Time is Money: People and Policy Management Best Practice
The profile of policy management has grown significantly in 2020 and 2021. Companies have adapted to new ways of working, and this is unlikely to change significantly in the near-term at least, as people mix homeworking, office-working, and shared-space working.
This hybrid model in underpinned by technology – Zoom accounts, SaaS-based applications, secure VPN for example. It is also underpinned by effective policy management, as staff must observe corporate standards, covering IT, Security, Health & Safety, or HR for example, everywhere they work.
For hybrid working to be sustainable, staff and management need to be aware of, and demonstrate their awareness of, the obligations and responsibilities they each have, legally and contractually. Any failure to recognize this fully can lead to issues in policy management that will cost time, money, reputation, and potentially harm valuable business relationships.
Part of our Becoming a Policy Management Pro series
In fairness, from the conversations we have had with industry practitioners, companies understand the need to raise their policy management game in supporting hybrid working.
A key success factor
From these conversations, a key critical success factor is changing people’s attitude to policy management, away from it being a necessary inconvenience and towards it being a key enabler for a flexible working model. This typically involves a blend of education and using technology capabilities that meet the needs of the business and a range of users and their different needs.
Firstly, there are the policy managers themselves. They have an unsung but critical role in the risk management of the business. Policy managers in the HR, IT, Security, or finance function, for example, have a crucial role in understanding the risk appetite of the business, the regulatory and legal obligations of the business, and how these are woven into “business as usual”.
They need to develop and align their policies with the overall direction of the business, synchronizing their efforts with other functions, often with their own conflicting needs. They also need to keep a weather eye on the regulatory or legal environment and anticipate how changes can impact their existing policies.
This is hard enough if one is a full-time policy analyst, but many policy managers have this responsibility as a minor part of their day job. Normally, they might be recruiting staff, managing IT teams, compiling quarter-end finance reports, and much else. If a policy must be reviewed every 3 months, and even if not actually updated, it still requires time and focus to refresh one’s understanding and to coordinate any issues with everyone else involved.
Any changes needed must be created, reviewed, and approved, all the while maintaining one’s other responsibilities. As well as being disruptive, this approach gives rise to errors or omissions creeping into a process that forms part of the first line of defence for the business.
Servicing management and end users
Another community whose needs are important are a company’s senior management, responsible for launching new products, developing new partnerships, handling mergers and acquisitions, or starting up new business units for example. The responsibilities involved in these are incredibly significant and will touch multiple policies, many of which may be unfamiliar. Senior managers, and their reports will need to understand policies and procedures and ensure that all their staff are following them.
They must be able to access the current relevant policy, quickly and easily, and ideally be alerted should a key policy be updated. Again, this will be a small but significant aspect of their role and easy to overlook, but with significant implications should key details be missed.
The needs of end users also matter. Their roles will be diverse, but with a focus on delivery, with time and focus being at a premium. The time where they need to focus on policy management – both for education and assessment – needs to be kept to a minimum, while still assuring compliance. The process needs to be easy, smooth, perhaps even interesting. The last thing anyone wants is a low take-up or pass rate of a policy education and assessment module because it was too slow or clunky to use.
Addressing the need for a better policy management framework
For all groups, being able to use these capabilities in any location is vital, given the multiple locations people could be working from for any period.
Balancing the need for more effective policy management with the recognition that staff time is valuable is one of the drivers behind the recent launch of the Open Compliance and Ethics Group’s (OCEG) Policy Management Pro initiative. It has been designed to help company managers and policy management practitioners deliver policy management that meets the new elevated demands of the business. At its core is the Policy Management Capability Model that provides a practical framework to deliver efficient, effective, and streamlined policy management.
Mitratech has been working with OCEG to bring practical expertise to fully realize the value of its policy management model, helping professionals to become Policy Management Pros. Mitratech provides policy management capabilities that meet the complex needs of end users: centralised policy libraries, automated policy document creation and approval workflows, as well as easy to use education and assessment toolsets.
Automated reporting capabilities provide the Board and senior management with the confidence that their staff understand and follow the policy requirements of a hybrid working model in the business. Click here to learn how we use technology to deliver an effective compliance program.
Our solutions are proven, robust and functionally rich, and are used by some of the most demanding companies in the world. Quick to deploy and with quick time to value, they are designed to meet the needs of a business committed to providing a hybrid working model for its staff. Click here to learn more.