Time is Money: People and Policy Management Best Practice

The profile of policy management has grown significantly in 2020 and 2021. Companies have adapted to new ways of working, and this is unlikely to change significantly in the near-term at least, as people mix homeworking, office-working, and shared-space working.

Firstly, there are the policy managers themselves. They have an unsung but critical role in the risk management of the business. Policy managers in the HR, IT, Security, or finance function, for example, have a crucial role in understanding the risk appetite of the business, the regulatory and legal obligations of the business, and how these are woven into “business as usual”.

They need to develop and align their policies with the overall direction of the business, synchronizing their efforts with other functions, often with their own conflicting needs. They also need to keep a weather eye on the regulatory or legal environment and anticipate how changes can impact their existing policies.

This is hard enough if one is a full-time policy analyst, but many policy managers have this responsibility as a minor part of their day job.  Normally, they might be recruiting staff, managing IT teams, compiling quarter-end finance reports, and much else.  If a policy must be reviewed every 3 months, and even if not actually updated, it still requires time and focus to refresh one’s understanding and to coordinate any issues with everyone else involved.

Any changes needed must be created, reviewed, and approved, all the while maintaining one’s other responsibilities. As well as being disruptive, this approach gives rise to errors or omissions creeping into a process that forms part of the first line of defence for the business.

Servicing management and end users

Another community whose needs are important are a company’s senior management, responsible for launching new products, developing new partnerships, handling mergers and acquisitions, or starting up new business units for example.  The responsibilities involved in these are incredibly significant and will touch multiple policies, many of which may be unfamiliar. Senior managers, and their reports will need to understand policies and procedures and ensure that all their staff are following them.

They must be able to access the current relevant policy, quickly and easily, and ideally be alerted should a key policy be updated. Again, this will be a small but significant aspect of their role and easy to overlook, but with significant implications should key details be missed.

The needs of end users also matter. Their roles will be diverse, but with a focus on delivery, with time and focus being at a premium. The time where they need to focus on policy management – both for education and assessment – needs to be kept to a minimum, while still assuring compliance. The process needs to be easy, smooth, perhaps even interesting. The last thing anyone wants is a low take-up or pass rate of a policy education and assessment module because it was too slow or clunky to use.

Addressing the need for a better policy management framework

For all groups, being able to use these capabilities in any location is vital, given the multiple locations people could be working from for any period.

Balancing the need for more effective policy management with the recognition that staff time is valuable is one of the drivers behind the recent launch of the Open Compliance and Ethics Group’s (OCEG) Policy Management Pro initiative. It has been designed to help company managers and policy management practitioners deliver policy management that meets the new elevated demands of the business. At its core is the Policy Management Capability Model that provides a practical framework to deliver efficient, effective, and streamlined policy management.