When an organization fails to manage policies, the organization quickly becomes something it never intended.
Policies define the organization’s governance culture and objectives. Without the guidance provided by well-written and effectively managed policies, corporate culture may morph and take the organization down unintended paths. Policies set the standard for acceptable and unacceptable conduct by defining boundaries for the behavior of individuals, the operation of business processes, and the establishment of relationships.
Let’s be clear. Policies in and of themselves do not ensure the right corporate culture. Merely creating thousands of policies is not the answer; in the case of policies often “less is more.” Even when well-written policies are issued, the game isn’t over. An organization can have a wide array of policies that “sit on the shelf” or are not adhered to resulting in the organization ending up in very hot water.
In my experience, policy management processes are in disarray introducing risk in today’s complex, dynamic, and distributed business environment. The typical organization lacks a structured means of policy management with an inconsistent maze of templates and processes with policy documents that are out of date (e.g., old versions), unauthorized, and scattered across file shares, SharePoint sites, and other content management systems. Inconsistency in policy management means processes, partners, employees, and systems behave like leaves blowing in the wind. Organizations struggle with policies that are out-of-date, ineffective, and not aligned to business needs. Policy inconsistency opens the doors to liability, as an organization may be held accountable for policy that is not appropriate or complied with.