In order to achieve effectiveness, efficiency, and agility in policy management, organizations need to define a structured governance framework and process. Designing a mature policy management program and processes that align with the organization requires an understanding of what the organization is about, how it operates, and how it should be monitored and controlled. Policy management by design requires a structured approach in the context of how the organization operates. This is done by defining the right process, information, and technology architecture for policy management.
Policies must be in place so the organization can:
Reliably achieve objectives
Manage and control uncertainty
Safeguard the workplace
Protect the organization from unnecessary risk
Ensure consistent operations
Uphold ethical values
Address compliance obligations
Defend the organization should it land in turbulent legal and regulatory waters
However, effectively managing policies is easier said than done. Ad hoc or passive approaches mean that policies are outdated, scattered across the organization, and not consistent– resulting in confusion for recipients and a nightmare to manage. Organizations often lack a complete inventory of policies as so many departments have gone in different policy directions. Further, there is a significant concern about rogue policies as anyone can create a document and call it a policy that put a legal duty of care upon the organization.
The continual growth of regulatory requirements, complex business operations, and global expansion demands a well-thought-out and implemented approach to policy management. It is no longer enough to simply make policies available. Organizations need to guarantee receipt, affirmation, and understanding of policies across the organization. To consistently manage and communicate policies, organizations are turning toward defined processes and technologies to govern policies and implement an effective policy management lifecycle.
This workshop aims to provide a blueprint for attendees on effective policy management in a dynamic business, regulatory, and risk environment. Attendees will learn policy management governance and processes that can be applied across the organization at either an enterprise or a department level. Learning is done through lectures, collaboration with peers, and workshop tasks.
Objectives
Attendees will take back to their organization approaches to address:
Define a process lifecycle for managing policies
Establish policy ownership and accountability
Provide policy consistency in style and language
Communicate policies across extended business relationships
Track policy attestation
Deliver effective training
Monitor metrics to establish effectiveness
Identify issues with policies
Map policies to objectives, risks, controls, issues, and other GRC areas
Agenda
Part 1: Policy by Design
Why Policies Matter
Policies in Disarray: how organizations mismanage policies
Policy Exposure: how mismanaged policies expose the organization to risk
What Effective Policy Management Achieves: policy management’s role in governance, risk management, and compliance
Case Study in Effective Policy Management: a look at Morgan Stanley
Interactive Group Discussions
Part 2: Policy Governance
Blueprint for Effective Policy Management
Policy Committee & Collaboration: bringing together the range of policy roles and responsibilities in the organization
Policy Management Charter: defining a structure to govern policies
Meta Policy: the policy on writing policies
Style Guide: ensuring policies are written consistently to the organization’s voice
Interactive Group Exercise
Part 3: Policy Management Lifecycle
Managing Policies from Creation to Dissolution
When to Write a Policy: Framework to Determine Need for a Policy
Policy Development and Approval: Policy Authoring, Review, Editing, and Approval
Policy Communication: Policy Awareness, Communication, Training and Attestation
Policy Monitoring: Managing Exemptions, Exceptions, and Conformance to Policies
Policy Metrics & Maintenance: Measuring Policy Effectiveness and Keeping Policies Current
Interactive Group Exercise
Part 4: Policy Management Architecture
Enabling Information & Technology Management of Policies
Policy Management Information Architecture: Blueprint for Managing Policy Content and Related Data
Policy Management Technology Architecture: Blueprint for Enabling Policy Processes with Technology
Policy Management Business Case: Articulating the Value of Effective Policy Management
Interactive Group Discussion
Benefits to Attendees
Understand an effective lifecycle approach to policy management
Implement consistent policy management processes across the organization or within a department
Explore policy management processes and technology and how they apply to your organization
Discover various policy communication and monitoring techniques and how they apply to your business
Develop a policy management architecture that aligns with business operations and processes
Effectively communicate and gather attestation on policies across your organizations
Who Should Attend?
Chief Compliance Officers
Chief Risk Officers
Senior Managers in Compliance/Ethics
Legal
Policy Managers/Administrators
Individuals with policy management, approval or oversight responsibilities
GRC 20/20 Instructor
Michael Rasmussen
GRC 20/20 ResearchMichael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 27+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” – being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.
Workshop Host & Sponsor
ClauseMatch is a regulatory technology company that enables financial institutions to streamline regulatory change management through effective organization of internal policies, standards, procedures, and controls. ClauseMatch brings unprecedented productivity for Compliance, Legal, Finance, Operations, and Risk teams saving millions in terms of time and resources, while significantly reducing risk and providing accountability. Institutions benefit from better enterprise governance and proactive regulatory risk mitigation through a 360 degree live view into its current state of compliance with regulatory obligations, further enabling streamlining impact assessment and implementation of existing and future regulations.LogicGate is a team of pragmatic technologists with a mission to empower organizations to solve complex problems related to regulatory pressures, risks, or compliance requirements. Their technology empowers subject matter experts and business process owners to become self-service and build configurable solutions that connect people, processes, and data.