client login    languages

Building a Policy Management System For Behavior vs. Control

Request A Demo of Our Ethics And Compliance Solution

Building a Policy Management System For Behavior vs. Control

In our participation with the Open Compliance and Ethics Group to create the “Policy Management Illustrated” series, our second webinar focused on the illustration that looked at policy enforcement. In the previous series of blogs, we looked at the need for better communication and how to drive engagement concerning policies. In this blog series, we’ll look at the matter of enforcement when it comes to policies and procedures.

As GRC 20/20’s Michael Rasmussen says, a policy that is not enforced is really no policy at all – it becomes a guideline if anything. Best practices to ensure policy enforcement are a critical phase in superior policy management.

Policy enforcement is much more about the aspect of behavior versus control. While the compliance department provides oversight and accountability by ensuring that policies are followed, the ultimate goal is driving good behavior; otherwise, you’re settling for compliance by proxy and a weak “check-box” mentality.

A good policy management system provides a measure to address the issue of behavior, to close the loop so that nothing falls through the cracks, and to show consequences of non-compliance. One way to close the loop is to perform assessments and surveys to make sure things are being enforced rather than just looking for incidents and issues that show they are NOT being enforced. Compliance is both a monitor of non-compliance behavior and the enforcer of those policies, plus they should connect policies with issues and implement any correct action plans that are required.

This is referred to as the “bow-tie” approach, where policy enforcement is central to elements that appear on either side of the core: how policy incidents are captured (the control portion) and looking for items that are not being actively enforced.

Next time, we’ll examine the issue of policy exceptions.

About the Author

John Peltier, Product Marketing Manager. John leads the product marketing efforts for The Network’s integrated governance, risk and compliance software suite and previously led the strategy and development efforts of our Policy Management and Learning Management Systems. He is an accomplished product professional, with over a decade of experience delivering solutions to business problems. He has spent three years in ethics and compliance, and previously spent nine years in healthcare.

1 Comment

  1. November 10, 2014 at 2:06 pm

    […] Blog Post: Building A Policy Management System For Behavior vs. Control […]

    Reply »

Leave a Comment

We would be glad to get your feedback. Take a moment to comment and tell us what you think.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Awards & Certifications 2013 GRC 20/20 Technology Innovation Award 2013 TAG Top 40 Innovative Company 2012 IABC Gold Quill Award 2012 MarCom Award We self-certify compliance Safe Harbor Safe Harbor Certification SOC 2 Certification