A new policy usually represents a step forward for an organization. Whether you’re changing internal processes as a result of new equipment or technology, or responding to changes in local, state or federal regulations, every new policy initiates a cycle from creation through review, revision, and formal approval. Once approved, all relevant personnel must be trained or notified, and their acknowledgment formally documented. Everyone is forward-looking, moving-on to the next policy creation or renewal. The new policy is in effect and the organization is in compliance. A job well done.
This rosy picture often disguises the real drama of policy creation. Deadlines are often ridiculously close, and resources desperately short. Changes in regulations or notifications that the company is out of compliance typically prompt an “all hands on deck” response, and everyone is expected to drop what they’re doing and pitch-in to get the company through the crisis. When all is said and done, it may seem like there was some magic or wizardry involved in pulling-off these crisis-born efforts, but usually what happens is that something falls through the cracks that will come back to haunt you later.
The Magic of Author-less Policies
Your latest policy crisis has caught the attention of your internal auditor, and she has some questions. However, despite herculean efforts by a dedicated team of professionals, there appear to be no names attributed to the creation, review or approval of the policy. Everyone pitched-in as expected, but apparently did so anonymously. Whether that was a deliberate choice, or a simple oversight in the “dotting the i’s and crossing the t’s” category, doesn’t really matter at the moment. To whom should the auditor be talking?
Authorless policies are an unfortunate consequence of favoring speed over accuracy. The company is in fire-fighting mode, and anyone who is even remotely-connected to the relevant topic of the policy in question is jumping-in, offering their two cents and jumping-out without stopping to leave any kind of trail. Multiple versions get created while the boss is screaming that this needs to be resolved yesterday! When an auditor is called upon to perform a detailed post-mortem, the individual oversights quickly accumulate into major gaps and probable non-compliance. The consequent investigation will probably require more resources than would have been involved in creating the policy correctly the first time.
Comprehensive Policies and Procedures Management
Ad hoc policy creation is exhausting and very expensive. Our robust template built on industry best practices offers a better way. By using our secure, access-controlled SharePoint portal, the involvement of personnel can be restricted to those that are formally authorized (as opposed to just enthusiastic), and each revision can be tracked in a real time dashboard so that a detailed log is maintained and version control remains in place. The next time an auditor has a question about the authorship and lineage of a policy, a complete summary will be a few keystrokes away.