3 Key Findings from the Policy Management by Design Workshop
Policy management is a crucial component of a larger corporate governance, risk management, and compliance (GRC) program. Adherence to external regulations and instilling employee accountability starts with well-established organizational policies and procedures.
In GRC 20/20’s recent workshop Policy Management by Design (Workiva hosted). Attendees from across industries came together to learn about policy management best practices and how they can be implemented to modernize compliance programs.
Here are three of the top takeaways from the Policy Management by Design Workshop.
1. Policy management affects organizations of all sizes
The challenges of managing policies and procedures were common across all attendees—impacting large and small, public and private companies alike. Attendees shared several concerns for internal compliance, including:
Updating policies is a reactive process rather than proactive, meaning policies are often outdated
Searching for policies is difficult without a cross-organizational master index
Ownership and enforcement is insufficient
Version control is not available and understanding what changed in the event of an audit is problematic
Visibility into how policies link to other internal control frameworks is limited
Measurement of policy effectiveness is inadequate or unavailable
2. Policy management can be like a “choose your own adventure”
A key part of the discussion revolved around how the creation, review, and update of policies is like a “choose your own adventure,” as no two programs are alike, even within the same company. Departments see varying levels of stakeholder commitment and uncoordinated use of policy management tools. Many in the room agreed: there is a need for standardization in order to create a clear path from point A to B.
3. Consistency, consistency, consistency
Many attendees cited the challenges of policies that are managed by multiple departments. Everyone has their own way of doing things, which means the way an employee code of conduct is written, accessed, and enforced may be very different than a non-disclosure agreement (NDA). A united approach keeps everyone on the same page and should include:
Consistent user experience (UX): The number one criteria attendees want in policy management software is ease of use. How can leaders expect to engage employees if the tools they are given are disconnected, clunky, or require a steep learning curve?
Consistent policies: Intent, messaging, and enforcement among policies must match. Conflicting messages between policies weakens buy-in and generates mistrust across the organization.
Consistent governance: Leaders must be able to track issues or incidents back to policies in order to ensure the proper level of training. Selecting when and what to enforce is ineffective.
What should you look for in a policy management technology?
Evaluating policy management options can be daunting. Rasmussen suggested looking solutions which are proven to streamline the process of policy drafting, document management, and distribution across the team.
Rasmussen recommended comparing the following criteria when selecting a policy management solution:
Ease of use and intuitiveness
Defensible system of record with a precise, electronic record of who changed what policy, how, and when
Access to a master index of all policies
Ability to cross-reference linking to other policies
Ability to link policy information across documents, spreadsheets, and presentations
Tools for policy review and attestation workflow and tasking
Continuing the conversation on governance, risk, and compliance
The Policy Management by Design Workshop enabled participants to learn from experts, share ideas, and network with peers on best practices for company policies. Attendees came away from the event with a number of new strategies for strengthening policy management in their own workplaces.
This post was originally published by Workiva.