With all due apologies to that insurance giant and their deep-voiced ad person, knowing your “policy” is essential for a well-run business. We’re not talking about insurance policy here, but instead, about internal policy, code of conduct, should-and-should-nots, and the sort. What exactly do corporate policies do for an organization? Why are they important, and what should you look for in your approach to policy management?
All good questions. The noted GRC pundit Michael Rasmussen of Corporate Integrity, LLC, makes reference to “clear accountability,” and that pretty much sums it up. Full-lifecycle policy management – which includes policy creation, distribution, education, certification, tracking, and maintenance – is all about building comprehensive visibility into the policy sector and a position that is defensible when the regulators or lawyers come knocking.
It’s difficult to say it better than does Rasmussen in his recent posting: “An ad hoc ‘dust in the wind’ approach to policy management may expose the organization to significant liability.” It may also be relevant to ask four questions of your organization. Is my policy up to date? Is it effective in its scope? Does it help my employees truly understand the matter at hand? And, does it match the needs and goals of my enterprise? If your answer is a heart-felt ‘yes’ to those questions, that’s not only your policy – that’s good policy.