In our participation with the Open Compliance and Ethics Group to create the “Policy Management Illustrated” series, our second webinar focused on the illustration that looked at policy enforcement. In the previous series of blogs, we looked at the need for better communication and how to drive engagement concerning policies. In this blog series, we’ll look at the matter of enforcement when it comes to policies and procedures.
As GRC 20/20’s Michael Rasmussen says, a policy that is not enforced is really no policy at all – it becomes a guideline if anything. Best practices to ensure policy enforcement are a critical phase in superior policy management.
Policy enforcement is much more about the aspect of behavior versus control. While the compliance department provides oversight and accountability by ensuring that policies are followed, the ultimate goal is driving good behavior; otherwise, you’re settling for compliance by proxy and a weak “check-box” mentality.
A good policy management system provides a measure to address the issue of behavior, to close the loop so that nothing falls through the cracks, and to show consequences of non-compliance. One way to close the loop is to perform assessments and surveys to make sure things are being enforced rather than just looking for incidents and issues that show they are NOT being enforced. Compliance is both a monitor of non-compliance behavior and the enforcer of those policies, plus they should connect policies with issues and implement any correct action plans that are required.
This is referred to as the “bow-tie” approach, where policy enforcement is central to elements that appear on either side of the core: how policy incidents are captured (the control portion) and looking for items that are not being actively enforced.
Next time, we’ll examine the issue of policy exceptions.
On-Demand Webinar | Driving a Culture of Compliance By Engaging Employees
Borrowing from cutting-edge research on consumer engagement, as well as current industry best practices, this complimentary webinar explores practical ways to get employees actively participating in ethics and compliance efforts.