• +1 (800) 317-2820
  • +1 (408) 689-8205

Ensure Compliance by Beginning with Research

Written by ComplianceBridge Policies & Procedures Team on March 17, 2017

Learn the 10 Best Practices for Policy Review

How to Automate the Policy Review Process

In this ebook, we provide ten steps to automate the policy review process. In each step, we’ll explain the importance of the concept, and show you how you might implement it in your own organization. Believe us, your review team will thank you.

Harry Potter author J.K. Rowling spent years planning out the seven-book series. She had characters, spells and plot twists detailed by the time she began writing in earnest. She knew where the story would take the reader and how to keep them interested along the way. Well-crafted policies and procedures require that same kind of planning.

Before you put pen to paper for a new policy or procedure, do your homework. A little bit of research goes a long way toward ensuring compliance. You should be able to answer the following questions:

Where do you want to go?

From the very beginning, you should know the goal you want to achieve with a new policy and procedure. What is the outcome you need? Clearly state the problem you expect to resolve. Make sure you really need to make a change. Work backwards from your goal to create a solid path to compliance.

Is there already a path?

Review existing policies and procedures that may cover the same ground. Perhaps you just need to revise or augment a policy already in place. Create new documents only when needed.

At what cost?

Sometimes a change is more trouble than it is worth. Make sure that the problem you are solving is big enough to require the effort to create, follow and enforce a new policy. Avoid implementing a policy that impedes another group from conducting their business.

Is this a priority?

There is always more work to be done. Is this policy the most important one to write at this time? Focus on documents that are most significant for your organization. Those driven by regulations and law are likely to be highest on the list. Make sure you know the rank of each proposed policy and schedule it accordingly.

Are there signposts?

Consider what documents or regulations could be relevant to your new policy or procedure. Include references to them if they help clarify intent or add new information. Flag them so that you are notified if changes are made. Including these signposts can help ensure you stay on track over time.

Make all references within your documents searchable. Any authorized reader can then quickly identify and review these as well. This greater context helps ensure compliance.

Who is your audience?

Make sure you know who is affected by the new policy. Who needs to follow the policy? Who enforces it? The audience can be a combination of groups defined by geography, role, seniority, department, product or other characteristics.

What are the consequences of non-compliance?

Be sure you have a clear understanding of what compliance means and what non-compliance costs. Then make sure you document both very well.

Are there unintended consequences?

Make your best effort at identifying potential negative incentives created by your new policy. By their very nature, unintended consequences are difficult to pin down. Consider what those affected by the policy might raise as objections. Think about whether morale will suffer. Then use your findings to help guide the best documentation and rollout of the new policy.

How much detail is required?

Make sure that everyone affected by the new policy will be able to understand the content. Does anyone speak English as a second language? Is your audience a mix of specialists and generalists? Perhaps they have different skills or are at different organizational levels? Keep your documents simple and provide context where needed to ensure comprehension.

What is the reader’s context?

Think about what the reader will be doing when reviewing your new policy or procedure. Why will they need the information at that point? Conversely, will they have easy access at the point they need to reference your document? Make sure your document works for them when they need it.

Are visuals required?

Sometimes a picture is worth a thousand words. For those who learn visually, a figure associated with a policy can be very helpful. Consider whether you need to include illustrations or images.

Who will write and edit?

Define your review committee as soon as you know who the stakeholders are. Your committee should include representatives from the affected groups as well as subject matter experts, authors and editors. Assign these key roles even if that means some committee members have multiple roles. It is best to be specific and clear about what each member contributes.

Who must approve?

Know early on who is responsible for approving and enforcing the policies you create. Involve them early in the process so that there are no surprises to them or you. They should have a role as a reviewer but may have additional roles depending on your organization.

How will you distribute?

Policies and procedures are only valuable if your target audience reads, understands and follows them. You have already identified your audience. Now you need to determine how you will notify them of the new release and enable them to review the content. Best practice suggests you use a digital notification where possible, with a link to a secure copy of the document. You should also provide method for your audience to search for and find relevant documents on demand.

How will you ensure receipt?

Not long ago policies were posted on bulletin boards with no way for individuals to confirm receipt. You have the perfect opportunity when distributing documents now to also require a return receipt. To determine that the policy was actually opened, add a checkbox that requires the recipient to send an acknowledgment after opening the policy.

How will you test for understanding?

Compliance requires understanding. Consider what affected individuals need to know to be compliant. Then test for that knowledge. For some policies, a short and simple questionnaire is sufficient. For others, you may need a more extensive test. Monitor results and actively remedy any problems. This will help you ensure compliance.

What will trigger a review?

Take the time to determine what should trigger a review of your new policy or procedure. Knowing the trigger should help you ensure that you have the right content, context and linkages to other related content. Review can be triggered by change to a related regulation, law or policy, for example. Use search to identify any additional policies or procedures that are potentially affected by this change. If nothing else, assign a trigger date. This improves your chances of keeping your policies current and relevant.

Now that you’ve done your research you are ready to start actually writing the document! If you have answers to all the preceding questions, you are on your way to ensuring compliance without magic, mystery or plot holes.

ComplianceBridge Policies & Procedures Team

The ComplianceBridge Team has more than a decade of experience in compliance management and solution development. We cover stories of interest to Compliance Officers and provide tips and tricks for maximizing compliance.

Top