In our participation with the Open Compliance and Ethics Group to create the “Policy Management Illustrated” series, our second webinar focused on the illustration that looked at policy enforcement. In the previous series of blogs, we looked at the need for better communication and how to drive engagement concerning policies. In this blog series, we’ll look at the matter of enforcement when it comes to policies and procedures. Last time we looked at policy exceptions. This time, we’ll discuss policy management solutions for the extended business environment.
As was stated in our discussion with OCEG, today’s business has no boundaries. It’s a web of relationships with partners, suppliers, vendors, outsourcers, service providers, consultants, and more. You can’t succeed in business without them, and you can’t stand alone on your island and expect your extended business partnerships to know what you expect of them behavior-wise. Only about half of organizations manage and assess their policies across extended business relationships, and less than a quarter have a consistent process, according to the poll conducted during the OCEG webinar.
Remember that your employee code of conduct is your first policy, your “prime directive.” You should take a similar approach to policies as you do to your employee code of conduct, by extending a version of your code and your policies to your suppliers, almost as a matter of contractual agreement. In the spirit of enforcement, be prepared to follow through on that supplier code just as you would your internal code.
A supplier/vendor policy ensures you are as defensible with your suppliers as you are with your employees, and your suppliers need to be prepared to submit proper disclosures and exceptions just as you would require of your workforce.
And, just as you would with your employees, survey your suppliers to gauge their understanding of policies and ensure they are abiding by your rules of engagement. Most often, specific policies are an outgrowth of your employee code of conduct, and most business relationships fully understand the need, and the value, of having an ethical, compliance-focused partnership.
Look for additional blogs in this series as we continue our discussion of policy and procedure and policy management systems. Next time, we’ll look into policy metrics and the need to measure and evaluate your policies so that they don’t get stale.
On-Demand Webinar | The Compliance Integration: Why Policy and Training are One and the Same
This online presentation will cover how an ethical culture, comprehensive policy lifecycle management, and engaging employee training can come together in a seamless fashion to optimize an organization’s GRC initiatives.