In March 2020, the business world changed as the pandemic closed businesses and sent everyone home to work. Companies that were used to having everyone work in the office now had to address the restrictions, requirements, and best practices of working from home.
Many organizations had no idea how to deal with this new reality and were forced to come up with some new rules and regulations for their employees to follow. They scrambled fast to figure out what they could allow and not allow.
But the companies that had developed a work from home policy already were ahead of the game. Even if they had only allowed a few employees to work from home or work remotely, they were able to expand the scope of those policies because they had laid the groundwork for remote work.
The other organizations devised policies, often on the fly, that allowed people to log into the network, take work equipment home, set different work schedules, establish rules and best practices for Zoom meetings, and so on. There was a lot of trial and error because everyone, even between different departments, had their own ideas about what they would and would not allow.
Imagine (or remember!) the chaos that followed in those early days of the pandemic. It was rather stressful for employees to get their work done while still navigating the dos and don'ts of the new normal.
That's what it's like for companies that don't have an effective policy management practice right now. (We managed to land this metaphor eventually.)
Even after the pandemic, there are companies that don't practice centralized policy management. Different departments have different policies, and no one is sure who is actually in charge of what's allowed and what's not. It's a bit chaotic, to say the least.
For example, HR sends out a policy memo about computer password security, but should they? Do they get to dictate that policy? And what happens if the folks in IT think they know better and follow their own practices, or worse, send out a conflicting policy that contradicts what HR sent?
Organizations of a certain size need policies and procedures in order to operate effectively. While small businesses can operate under a small set of practices, large organizations, especially those in highly-regulated industries, need policies to not only operate but to avoid violating certain laws and best practices.
In this article, we'll look at what policy management is, why it's important, how to manage it, and what are the consequences of poor policy management.
Policy management is the process (and art) of creating, implementing, updating, and maintaining an organization's policies and procedures.
Organizations that don't have a centralized policy management process will often let different departments send out their own policies in different formats and different levels of importance. The IT department may send out a policy on password creation or network security, and finance may send out a policy about mileage reimbursement or filling out expense reports, but they're written differently, formatted differently, and updated inconsistently. Plus, there are questions of who enforces those policies and how much power the departments actually have to do so.
This can lead to a lot of confusion and uncertainty, like in our example above. By establishing a centralized policy management practice, you can bring this chaos under control, standardize your policy format, streamline the creation process, and gather all policies under one update schedule.
And by choosing a single policy management software platform, you can even bring all the information and notes into a single centralized location as well. No more burying everyone in memos, spreadsheets, and emails to share policies. Place them all in a single platform, and notify people by email about updates.
Read this article to learn more about what policy management is and why it matters.
Your organization may be too big, the distance between policymakers and your staff too great, for policymakers to make much of a direct impact.
Policies are written, passed down from manager to manager to employee. That critical new policy or update can get lost in the shuffle, especially if it’s not coming from a centralized location or a single person. Basically, if your policy manual is not being created with a single voice, you may have a problem.
This is why policy management in the 21st century is critical. It’s your plan for distributing information simultaneously and efficiently. More importantly, it ensures that policy communication and implementation are in sync and centralized in one location. Discover 13 ways to fix poor communication in the workplace.
It only takes one incident, one mistake, one error in judgment to ruin your organization’s reputation and erode trust. The right policy management system lets you be proactive in preventing problems, as well as giving you concrete processes to resolve the situation quickly and professionally.
Keep learning about the importance of policy management here.
There are a few examples of poor policy management:
There are a few consequences that can happen if you have poor policy management.
For example, you could have conflicting copies of a policy, or you could be operating off outdated information. For a law enforcement organization or a healthcare organization, this could result in officers and healthcare providers acting on bad information or providing improper care. That ultimately endangers the public.
Inconsistent policies also make it hard for your employees to meet the expectations of their managers and executive leadership. That can also erode the community trust for those public-facing organizations, which not only makes everyone's jobs harder but puts your frontline employees and your entire organization at risk for a variety of penalties, fines, and lawsuits.
Poor policy management can also mean employees aren't aware of certain policies because they either weren't required to read and acknowledge them, or no one made a real effort to get an employee's signature on those policies.
This could have disastrous effects elsewhere. For example, imagine if a bank employee allowed a customer to withdraw $250,000 from their account without the account co-owner's permission . This has certainly happened, and while the employee may say they weren't aware of the policy, the bank is still legally on the hook for $250,000 and more, not to mention any additional compliance fines and penalties.
Poor policy management could also have negative repercussions on morale and employee productivity, as employees are held to different standards, they are selectively enforced, and different people are on the receiving end of different disciplinary actions.
Policy management is a fairly simple process, at least in theory. It can be a long, arduous process when you start writing, compiling, and reviewing the different policies. But the process for managing those policies is rather simple.
You need to have someone who oversees your entire policy management program, someone to coordinate all the different policies, ensure the proper procedures and formats are being followed, and even that the appropriate executives and managers have signed off on new policies.
But they shouldn't work alone or in a vacuum. Create a policy committee of experts and stakeholders to handle all the writing, research, interviewing, measuring, and revising.
There will be a lot of confusion if your policies aren't consistent in formatting, style, voice, and disciplinary processes. Your committee will be the best resource for creating the policy format. Then, if departments want to submit their own policies, they have a standardized format they can follow. But the final say about the policies should fall to the policy committee.
Your policies and procedures are easier to find and follow if they're stored in one easy-to-access location. A policy management software platform is usually your best bet. If you have the right platform, your manual is accessible from any kind of device or operating system; the policies are easy to edit and update; and you can track signatures and even automate reminders to stakeholders who need to review policies.
A few things make your policy management program go as smoothly as possible, beyond just the above three steps. Here are a few best practices we've recommended to our customers over the years.
Keep learning about policy management best practices, particularly as it relates to governance, risk, and compliance (GRC).
Is your organization accredited or seeking accreditation? If so, your compliance processes will tie directly into your policy management.
Proving compliance to accreditation standards is complex and time-consuming. It involves mapping your policies, procedures, training, and more to standards as evidence that those requirements are sufficiently met.
For healthcare organizations, the process is even more challenging, as you have to maintain everyday survey readiness. Assessors from your accrediting body can show up unannounced and survey staff on policies and procedures. Which means staff need to be trained, held accountable, and certified at all times.
With all that's required, how can you manage your policies and maintain compliance without overburdening current staff or hiring additional employees?
Policy management software can help. The right solution equips organizations across industries to save time and money by connecting their policies, training, and accreditation processes.
Some solutions, like PowerDMS, even publish state, national, and international standards manuals on their platform, making it easy to digitally connect policies to those requirements.
Effective policy management will play an important role in the success of your organization. It sets performance standards, protects your employees, and can save you from lawsuits and fines.
If you can create an effective policy management team, hire a policy coordinator, and centralize your policy and procedure manual, you'll be able to create a policies and procedures manual that can guide your organization to greater success.