In our last blog post, we discussed the impact of Covid-19 on businesses and how it affected policy management by accelerating the need for a robust, yet agile framework. In this post, we will tackle the different stages of maturity and the 4 steps you should take to achieve the policy management “nirvana”.
As stated by Michael Rasmussen in our recent webinar, there are five stages of maturity:
1. Ad-Hoc. Firefighting organizations with a reactive policy management approach at department level. With virtually no structure, the business doesn’t actively manage policies, with few, if any resources allocated to policy management.
2. Fragmented. Some structure exists with policy management in certain functions, but they remain disconnected. Information and procedures are redundant and manual with physical documentation, as well as lacking integration.
3. Defined. Some areas of policy management are evident and managed well at department level, but it lacks integration to address policy management across departments. There’s some evidence of an integrated information architecture, supported by technology and ongoing reporting. Accountability and oversight are starting to emerge.
4. Integrated. A cross-department strategy for managing policies exists, providing consistent strategies, frameworks, templates, and processes supported by a common policy information and technology architecture. Processes and information are shared to achieve greater efficiency, but it is not as agile as it should be.
5. Agile. There’s a complete integrated approach to policy management across the business, including collaborative policy authoring and leveraging AI for regulatory change and policy mapping. Consistent core policy management processes are in place with relevant and harmonized processes and minimal overheads.
It may be the case that various departments at your firm are at different stages of maturity but getting to stages four and five requires a collaborative approach to policy management that is evident across the organization.
Now that you have managerial buy-in, understand where your organization sits in terms of maturity and have built an initial strategic plan, continue the top-down approach to build the process architecture. These are the 4 steps you need to take:
1. Policy Governance and Oversight: To set up a policy model, start by building a governance committee and model to define the standards, roles, authors, and approvers as well as to implement a style guide and templates. Get a real understanding as to why the firm needs policies for specific situations, starting to address, author, develop and write policies. Build an appropriate framework and define how policies can be measured and understood in the context of objectives, processes, and services.
2. People and Engagement: Put a dedicated team in place with the skills and resources to apply to policy management. Engage subject matter experts in policy reviews and changes to risks and regulations, with a focus on strategic value-added components. Ensure that training and development is a key part of the process.
3. Process and Execution: Once the policies are approved, develop a well-defined and executed policy management lifecycle, with a single version of the truth for all enterprise policies, housed in one firm-wide policy portal. Risk assessment and regulatory change monitoring will need to be standardized and automated, ensuring policies are current and relevant. Importantly, ensure there’s a clear view of policies across all levels of the business, including a mapping of organizational structure. Establish a process for monitoring, with changes in risk profiles automatically triggering actions for review.
4. Information & Technology: Policies now need to be communicated and enforced effectively through a communication and delivery plan, including providing training and awareness and monitoring. This can be leveraged through best-in-class management software. But technology also provides the potential for policy collaboration on authoring, universal employee access in an intuitive, adaptive, and accessible policy portal and being able to automate policy management in the context of regulatory and risk change. This supports decision making and helps provide good compliance policy practices.
Once the system is in place, start to understand better how you can improve policies and set up a cycle to review, maintain and redesign them where necessary.
Ultimately, an agile policy management system that uses technology to automate, track and provide an audit trail, can result in months or years of work being condensed into just days. It goes a long way to prevent corruptive acts, as well as provide a defensible policy system with a track record that can rewind to show what policy was active and how they were communicated at a certain moment in time – so it's important from a regulatory and legal standpoint. It provides a collaborative policy environment, strengthens relevant decision-making through enhanced analytics and adapts much faster to changes in regulatory and business risk circumstances.
With so much to save in stress, time, and cost, are you going to work towards implementing an agile policy management system in your organization?