Whether you are taking on a new task of policy management and oversight at your organization or are simply looking to streamline the way existing policy management programs are run within your organization, we’ve compiled in this article 5 key components for effective policy management program– regardless whether done manually or automated using policy management software.
While policy management systems address and automate many processes with regards to the management of policies, a manual process should also incorporate these key aspects of policy and procedures oversight and governance.
Cataloging your Policies and Procedures and Their Attributes
Before you can start managing your policies, you need to develop and maintain a catalog of your documents.
This would typically involve managing the following attributes of your policies and procedures: policy name, physical file name, policy location within your policy library, policy descriptions and/or purpose, past policy review dates and next review due date, attachments or related forms, references to regulatory standards, and information about key stakeholders (people or committees) that would be required to review, revise and approve your policies.
With a basic policy catalog, something as simple as a policy manager leaving the organization can cause major issues across the entire enterprise.
Moderation of Policy Tasks
All policies and procedures need be periodically reviewed. Each revision may require involvement of numerous editors, reviewers and approvers. Very often a policy draft will need to be sent back and forth multiple times for a new version to be finalized.
Even on the smallest of scales, the task of routing a draft of a document and ensuring everyone gets and completes it on time is quite monumental. Therefore, if you don’t use a policy management software, it is critical to have a spreadsheet or some other tool for noting statuses of all drafts and responsible parties and ensuring policy revisions and drafts get to the right people at the right time.
Policies and Procedures Oversight and Reporting
Most organizations require regular policy status reporting to leadership and ad-hoc reporting to auditors or for legal reviews.
An important component of effective policy governance is the ability to generate such reports both pro-actively and on an as-needed basis. A policy management software will typically include reporting engines as well as dashboarding tools to manage and control overall health of the policy program within an organization.
In a manual policy governance situation, maintaining an up-to-date catalog of policies and having a log of moderation tasks – as listed earlier- will pay huge dividends when a status report is request by the management or by auditors.
Maintaining Policy Approval Records
A critical aspect of policy management practice is tracking and recording of policy approvals.
Having a policy approved by authorized staff means little if evidence that can withstand legal review cannot be generated by both policy managers as well as end users during audits. Therefore, you must ensure that you store proper approval records for both current and previous revisions of all policies in your company.
Management of Archives and Revisions
The final important component of a good policy governance program, and one that is often forgotten, is the management of archives and past revisions of policies and procedures.
This is especially important when an investigation or lawsuit is started regarding a specific incident that might have occurred months or years earlier. During a legal review, the organization often must provide detailed information about policy or procedure content, details about approvers and exact dates when the policy was published and available to staff.
While we have mentioned 5 key components of an effective policy management program, there are several other related tasks that are also important to keep in mind. They include: policy attestation, document cross references, policy distribution strategies, document search-ability, and regulatory compliance. While it is possible to ensure all components are in place using manual processes, spreadsheets or lists, an automated policy management system, like ComplyALIGN, simplifies repetitive administrative tasks, and ensure that policy routing, revision management and reporting are fully automated.