7 steps to effective policies

One of the most common requests we get at Ridgeline HR is for assistance in developing HRM policies and procedures for our clients.

Many businesses think that simply having a policy is enough to demonstrate compliance but there is actually a lot more to it than that as businesses too often find out the hard way.

It is not much good having a policy if it is not practised in fact and the fact is that, if a business doesn’t follow it’s own policies, it automatically has a compliance problem.

And there is quite a bit of work involved in ensuring that policies are both appropriate and managed in the right way to achieve their objectives.

There are 7 steps to effectively implementing policies:

  1. Be clear about why the policy is necessary(and, if it isn’t, don’t do it).
  2. Ensure that the policy aligns in content and presentation with your vision, values and strategy (don’t create contradictions).
  3. Communicate the policy appropriately to everyone to whom it has application (on launch and progressively through inductions, refreshers etc as necessary).
  4. Train people who have roles to play in application of the policy in how to perform those roles in the right way.
  5. Assess risks (eg people who might have potential to breach the policy or need additional support to comply with it) and implement appropriate risk management strategies.
  6. Consult people and review practice regarding the policy to ensure that it is working as intended.
  7. Review the policy annually to take account of any legislative or best practice developments as well as organisational experiences to continuously improve it and ensure ongoing compliance – return to Step 1.

Perhaps the thing that I find most remarkable about most organisations which focus on risk management is that they don’t actually assess risks that exist in their organisations when they implement a policy. See Step 5 above.

There is too often a mentality that, if the rules are communicated and an individual then doesn’t follow those rules, the risk is transferred from the business to that individual.

For organisations that might be in that space, I suggest that you consider why the policy is needed in the first place – ie what purpose (other than complying with a legal obligation) does it serve in the management of people?

Or, to put it another way, why did it become a legal obligation in the first place?

Do your policies exist for policies’ sake or do they have a positive impact on your people and culture?