Conduct impact and risk assessments
Assessment makes policy development more efficient by understanding who needs to be involved and what needs to be changed. It’s equally important to understand who doesn’t need to be involved and what can remain unchanged. It could be the case that there is already a pocket of best practice happening, which simply needs formalisation in a policy and further roll out.
The link between policy management and performance management
With a bit of planning, policy development becomes a driver for operational improvement. The link between policy management and performance management is strong.
Performance management monitors performance across the organisation with the goal of improving business performance. It requires comprehensive, real-time visibility of performance across the organisation. Comprehensive means a variety of perspectives – strategic perspectives, departmental perspectives, time-based perspectives. Proactively tracking these perspectives informs your gap analysis and impact assessments, giving you a head start when faced with a new or changing regulation.
It also gives you a means of measuring policy success; helping you transform policies from unread documents to instruments of positive change.