NAVEX Global recently hosted a three-part webinar series on how to take a step-by-step approach to rethinking, implementing and overseeing your policy management life cycle.
Webinar attendees asked a number of valuable questions on topics ranging from global deployment of policies to getting management engaged in creating great policies. Here are ten of the most popular audience questions answered to help your organization's policy management program succeed.
1. How do you ensure/verify that your policies are effective, and that your stakeholders are engaging with them and learning what you want them to know?
To help ensure your policies are effective, consider the following approaches:
- Limit the use of legal language, writing clearly and at an appropriate reading level.
- Use pictures to help support the message of the policy.
- Link policies to corresponding procedures or other relevant documents.
- Link to one of NAVEX Global’s Burst Learning videos to help reinforce the focus of the policy.
- Require employees to complete a quiz after reviewing the policy.
2. Which department is typically responsible for managing policies, procedures and processes?
This is definitely dependent on the organizational culture, size and industry. In our experience, the departments that most commonly own this process (either individually or in shared ownership) are: compliance, risk, HR, quality, IS, administration, and performance improvement. Some organizations even have a “document control” department that just addresses this process. We recommend that your organization form a policy steering committee to oversee the process and bring departments together to drive decision processes around policies and procedures. As for a particular job title, that depends on your culture. An administrator can access any document in the system, even those that may be deemed sensitive, or needing security. Hence, whoever it is, they need to be someone who is trusted at the same level you would with an HR or accounting position.
3. What do you recommend as a standard frequency for reviewing policies?
The review period required can vary widely based on the type of policies and the extent to which changes may be driven by legislative or regulatory updates, which will sometimes require immediate action. But we would generally recommend annual review cycles, knowing that in many cases the policy will not need to change and you can simply move through the review process and update the “last reviewed” date.
4. Do you have any guidance/tips/best practice on HR Policy for organizations operating across multiple countries and regions?
Here is where technology can become your new best friend. Leading policy management software solutions can dynamically assign the right policies to the right people based on differences of geography, site activity and roles. Also ensure that your policy management software can provide the user with the policy and any surveys or quizzes in the language that they are most comfortable with, while still rolling up attestations and reporting to a single policy.
5. How do you handle policies in a global company—different countries have different laws and regulations. Can you have policies that cover the whole global company? How would you structure that?
This can be, but does not have to be, an extremely complex process—especially when you enter into the dynamics of sharing those documents and exceptions in other languages. NAVEX Global’s policy management software, PolicyTech, has developed a tool for handling this, called “Localization Workflow.” This tool takes this complex process and makes it very simple for global organizations to handle the distribution of policies on a global scale. (Contact us to request a demonstration of our Localization Workflow functionality.)
6. What are the trends in policies that enable a company to be ahead of the compliance and regulatory curve?
Taking the time to map regulatory standards to policies within the system seems to be a winning strategy for many of our customers. It allows the organization to watch for regulatory changes, and then easily pull up the documents that will be affected—sometimes even making the changes ahead of time and setting the documents to publish on the date that the change will take effect.
7. How does a code of conduct fit into a company's policy scheme?
A code of conduct is the foundational policy document of every company’s ethics and compliance program. It must serve many purposes:
- Clearly communicate expected behaviors for employees, and point the way to additional resources when situations are complex, difficult or sensitive.
- Reduce legal liability by addressing the company’s key ethics and compliance risks.
- Represent the company’s commitment to integrity to external constituents.
It is critical for the code to be written in clear, understandable language appropriate to the industry and employee demographics. It must be consistent with the company’s values, policies and culture, and with the laws in the jurisdictions where the company operates. And the code needs to be rolled out and communicated in a way that is effective and reasonable.
8. Can you suggest ways to get the very top management level(s) more interested in policies and the policy management process?
Helping leaders understand the ROI of strong policy management is critical. Not only from a cost perspective (which is huge), but also from a time perspective. Clearly lay out “what’s in it for them.” Even reducing their time in meetings reviewing and approving documents should be enticing enough to get them on board.
9. Can you explain the ISO 9000 standards in the context of policy management?
Here is a very simple ISO 9000 overview. ISO 9000 related standards require that all policies, processes, and procedures be controlled, so that there is no mistake as to whether or not a policy that an employee is accessing is the most current article. Hence, ISO 9000 would encourage methods such as watermarks showing the status of the document (in draft, in review, archived) be apparent on the document so employees will know whether they are looking at the current, vetted document or not. ISO 9000 also discourages printing out documents since they can become outdated, and thus lead to possible errors in product design, manufacturing or delivery. Each new version should also clearly state what version it is, and list what changes there are between the current version, and the previous version.
Finally, ISO 9000 requires clear documentation of any records demonstrating the quality of the deliverable, where those records will be stored, for how long, and how they will be disposed. There are many other requirements, but these are a few of the highlights as they relate to policy management practices.
10. Do all policies need to be approved by the board?
In typical organizations, no. The board would only review those policies that will introduce legal liability or regulatory risk to the organization, for which the board will have to be accountable.
The three part webinar series was based on our eBook, The Definitive Guide to Policy & Procedure Management. This is an informative and engaging tool that will help your company strengthen their compliance program and avoid litigation and penalties. Download your free copy today!