20 Questions to Ask when Prioritizing Your Policy Development Efforts

David Banks headshot 2

Having too many policies can burden your organization, but having too few exposes it to unnecessary risk. That means we need to prioritize which policies we will develop (or revise) first. As a rule of thumb, policies are necessary when they define organizational values or mandates, address regulatory obligations or manage potential risk or liability.

Consider the following questions as you prioritize your policy development efforts. Use this list to select the order in which you tackle policy creation or updates, or to identify policies that can be consolidated or eliminated altogether.

Questions Originally Appeared in The Definitive Guide to Policy Management

20 Questions to Prioritizing Policy Development

  1. Does the document communicate executive direction such as vision, mission, values or objectives?
     
  2. How critical is the document to achieving your vision, mission, values and goals?
     
  3. How integral is the policy to the success, support and enablement of daily operations?
     
  4. How urgent is the need for written directions on this particular subject?
     
  5. How unclear or complex is this issue to the average employee?
     
  6. How often will employees refer to the document?
     
  7. Is the policy integral to establishing or shaping your culture?
     
  8. How many employees are affected by the policy?
     
  9. What are the potential consequences of not having the policy or of its being outdated?
     
  10. Is this policy critical to workplace health or safety?
     
  11. Could the lack of this policy result in harm to people?
     
  12. Could the lack of this policy halt or slow operations?
     
  13. Is the policy required or recommended by local, state or federal law?
     
  14. Have recent events necessitated changes to or the creation of a policy?
     
  15. Is the policy required for regulatory compliance?
     
  16. Is the policy required for a certification audit?
     
  17. How probable or likely is an incident or violation of this nature to occur?
     
  18. How serious would the ramifications be if an incident arose and no policy existed or a policy was outdated?
     
  19. Would the policy resolve existing challenges?
     
  20. Might the lack of the policy lead to reputational damage or misrepresentation by an employee?

Document, Document, Document

Policy development is part of your organization’s overarching policy management process. This process includes managing your organization’s policies or procedures throughout all stages of the policy life cycle, such as drafting, editing, approving, updating, distributing, gaining employee attestation and maintaining an auditable database of records. So this process should be documented, and documented well.

Download the Full Guide: Definitive Guide to Policy Management


Chat with a solutions expert to learn how you can take your compliance program to the next level of maturity.


Permissive Cultures Make Training a Scapegoat rather than a Competitive Advantage

For workplace training to generate its greatest ROI, it has to be built upon a foundation of culture of ethics and respect. When this foundation is laid and stable, high-quality training becomes an agent of change. When that foundation is missing, training becomes a Band-Aid on a much larger wound. Let’s discuss.

Previous/Next Article Chevron Icon of a previous/next arrow. Previous Post

Real Answers to Common Questions on Cybersecurity

Cybersecurity is not a new risk concern for organizations; however, there are a number of new cybersecurity threats that are surfacing as well as a number of old threats manifesting themselves in new ways. Take a look at some of the top questions being asked by compliance professionals, and hear answers that will help you create a cross-functional approach to defend against enterprise-wide risk.

Next Post Previous/Next Article Chevron Icon of a previous/next arrow.

Comments