Organizations often lack an auditable means of policy communication, attestation and training. There are various processes and approaches to tracking policy attestation and certification (making sure policy documents are read and understood), and corresponding quizzing and training. The organization must provide full visibility into who accessed a policy, accepted it, was trained on it, and passed or failed quizzes to gauge understanding — all things that provide the organization with a stronger defensible situation with regulators and in legal actions.
Organizations that approach policy without clear accountability face significant risk to their business. This accountability applies to policy owners for their ongoing review and maintenance of policy, the process of granting exceptions, monitoring incidents and violations of policies and extends to policy governance to track reading, acceptance, and training on an individual basis.
When the organization is under a microscope, having a detailed trail of what policy was in effect, how it was communicated, who read it, who was trained on it, who attested to it, what exceptions were granted, what other incidents violated the policies all provide grounds for defending the organization. An ad hoc “dust in the wind” approach to policy management may expose the organization to significant liability. This liability is further exacerbated by the fact that today’s compliance programs affect every person involved in supporting the business both internally, and for third parties. If policies look different, use words with different meanings, are located in different places and don’t offer a mechanism to gain clarity (e.g., a policy helpline), organizations are not positioned to drive desired behaviors or enforce accountability which aid in improving performance, producing predicable outcomes, mitigate compliance risk, and avoid incidents and loss.
Most organizations fail to manage the lifecycle of policy, resulting in policies that are out-of-date, ineffective, and not aligned to business needs. It opens the doors of liability, as an organization may be held accountable for policy in place that is not appropriate or properly enforced. Organizations require a consistent process to develop, communicate, monitor, and maintain corporate policy and procedures. This requires collaboration across business roles with clear accountability throughout the process.
- A well designed Policy Lifecycle Management process.
- An organized Policy Management Committee to govern the oversight and guidance of policies and ensure policy collaboration across the enterprise.
- An individual assigned to the role of Policy Manager to assure accountability across the policy lifecycle to the standards, style, and process defined by the Policy Management Committee.
Policy Lifecycle Management is the process of managing and maintaining policies throughout their effective use within the organization. It involves defined stages of monitoring business change for policy development, communication, and maintenance. Implementation of Policy Lifecycle Management requires a technology architecture that is rich in content management, workflow management, process management, task management, notifications, and has a robust accountability audit trail. The lifecycle is defined in five primary stages: Environment Change, Policy Development, Policy Communication, Policy Management, and Policy Maintenance.
The Policy Management Committee provides the structure and connective tissue to coordinate and drive consistency across the organization and is comprised of team members that represent the best interest and expertise of the different parts of the organization. They leverage the knowledge, charter and the authority of the committee to benefit their business areas and, at the same time, benefit other business areas and the organization as a whole.
Policy lifecycle management that addresses accountability brings integrity and value to policy management. It provides accountability to policy management processes that are often scattered across the organization. It enables policy management to work in harmony across organization functions delivering efficiency, effectiveness, and agility. In today’s environment, ignoring a accountability in policy management means processes, partners, employees, and systems that behave like leaves blowing in the wind. Policy management processes are constantly in disarray when operating autonomously, introducing risk in today’s complex, dynamic, and distributed business environment. Organizations require an enterprise view of policy accountability and collaboration that not only brings together silos, but integrates them into a common policy-management process.