Policies matter, and policy management matters. Period.
Policies are critical governance documents for every organization. They set guardrails and parameters of acceptable and unacceptable behavior for individuals, processes, and transactions. When they are managed and enforced properly, policies guide and define corporate culture.
So, why do organizations approach and manage policies so carelessly?
Policies set a duty of care for the organization, and the wrong or mismanaged policy could expose the entire operation to liability and risk. But, I find that most organizations do not even know what policies they have in place.
Why policies are critical to GRC
Since policies are critical governance documents of the organization, they require structured management and monitoring. They simply cannot be approached haphazardly, as many organizations do.
Changes to risks and regulations, as well as constant modifications to internal business environments, can quickly make policies out of date, misaligned, and irrelevant to the organization.
As defined by OCEG, GRC is “the integrated collection of capabilities that enable an organization to reliably achieve objectives, address uncertainty and act with integrity.” Dissecting this definition hints at the importance of policies in the context of GRC:
- Policies enable . . .
[this is a guest blog authored by Michael Rasmussen of GRC 20/20 that can be found at Workiva site, follow the link below to read more]