CEB Blogs


Compliance & Ethics

Fishing and Improving Your Policy Management

The key to good policy management is to have the right governance structure, otherwise it's like fishing without bait – it just won’t work

Like many things in business, good management of the hundreds if not thousands of policies floating round a company is neither an easy nor particularly interesting task but it is an important one. It will make a big difference to how employees make decisions and, ultimately, the way the company is run.

And the key to good policy management is to have the right governance structure, otherwise it’s like fishing without bait – it just won’t work.

While a company’s compliance team will typically own corporate policy management programs, they have to balance the need for central oversight and global consistency with what local business units and teams require, and this demands close collaboration across functions. This in turn requires a framework that will help the compliance team avoid duplicative, conflicting, or unauthorized versions of policies that can confuse employees and compromise their decision making.

To provide consistent, concise, and up-to date policies, Compliance must work with functional and business partners to codify the roles, responsibilities, and handoffs required across the life cycle of any policy, and there are four basic steps to doing so.

Four Steps to Better Policy Management

  • Step 1: Get an idea of what’s going on across the company: As a baseline you want to get an idea of how relevant functions (e.g. HR, Finance, Procurement) currently manage their policies. For larger companies, it in makes sense to send out a questionnaire to get an idea of all the policies out there, the stakeholders involved, and processes (see chart 1). For smaller or more centralized organizations this can be accomplished with a phone call or in-person conversations.

    Ideally, you should put together an inventory of all policies across the organization (this step-by-step guide will help CEB members do that).

    Functional questionnaire

    Chart 1: Sample functional questionnaire  Source: CEB analysis

    Click to expand chart


  • Step 2: Establish defined roles and responsibilities: Broadly articulate and draft the four key policy management roles: Approver, Owner, Partner, and Monitor (see chart 2).

    Although one function may be the “Owner” for a number of policies (e.g., Legal and Compliance), the “Approver” should be a senior-level business or functional partner so that they can make sure the policy is workable and will not unnecessarily impede business processes.

    Sample responsibilities matrix

    Chart 2: Sample responsibilities matrix  Typical policy management roles  Source: CEB analysis

    Click to expand chart


  • Step 3: Define the characteristics associated with each role: This will vary by organization, but chart 3 gives a summary of who typically fills the roles at most firms.

    Typical characteristics of role owner

    Chart 3: Typical characteristics of role owner  Source: CEB analysis

    Click to expand chart


  • Step 4: Assign roles to specific individuals: Based on your inventory of corporate policies and role characteristics, assign individual employees to specific roles linked to a policy type. Chart 4 provides a sample matrix that will help.

    Matrix of responsibilities for different policy types

    Chart 4: Matrix of responsibilities for different policy types  Source: CEB analysis

    Click to expand chart

Going through these simple steps will speed you on your way to a comprehensive set of policies that do not overlap—so that employees can more easily make decisions in line with company expectations.

More On…

Leave a Reply



Recommended For You

Compliance & Ethics: Data on How Firms Manage Conflicts of Interest

A slew of typical and legitimate activities across a normal working day can expose employees...