Policy and Compliance in The Workplace

By | November 13, 2006

Compliance. Regulation. Security. These are the reasons why organisations write policies. But how can you be sure that staff have read, understood, and agreed to policy? And how can you demonstrate policy compliance to auditors and regulators? Posting policies on the intranet, or relying on emails or staff handbooks leaves policies ignored, and impossible to track.

So how can you go about getting the right policies to the right staff, and more importantly, that they understand and actively sign up to them, and that this process is tracked and recorded?

Avoiding both the rock and the hard place

Companies face the challenge of achieving and also demonstrating compliance, whilst at the same time maintaining business competitiveness and avoiding an unnecessary administrative workload.

With policies changing, new people joining the organisation and people switching departments, the task of tracking and managing compliancy issues can often prove a time-consuming occupation. Traditional approaches such as email or paper-based policies and acceptance forms are labour intensive and inefficient, and cannot be relied upon to ensure legal business obligations are met.

Emails can simply be deleted or ignored by employees, and it is unfeasible to expect employees to sit and digest a 100-page corporate handbook. A user-friendly, bite-sized approach, which can be incorporated easily into the working day, will ensure policies are actually read and accepted.

Policy management software can be used to deliver HR policy directly to the desktop, by presenting staff not with some dusty lever arch file, but with key points and the information they really need to know, in bite-sized, digestible form.

In this way, organisations are able to meet business obligations and HR requirements automatically, without generating an unnecessary administrative burden.

Dotting the i’s and Crossing the t’s – Flexibly

A nonchalant click on the yes option is not enough to ensure corporate compliance – a real understanding of policy is required by employees, and businesses need to both achieve and actively demonstrate this level of understanding.

Policy management solutions automatically test your staff on key points, to ensure they have actually taken in and understood the policy, as opposed to taking the path of least resistance by simply clicking yes to every automatic prompt.

Managers get a clear picture of any refusal to read policies or of a lack of understanding, and can take the necessary action. Access to certain areas of the network can be blocked, or staff directed to relevant training pages to help them understand the issues at stake.

At the same time, it’s essential to bear business demands in mind. Employees may have a deadline to meet or a client meeting to prepare for, so it’s important to adopt a flexible approach, by staggering the release of policy details and enabling staff to defer reading the information if they have other business priorities to address.

Case Study: A Sound Business Investment

Tilney Investment Management, one of the UK’s leading independent wealth managers – with a 12,000-strong international client base and assets in excess of Ј6bn –chose to implement policy management software solution PolicyMatter to strengthen its ability to practice and demonstrate FSA compliance.

Tilney is regulated by the Financial Services Authority (FSA) and has a legal obligation to keep all employees up-to-date with the latest policies and regulations. Failure to do so could result in serious financial losses, legal issues and damage to the company’s reputation.

PolicyMatter ensures staff read, understand and accept all aspects of corporate policy, from financial compliance to IT Acceptable Use Policies and anti money-laundering regulations.

An email and paper-based approach to compliance was previously in place, which was both time- and labour-intensive, requiring a lot of administrative effort chasing up employees for signed forms, and processing and storing policies.

Tilney is now able to manage policy updates more effectively, by staggering the flow of new policy to staff and enabling them to deter reading on five occasions if their work commitments require it, minimising any impact on business productivity and ensuring the required agreement to key policies is automatically secured.

Simon Chesterton, IT Service Delivery Manager at Tilney Investment Management said, “We need to make sure that policies have been understood as well as read. Mistakes in our business not only cost money but also credibility.”

“We needed to strike the right balance between every day business and meeting FSA regulatory responsibilities. PolicyMatter has provided us with a simplified, automated and manageable approach to policy management, ensuring policy has been digested and proactively testing employees’ understanding of the information.”

Leave a Reply