These days, it seems you can’t get through an average week without seeing another big-name company making news for some sort of misstep or breakdown in regards to ethics, governance, or compliance.
Not long ago I wrote a post where I gave three examples of companies (Uber, Facebook, and Wells Fargo) that have had some real challenges with brand reputation damage due to breakdowns in their GRC frameworks – within which best-practices-based policy and procedure management is a core foundational element.
The 6 stages of best-practices-based policy and procedure management
I intentionally added “best-practices-based” to policy and procedure management because it’s not enough to simply create a few policies and procedures, throw them in a network folder somewhere, and call it a day.
Best-practices-based policy and procedure management is an active and dynamic lifecycle with specific and intentional stages. These are the stages I’m referring to:
Identifying risks and developing the underlying policies and procedures to mitigate those risks.
Review & Approval
Once developed, policies need a collaborative review & approval process to ensure they match internal business goals and external influences from regulatory agencies.
After policies have been fully reviewed and approved by key stakeholders, they need to be published and intelligently distributed so the right people get the right policies & procedures at the right time.
Some policies & procedures will require an acknowledgment that they have been read, understood, and agreed upon by the recipient.
There may be instances where policy makers will require more than just a simple attestation in order to ensure a recipient’s true understanding of certain policies. This helps to identify any potential knowledge gaps there may be which may be an increased risk liability.
Reports & Audit Trails
These provide a dynamic way to constantly keep a pulse on the compliance health of the company as well as providing audit reports for regulators that demonstrate organized, defensible, and proactive policy & procedure lifecycle management.
The sum of these stages is to educate and equip everyone within a company on what the expectations are for ethical and compliant behavior, and how to achieve that. It’s also meant to help drive a true culture of ethics and compliance.
A wave of momentum is underway
As a result of seeing more and more companies and their associated leaders in the headlines for a variety of missteps, there’s been a wave of momentum around the growing need for better governance, a culture of ethics & compliance, and greater accountability.
What kind of missteps am I talking about? Things like:
- Data breaches
- Sexual harassment
- Unethical business practices
- Hostile work environments
- Cybersecurity breaches
- Unethical leadership & management
- Gender discrimination
- Mishandling of users’ private data
Because of these issues, there’s been a growing desire for tighter controls and greater accountability to be put on companies to ensure proper governance, ethics, and compliance as well as providing private citizens more protection especially as it pertains to their private data.
Driving new regulations (and penalties)
This has led to new data privacy regulations like GDPR for the EU being enacted, and now other countries are in the process of drafting similar regulations as well. The UK has also rolled out a regulation in financial services called the Senior Managers and Certification Regime which increases the personal accountability of senior officials in the financial services industry, where they can be personally fined or even jailed due to improper conduct or negligent mismanagement.
Leading GRC pundit Michael Rasmussen wrote an article last year where he talked about Senior Managers and Certification Regime (SMR/CR) being the next major wave of compliance and accountability. As he explained, there is a trend toward similar regulations like this in other countries around the globe as they develop similar legislation in varying aspects:
“Compliance to UK SMR/CR is a huge issue and is the next wave of compliance and accountability. This is not just a UK trend, but a global shift in personal accountability and responsibility to senior executives and directors that is taking shape around the world. Hong Kong, Australia, Singapore, Japan, Ireland, and even New York (more of a board focus) all have similar developing legislation/regulation in varying aspects.”
Here’s the point: In response to the negative ethics and compliance headlines we keep seeing, there’s a groundswell of public demand that tighter compliance controls and greater accountability to be placed on companies. The intent is to drive real and meaningful change from the boardroom to the breakroom and everywhere in between. This groundswell is driving these new ethics and compliance regulations around the globe.
Best practices are more important than ever
This rise in regulatory controls means that best-practices-based policy and procedure management is becoming more important than ever before. Because it’s a critical foundational pillar to ensuring compliance, achieving better accountability, and sustaining real change in the ethics and compliance culture of a company.
To achieve that, organizations are turning to software solutions, with very good reason. Or, rather, reasons: Here are the top 5 things a best practice policy and procedure management software solution brings to the table:
- Reduces the potential for reputational brand damage
- Builds an ethical and defensible compliance program
- Mitigates the risks associated with non-compliance
- Improves operational efficiency by removing all the manual inefficiencies
- Removes all the complexities involved in the policy and procedure management lifecycle
It’s clear that the times are changing, and these changes are ushering in new regulations and controls around greater accountability, better governance, and deeper levels of top-to-bottom ethics and compliance. That’s why best-practices-based policy and procedure management should be getting more of your attention and commitment if your job revolves around protecting your company’s reputation and success.