The Definitive Guide
to Policy Management

Assessment tools, best practice tips,
considerations, and more.

We have divided our guide into three areas of study, each suited for different user profiles, the Visionary, Practitioner, and Strategist.

Scroll Down to choose
your area of study.

Policy Management Solutions for Visionaries


For the visionary seeking a deeper understanding of policy management, the first area of study examines the purpose of policies and provides an elevated perspective on policy management to help you determine the best course of action for your organization.

Policy Management Redefined:
Forget What You Thought You Knew

The Purpose of Policies

Policies are the backbone of your business. At their best they are a dynamic body of shared knowledge used to strengthen, support, and protect your company’s success. Ensuring that you have the necessary policies and procedures in place—and enforced—will help you accomplish your organization’s strategic vision while protecting its people, reputation, and bottom line.

“Policies and procedures are the strategic link between the company’s vision and its day-to-day operations.”
Ingrid Fredeen, Vice President,
 Advisory Services, NAVEX Global

Your company’s vision, mission, and values serve as a clearly visible “north star” for policy development. Policies drive the various facets of corporate culture—ethical, social, professional, and legal. They should reflect and support the organization’s vision as well as its desired attitudes toward performance, including a culture of compliance.

Supporting the organizational vision by creating, maintaining, communicating, and training on your policies requires a significant effort. If your team becomes buried by onerous administrative tasks, you and they may have a tendency to begin regarding policies like some employees do—as a necessary evil and an inconvenience. Your team cannot afford to think this way; they must champion the idea that policies can and do change behavior, alter decision-making, and serve many vital purposes within the organization.

Purposes of Policy
  • To convey the organization’s
    mission and enable the execution
    of its strategy
  • To ensure that employees
    clearly understand
    expectations and consequences
  • To influence
    employee behavior
    and decision-making
  • To create a
    positive and
    respectful workplace
  • To foster credibility
    and trust with customers
    and business partners
  • To improve
    productivity and
    business performance
  • To meet all
    legal standards
    required to operate
  • To protect the organization,
    its people, its reputation,
    and its bottom line
  • To avoid
    litigation and
    mitigate risk
  • To prevent, detect,
    and respond to
    criminal conduct

Training employees on the critical importance of company policies can have a positive impact on their perspective and attitudes toward policies and influence their behavior. One of the most effective ways to communicate the importance of policies is to promptly investigate allegations and enforce policies when violations occur. When employees observe company policies being swiftly and consistently enforced, it sends a clear signal about management’s attitudes toward policies and the consequences of their violation. It is critical that executives set the tone from the top about the value and the importance of abiding by company policies.

Gavel High Stakes

Visionary 2

High Stakes

In 2012 more than 4,000 federal rules were scheduled and more than 3,000 existing labor laws existed on the books. In the past 15 years, employee lawsuits have risen 400 percent, with half of those suits won by the employee.

Did you know?
The average court award for employee lawsuits was $493,000 before punitive damages and attorneys’ fees, and out-of-court settlements average $311,000.

The stakes are high when it comes to having the right policies and maintaining them. With the continuous growth of legal and regulatory requirements, complex business operations, global expansion, and employee litigation, it is certainly no surprise that companies need a well-thought-out approach to policy implementation and management. But what may be surprising to many is that a recent survey indicated that 66 percent of companies felt they had little or no control of their policies.

A recent survey indicated that 66 percent of companies felt they had little or no control of their policies.

Are you one of those companies? To the right are five questions to help you consider the strength of your organization’s current system.

  • Do you know
    the last time
    your complete
    business policies
    came under review?
  • Are each of your policies
    reviewed periodically
    by Legal to ensure
    compliance with current
    laws and regulations?
  • Do you know
    who creates your policies
    as well as the standards
    and the methods used to
    implement and enforce them?
  • Do you maintain meticulous
    attestation records indicating
    that your employees have read
    and understood the policies
    that apply to them?
  • Can your employees
    find the most current version
    of any assigned policy
    in less than
    three minutes?

If you can’t readily and definitively answer yes to these questions, your organization could be exposed to significant risk.

The following two case examples highlight the importance of keeping policies current, reviewing their content, and documenting how often employees are trained on or reminded of a given policy.

Case Study #1

In 2009 a large restaurant company was fined more than $1 million for gender-based discrimination under Title VII of the Civil Rights Act of 1964.

The company had a longstanding policy (established in 1938) that banned the hiring of men as food servers. The company maintained the same policy for 39 years following the enactment of Title VII, until the discrimination charge was filed in 2003. It stands as an extreme example of failing to review and update policies but a powerful one nonetheless. An examination of Equal Employment Opportunity Commission cases reveals countless similar examples of organizations penalized for failing to update “longstanding” policies.

On the other hand, organizations that approach policy management strategically and exercise ruthless discipline with respect to their policies will yield returns in organizational alignment, corporate culture, and ultimately their bottom-line results. Not only that but when incidents occur or regulators come knocking, your organization will be prepared.

Navex Global - Visionary
Case Study #2

In 2012 the US Department of Justice (DOJ) declined to prosecute Morgan Stanley when employee Garth Peterson violated the Foreign Corrupt Practices Act (FCPA). The following statement explains the DOJ decision:

Morgan Stanley’s internal policies, which were updated regularly to reflect regulatory developments and specific risks, prohibited bribery and addressed corruption risks associated with the giving of gifts, business entertainment, travel, lodging, meals, charitable contributions and employment. Morgan Stanley frequently trained its employees on its internal policies, the FCPA and other anti-corruption laws. Between 2002 and 2008, Morgan Stanley trained various groups of Asia-based personnel on anti-corruption policies 54 times. During the same period, Morgan Stanley trained Peterson on the FCPA seven times and reminded him to comply with the FCPA at least 35 times. Morgan Stanley’s compliance personnel regularly monitored transactions, randomly audited particular employees, transactions and business units, and tested to identify illicit payments. Moreover, Morgan Stanley conducted extensive due diligence on all new business partners and imposed stringent controls on payments made to business partners.

In addition to maintaining existing policies, assessing and keeping up with the pace of change in your particular business environment should be a priority. Given the staggering pace at which business conditions evolve, policies and procedures must reflect current realities. Asking some key questions will help ensure that your policies are aligned with constantly—and rapidly—changing business conditions.

Keeping Up with the Pace of Change:
Questions You Can Ask


  • Has the nature of your workforce changed?
  • Has the way your employees do their jobs changed?

Operations and Business Structure

  • Have there been changes to products, services, or delivery methods?
  • Are you now outsourcing certain jobs?
  • Have certain departments taken on additional responsibilities or oversight?
  • Have your operating budgets changed?
  • Are you offering customers new ways to pay?


  • Do your policies reflect shifts in direction resulting from new leadership?


  • Do your policies reflect technologies currently in use?
  • Do employees use their own tech devices to perform their job functions?
  • Is your business technology keeping pace with your customers’ technology?

Compliance and Legal

  • Are your policies completely in accord with new laws and regulations?
  • Is your policy language clear and explicit?
  • Have employees attested to these policies with electronic signatures?

Not having policies is akin to 
driving without automobile insurance. 
It is both against the law and extremely






No matter how safe a driver you are, at times you will be unable to escape the bad driving of others. In organizations it is only a matter of time before someone makes a mistake. If appropriate conduct has not been outlined, published, and communicated, the accountability and the liability of the action will fall on your organization.

Policy Management Redefined

Visionary 3

Policy Management Redefined

Policies, procedures, codes of conduct, and employee handbooks have existed for ages, but the art of “policy management” as a business practice is relatively new. In large part the prevailing understanding of policy management solutions available today has been shaped by solution vendors. Unfortunately, many vendors limit the scope of policy management to the challenges their solutions can favorably address. In so doing they ignore important aspects of policy management.

A simple vendor definition of policy management might sound something like this:

“Policy management is all the practices associated with managing your organization’s policies from draft to implementation, including the collaboration, communication, storage, and documentation at key stages of the life cycle.”

Policy management 
redefined applies the 
lens of the visionary, the
practitioner, and the 
strategist at the same time:

“Policy management is the art of enabling and empowering your organization to achieve its strategic vision by implementing safeguards that facilitate day-to-day operations by preventing, detecting, and responding to risks.”

Later in this guide, you will learn about how a vision statement or declaration document helps lay the groundwork for policy creation (see Section 2.2: Laying the Groundwork for Policy Development).

Modern policy management takes into account the elevated purpose of policies and the critical role they play in protecting an organization. Effective policy management—with strong, well-managed policies integrated across the business—sets forth standards for individual and business conduct that result in improved performance and enhanced corporate culture

Once transformed, your policy practice will fulfill multiple functions:

  • Communicate your 
    company’s vision, mission,
    and strategic plan
  • Articulate
    and build the
    desired culture
  • Drive standards
    for individual
    and business conduct
  • Shape, guide, optimize,
    and protect performance
    at every level
  • Help ensure
  • Minimize risk
    by reducing litigation
    and liability

Ultimately, organizational leaders have a responsibility—legal, financial, and ethical—to make policy management a priority. But to get there—to transform your policy management practices— there are several key steps:

  • Assembling a team
    and assigning key roles and
  • Laying the
    groundwork for
    policy development
  • Learning how
    to write
    effective policies
  • Managing policies
    throughout the
    life cycle
  • Assessing
    your current
  • Comparing
    alternatives for
  • Determining
    a course of action
    and implementing it
Statue Statue Statue Statue Statue Statue Statue

(loading... 0%)