Few Give Their Policy Management System Passing Grades

The days of organizations conducting policy management through spreadsheets, email and generic document-sharing platforms aren’t over yet. But they probably should be.

Because policy management is often a shared responsibility among many departments and affects all employees, the performance and compliance downsides of outdated policy management systems can infect entire organizations. And policy management has arguably never been more challenging than it is today. Regulations and laws continue to change at a rapid pace and many organizations manage hundreds if not thousands of policies, procedures and guidelines. An out-of-date policy can be dangerous in the hands of an uneducated or careless user.

Trying to manage something that complex with software designed for email or simple document storage just doesn’t make sense anymore and it doesn’t do the job in most cases. A recent survey from NAVEX Global demonstrated that if organizations can overcome budgetary constraints and internal silos, the shift to automated policy-management can make their compliance processes more efficient, measurable and more effective.

Amid this shifting regulatory and legal landscape, my employer, NAVEX Global, surveyed nearly 1,000 ethics and compliance professionals about their policy management, which consists of the practices associated with managing an organization’s policies or procedures throughout the policy life cycle, including drafting, editing, approving, updating, distributing, storing and documenting policies.

Conducted as part of our 2016 Ethics & Compliance Policy Management Benchmark Report, the survey revealed that less than 40% of respondents failed to rank any attribute of their current policy management system as “Very Good” or “Excellent.” But 58% of those at organizations with automated policy management systems – the gold standard of policy management as we move away from early-2000s era approaches — were at least twice as likely to rate their policy management programs as “Very Good” or “Excellent.”

Unfortunately, only 17% of respondents said they had such a system. That’s likely due in part to ownership silos and a lack of funding — 40% indicated that they either didn’t have funding for policy management or that it is part of a company-wide budget.

Policy management survey navexThis “silo effect” can be illustrated by the fact that more than 50% of respondents’ organizations have seven or more departmental stakeholders with some level of ownership of policy management and the budgeting process. Two of the three most common departments considered active stakeholders were Human Resources and Ethics & Compliance.

Turf wars are common

Of course, anyone who’s worked in (or around) either area over the past couple of decades knows that turf wars or rivalries between the two groups are all too common. As my colleague Ed Petry wrote earlier this year, it’s time for the two departments to work together as partners, as regulators and company leaders have little patience for turf battles. And he’s not the first to make the plea.

If the two groups – and others involved in policy management – can work together and through their differences, and all parties have a healthy interplay, the disagreements can lead to a stronger system. Otherwise, silos pop up, which can lead to problems with effective policy program management. Twenty-nine percent of respondents without automated systems blamed “No Single Owner” or “Internal Roadblocks.”

Article Continues Below

Automated systems for policy management

Forty-eight percent of respondents said their programs had centralized and translated policies through a shared folder or Intranet, but publishing and collecting signatures to demonstrate awareness and training often were not software-driven or automated. That’s better than some alternatives (9% of respondents said they only create policies after a need arises) but How often review policiesan automated system is much more efficient – and it avoids the need to track employee participation on spreadsheets, to send out codes of conducts via email and to follow up with hundreds if not thousands of people on policy and training certifications.

An automated system also is a huge help at addressing the challenges organizations struggle with most, keeping policies up to date with new and changing regulations, followed closely by training employees on policies.

Policy training

Fifty-seven percent of respondents said they used online training to keep employees up to speed. But with a bevy of training options available that cover a wide range of topics, it’s important to ensure that employees get the training they actually need for their specific jobs. Put another way, an automated system is better able to eliminate one-size-fits all training, so U.S.-based cashiers at a small retailer won’t end up being expected to learn about the Foreign Corrupt Practices Act – since the risk is very low and could be a waste of the employee’s time, along with the company’s training dollars.

It’s important to note that organizations can and do manage some elements of policy management without an automated system – but doing so is much harder, less efficient and less effective.

Put another way, the difference between automated systems and their more rudimentary counterparts is a lot like housecleaning now compared with housecleaning 50 years ago. New vacuum cleaners, other time-saving equipment and new cleaning supplies not only make the job go much faster — they also clean your house better.

Randy Stephens, J.D., is a vice president with NAVEX Global’s Advisory Services team. A lawyer and compliance specialist, Randy has worked in roles with legal and compliance responsibility for over 30 years, including operations in Mexico, China and Canada.

In 2014 / 2015 clients engaged Randy to train employees or conduct risk and program assessments in Japan, China, Australia, UAE, KSA, Kuwait, Jordan, Qatar, Romania, Serbia, the UK and Canada while also working with clients with offices and operations around the world.

Randy has significant in-house experience leading compliance programs and working for some of the largest and most diverse public and private corporations in the United States, e.g. Home Depot, Family Dollar and US Foods. He is the author of numerous compliance related articles and commentary and is regularly featured or quoted as a compliance expert in press and publications. He joined NAVEX Global’s Advisory Services team in 2012.

Topics