client login    languages

Time to Put Your Policies on a Schedule

Request A Demo of Our Ethics And Compliance Solution

Time to Put Your Policies on a Schedule

This morning I attended a workshop on policy management conducted by noted GRC pundit Michael Rasmussen [BLOG]. We’ve all heard the old adage about change being the only constant. In speaking about the maintenance of policy, Michael said something along the lines of, “While we’re sitting here talking right now, change is going on out there. When you get to your office in a few hours, things will have changed – somehow, somewhere.”

When done right, policy management does wonders for the effectiveness of a company’s compliance efforts. Done shoddily, policy management exposes an organization to risk, liability and even regulatory penalties. One of the big things to consider when it comes to effective policy and procedure initiatives is making sure your P&Ps are kept up to date. In many cases, companies change their way of conducting business but don’t remember to go back and update the relevant policy.

Best practice says to establish a regular interval for policy review, so that updates can be implemented as change occurs. The frequency of review should be specified in your meta-policy (the policy about your corporate policies). But what is the appropriate interval?

No doubt in the few hours I was with Michael, regulatory change was happening out there – somehow, somewhere – in the worlds of finance, healthcare, manufacturing, international trade, etc., etc. The truth is that every policy, including the Code of Conduct should be reviewed at least annually. While this may seem like an onerous burden, the reasons are fairly straightforward. One, there’s always a risk that a new court case or law may change the way your organization has to do business. Two, a merger and/or acquisition may add complexity that did not previously exist. And three, the number of incidents or cases of a particular category may require clarification of policy language, or illustrate a loophole in your existing policy. The annual policy review provides an opportunity for you to step back and learn from the data being collected in your compliance program.

You may find that only one or two policies need to be changed in a given year, and the rest are simply reviewed and approved for the next year. Changes in policies may require minor changes to the Code of Conduct, to help ensure your last rewrite remains fresh and accounts for regulatory changes – but that may not require a major rewrite.

The person who owns each policy should be reviewing that policy annually to make sure that if a change is needed, it doesn’t fall through the cracks.

About the Author

John Peltier, Product Marketing Manager. John leads the product marketing efforts for The Network’s integrated governance, risk and compliance software suite and previously led the strategy and development efforts of our Policy Management and Learning Management Systems. He is an accomplished product professional, with over a decade of experience delivering solutions to business problems. He has spent three years in ethics and compliance, and previously spent nine years in healthcare.

Leave a Comment

We would be glad to get your feedback. Take a moment to comment and tell us what you think.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Awards & Certifications 2013 GRC 20/20 Technology Innovation Award 2013 TAG Top 40 Innovative Company 2012 IABC Gold Quill Award 2012 MarCom Award We self-certify compliance Safe Harbor Safe Harbor Certification SOC 2 Certification