COVID-19 is not the only pandemic; it has sprung a chain of pandemics and increased risk exposure in areas. One such pandemic plaguing organizations in response to COVID-19 is the abysmal state of policy management in many organizations. The pandemic of poor policy management related to COVID-19 is now entering its second wave impacting organizations,
The first wave of the policy management pandemic coincided with the beginning of lockdowns back in March 2020 in response to COVID-19. As organizations addressed the COVID-19 virus, they found out they had serious issues with policy management at a critical time. Policies were changing (e.g., work from home policies, home office expense policies). Staff was being laid off, so those who remained had more responsibilities and had to be aware of more policies that impact processes they were not responsible for before. There were increased risks that required reminding employees of policies (e.g., fraud, bribery, corruption, information security, privacy). It was then that organizations found that they had policies scattered on different systems, templates, and with varying writing styles. One organization told me they found out they had over 20 different policy portals. At a time of crisis, it was essential to maintain a strong culture of control and engage employees on policies . . . organizations needed one singular policy portal. As a result, there was a boom in enterprise policy management projects.
Now we are facing a second wave of a policy management pandemic tied to COVID-19 that is driving even more organizations to formalize enterprise policy management processes and provide a singular portal for employees to access policies. This is the pandemic of rogue policies.
The issue is addressing the significant legal liability and exposure that rogue policies bring to the organization and their negative impact on culture, consistency, and integrity; as organizations come out of a crisis, they are thoughtfully addressing back to work policies, policies on the use of personal protective equipment, and even vaccine policies. However, various levels of management think they are a little smarter than the rest of the organization. Some might believe the virus is a hoax and scrapping the corporate policies that have been developed for their teams. Others might think the organization is too relaxed and writing policies that require vaccines of their staff and could be crossing lines of employment labor law issues in some jurisdictions.
In an era where everyone has access to a word processor, the organization must control policies. They do this by providing a singular portal into all policies where official policies are found in a company-defined and branded template, indexed and numbered, and written in a consistent writing style. All official policies should be available on a singular policy portal. To combat rogue policies requires that employees know how to decipher what is an officially approved policy and report anything they are communicated as a policy that is not.
Like 14 months back, I see many organizations define and structure their enterprise policy management programs to address rogue policies and again renew effort to provide a singular portal into all company policies across Human Resources, finance/accounting, legal, corporate compliance security, and more. Where are you at with your enterprise policy management strategy?