Is your policy management program effective? These three keys and related self-assessment questions will help you consider how your program is doing, and what steps you may need to take to get where you want to go.
Getting Your Plan in Place
Successful policy management necessitates the development of appropriate plans to mitigate risk. A thoughtful plan for policy management is critical—and when an organization strays from the plan, they can be exposed to potential risks.
To build a strong plan, companies need to take the time to conduct a complete risk assessment. Then ethics and compliance officers, along with senior executives and representatives from business units across the organization need to develop and implement policies that fit their unique risk profile.
Key Questions:
- When was the last time your company conducted a risk assessment?
- Do you know who creates your policies, as well as the standards and methods used to implement and enforce them?
- Are your employees aware of all policies and procedures appropriate for their role?
- Are your policies consistently enforced?
Making Sure Your Policy Management Tools Are up to the Task
An automated policy management system that’s well-maintained (one that has up-to-date policies, stays current with best-practice workflows, distribution and attestation strategies) will help protect your organization, and make it better-equipped to manage the ever-changing compliance landscape as it impacts policies.
Key Questions:
- Does your company have a centralized repository for all policies, procedures and other key documents?
- Are your policies and other key documents reviewed periodically?
- Does your legal team review high risk policies to ensure compliance with current laws and regulations?
- Can your employees find the most current version of any assigned policy in less than three minutes?
Training On Your Policies
Training on your organization's policies an procedures cannot be a "one and done" exercise. Organizations need to train and communicate appropriate policies to employees when they join the company and on an ongoing basis. Training on policies should, at a minimum, include being able to track whether an employee has read and understood the policy—through attestations, quizzes or other methods.
Key Questions:
- Do you maintain meticulous records to track that your employees have read and understood the policies that are applicable to their role?
- Do you have a process in place to ensure all new employees are trained on applicable polices?
- Do your employees attest to policies and documents on a set, regular schedule?
Staying Prepared & Protected
Making sure your policy management program is set up to reduce risk and protect the safety or your company’s people, reputation and bottom line is critical. Learn more about the policy management solutions NAVEX Global offers to help.
