Controlling Risk With Effective Policy Management

Poor Policy Management leads to inconsistent, out-of-date documents that may not align with business objectives or corporate and regulatory standards.|Poor Policy Management leads to inconsistent, out-of-date documents that may not align with business objectives or corporate and regulatory standards.

July 8, 2021
Controlling Risk With Effective Policy Management

The Importance of Policies and Procedures

Policies and procedures serve as the foundation of any business. They outline key processes, communicate expectations, reinforce organisational culture, and ensure compliance. They also act to protect employers during unfair dismissal claims, health and safety prosecutions, or liability claims. To that end, effective Policy Management plays a critical role in an organisation’s governance, risk, and compliance strategy (GRC).

What is Policy Management?

Policy Management is the business process of creating, communicating, and maintaining policies and procedures within an organisation. And it’s important to get right. Poor Policy Management leads to inconsistent, out-of-date documents that may not align with business objectives or corporate and regulatory standards.

Policy vs Procedure

A policy is considered a guiding principle that sets the direction of an organisation. A procedure is a specific set of steps followed in a consistent manner to achieve a result. They are often grouped as one because they act together to provide organisational direction and consistency.

The Policy Lifecycle: Create – Communicate – Manage – Maintain

In order to improve efficiency and reduce risk, a business must tend to all stages of the Policy Lifecycle. The Policy Lifecycle provides the framework for best-practice Policy Management, and outlines the various stages a policy will move through as it evolves from a business need, to an archived record.

Create

The creation phase is where the policy or procedure is built, making it the most time consuming and resource intensive phase of the Policy Lifecycle.

Need
The first step in the creation phase is to establish the business need for a policy or procedure. There are many reasons an organisation might decide a policy or procedure is required. To meet regulatory requirements, to protect an organisation legally, to establish work standards, and to clarify behavioural expectations are just a few examples.

Mature organisations will have a proactive process that identifies when a policy should be created.

Writing
A key aspect of the policy writing phase is consultation. Employees from a cross-section of relevant departments should have input into the policy where appropriate. Not only can workers offer valuable insight into the development process, they are more likely to adopt the policy if they are involved in its creation.

In order to keep polices and procedures clear and easy to understand, they should be succinct and written in plain English. Refer to existing organisational policies to maintain consistent style, format, and language.

Approval
Draft policies need to be circulated to all stakeholders for review and feedback. This should include stakeholders from all departments that will be affected by the policy. Any feedback or comment should be documented and further edits to the policy considered. Draft policies may undergo several edits as they move through the approval process.

Communicate

Now that the policy is finalised and ready for adoption, it enters the Communication phase. And while communication can take on a number of forms, it is vital that policies are effectively communicated to employees, otherwise an organisation may open itself up to risk.

Publication
Most organisations have moved on from physically printing and storing their policies and procedures. Not only is it expensive, but it also complicates the process when policies go out-of-date and need updating. Employees shouldn’t have any doubts about where to go to find the latest version of a policy or procedure. Organisations should provide a centralised location that acts as a single source of truth.

Training
Depending on the complexity of the policy, or its importance, it may require formal worker training. Training should include explaining to workers why the policy was created, what purpose it serves, and how it will be enforced.

A key aspect of Policy Training is testing for understanding. Organisations must demonstrate that their workforce understands the policies that govern them, and what it expected of them on a day-to-day basis. If formal training is required, organisations should implement a thorough Policy Training program that consists of engaging course content.

Regardless of whether an employee needs formal training on a policy, or whether they simply need to ready it and understand it, organisations must have a system in place that records Policy Acknowledgement. Policy Acknowledgement provides documented proof that an employee read and understood what was expected of them.

Manage

A policy can quickly become ineffective if it isn’t managed on an ongoing basis. The policy is there to provide stability in decision making and should be enforced consistently and predictably. Relevant department heads and supervisors need to constantly monitor for compliance and make decisions uniformly.

A key part of the Management phase is documenting instances of non-compliance. Policy violations (or policy exceptions) must be accurately recorded so as to provide valuable feedback when the policy is next reviewed.

Maintain

It’s important that policies and procedures don’t become stagnant reference documents. They should be treated at dynamic documents that are maintained and adapted as an organisation grows, or circumstances change.

Review
To than end, every organisational policy should undergo regular review. This should be done at least annually, however specific circumstances may require more frequent reviews. The review process should involve considering the incidents of non-compliance that were documented in the Management phase. It is here that organisations must decide whether the policy needs to re-enter the Creation phase, or whether it gets approved for another cycle.

Archival
The proper archiving of policies and procedures is vital in order to protect an organisation in the case of an incident, or questions from a regulator. Every version of a policy, along with a complete view of workflow history, needs to be stored in a secure location that can be easily accessed.

Using myosh for Policy Management

Once you understand the Policy Lifecycle, and the role it plays in mitigating risk, the inefficiencies of using a manual system to manage this process become glaringly obvious. Under a manual system, it’s easy for policies to go unseen, delays to occur, and audit trails to be lost.

myosh allows your organisation to centrally manage the entire Policy Lifecycle, and automate many of the key processes. Not only does it maintain all your documents in a centralised and secure online platform, but it can also manage other aspects of the policy lifecycle, such as approvals, annual reviews, policy acknowledgement, and training.

Key Benefits

Maintain a Centralised Platform for Document Management

Provide a single source of truth by keeping all policies and procedures in a central location. Staff can quickly access these documents online from any device.

  • Full control over access privileges based on user hierarchy.
  • Save time by automating key processes in the Policy Lifecycle. Automatically send or receive notifications when policies are updated or due for review. Assign responsibility and actions.
  • Share policies via QR codes or links
  • The system provides documented evidence of policy workflow and version history.

Use Online Learning for Policy Understanding and Acceptance

  • Policy Acknowledgement can be recorded as evidence that policy versions were sighted and understood and accepted.
  • Create engaging courses that communicate policies effectively.
  • Quickly build your own professional courses with embedded video, text, images, HTML, and questions.
  • Separate long boring policies into short engaging paragraphs and use images and videos to boost understanding. Add frequent questions between content to ensure understanding.
  • Finally, request policy acknowledgement and acceptance. Notify key stakeholders and issue automatic certificates if required.

Integrate Policy Acceptance with Your Training Records

  • Use Training Management to quickly identify employees’ training needs, plan the required training, send the necessary reminders, and finally have all employees training records readily on hand.
  • Integrate with Online Learning for automatic record updates for training and policy acceptance.

Use A Compliance Register

  • Identify, Track and Demonstrate Compliance with Codes, Standards and Regulations.
  • Reference compliance types, Assign responsibility, actions and review dates.
  • Identify penalties, financial implications and conformance history.
  • Record instances of non-compliance for feedback during the review process.

myosh Critical Control Management (CCM)

A Configuration Case Study with Mitchell Services

Discover how Smart Inspections™ and the Rules Engine are used to manage Critical Control Effectiveness, status, and reporting.

Learn more


Editor
Relevant Categories
myosh
Share this article

HSEQ modules

Error loading items

Latest articles

Fight the flu this season with hot desk hygiene

NHVR shines the light on safety during National Road Safety Week: 187 lives lost in heavy vehicle accidents last year

Gin and whisky distilleries are on the rocks after fatal explosion with upcoming safety audits across South Australia

The transformative potential of AI: A new frontier of possibilities for enhancing workplace safety

View all articles

Related articles

VIC - Construction Workers Seriously Injured in Spate of Falls

Are You At Risk of Noise-Induced Hearing Loss?

TAS - New Code of Practice Released for Agricultural and Horticultural Industries

Workplace Violence Report Looks at 27 Years of Data