In the time it takes you to read this article your business has changed. The economic environment has changed, your employees have changed, and there are constant changes to technology, competition, and processes. Business drifts in a sea of change. One particular area of change that bears down on the organization is the siege of changing laws, regulations, and enforcement actions.

When regulatory change management is an ad hoc process with little to no documentation, accountability, and task management, there is no possibility to be intelligent about regulatory risk that impacts your business. The typical organization does not have adequate processes in place to monitor regulatory change, determine impact on business processes, prioritize, and make changes to policies. Information itself is not enough—organizations are overwhelmed by data through legal and regulatory newsletters, Websites, e-mails, and content aggregators. In fact, the vast amount of information is part of the problem. It is not uncommon to have a myriad of subject matter experts doing ad hoc monitoring of legal and regulatory change and sending e-mails with little or no follow- up, accountability, or impact analysis.

The organization needs a defined regulatory change management process—to assimilate the intake of relevant information, track accountability on who needs to perform what actions, model the potential impact on the organization, establish priorities, and determine if the organization’s policies, procedures, and controls need to be adjusted to address the change. The process must require a joint accountability and collaboration effort between legal, compliance, and the business.

Building a regulatory intelligence strategy requires the implementation of a process model that monitors regulatory change, measures impact on the business, while implementing appropriate policy, training, and control updates.

Regulatory change management processes include the following components . . .


This is the second part of a six part series (once a month) on the topic of Effective Policy Management and the Policy Management Lifecycle.  To access the second installment please click on the following link:  Tracking Change that Impacts Policy

There is an associated webinar with this article as well as the rest of the six articles in the series.  You can access the registration for the webinars at the links below:
Archived webinars in the series:
Additionally, I have am the chair the Policy Management Council at OCEG.  OCEG is a non-profit organization with over 30,000 members aimed at helping companies reliably achieving objectives while addressing uncertainty and acting with integrity.  You can see how policy management is critical to this mission.  We already have over 30 large enterprise organizations on the Policy Management Council.  The goal is to develop and maintain the OCEG Policy Management Guide to be the defining framework for managing policies within organizations.  Once the first version is published later this year we will be working on a policy management certification for the role of the internal policy manager within organizations to help establish and define this critical role.  Other projects are to build templates for a style guide, policy documents, and other related items.  The OCEG Policy Management Council is open to internal policy manager roles within organizations with a premium individual OCEG membership.  Professional service firms, technology vendors, and others that offer services and content around policies can join but it requires the organization to be a GRC Solutions Council member of OCEG (please email me if interested in the GRC Solutions Council membership).

I look forward to hearing your comments and thoughs on Tracking Change that Impacts Policy . . .

P.S. – There are some complimentary seats available to my Effective Policy Management Workshop next week in Boston.  These are ONLY available to internal managers of policies within a corporation.  I typically charge $500 for this workshop – but a sponsor, HITEC,  has covered the costs to allow me to offer this for free this time to those who write and manage policies for their organization. Please register.

Leave a Reply

Your email address will not be published. Required fields are marked *