Do you need a policy on policies?

Written documentation is essential for effective and consistent communication within organisations, and the provision of clear, written policies and procedures that reflect current practice and community expectations assists in accountability. Further, written policies and procedures provide tangible evidence of intended practices that are consistent with the organisation’s values, and should be regularly reviewed, evaluated and updated.

However, having reviewed a great many policy documents, my colleagues and I have found this to be far from the case in many organisations. For example, there may be no standard templates for policy documents (i.e. policies, procedures, guidelines, etc.) and the documents will have no review dates or are overdue for review. If this is the case, a ‘policy framework policy’ or ‘policy on policies’ can help. Even in organisations where there is a central repository of up-to-date policy documents (e.g. intranet or policy manual), a policy framework policy can guide the development of policies and procedures to ensure those documents are consistent and user friendly.

Policy Chaos

Key elements of a policy framework

The key elements of the policy framework[1] to establish in your policy on policies are:

  • Policy hierarchy – sets out the documentation that defines and governs the organisation’s activities, listed in order of precedence.
  • Policy and procedure development process – sets out the requirements for creating policies, procedures, etc., including process maps and document templates.
  • Roles and responsibilities – information about who is involved in the process of developing policies and what they do as well as who has the authority to approve policies and procedures for publication and distribution.

Policy hierarchy

Any policy framework within an organisation will have a series of associated levels, each of which will have different objectives. Figure 1 illustrates the components of a policy framework, which itself is guided and regulated by the overall statutory framework within which the organisation operates. For example, an APRA-regulated financial institution will have different policy needs to those of an ACNC-regulated charity.

Figure 1: Policy hierarchy

Policy hierarchy

Some organisations will differentiate between policies and procedures. Procedures generally reflect governance or operational standards, provide a specific guide to decision making, and explain how policies are put into effect. But sometimes ‘policy’ and ‘procedures’ are linked in a document, which will be described as a ‘policy’. For example, there may be the expectation that some policies, such as those related to conflicts of interest, will include the relevant procedures to deal with a conflict or potential conflict when it arises.

Policy levels

There will generally be two categories of policies in an organisation:

  1. Governance – policy with board level risk or strategic implications or with board level statutory or regulatory requirements (e.g. ASX, APRA), and relates to the processes of decision making and the controls and behaviours that support effective accountability and performance outcomes (e.g. risk management policy, code of conduct);
  2. Operational – policy other than governance policy. These may be:
  • An organisation-wide operational policy, which refers to practices across a range of activities (e.g. travel policy); or
  • A specific operational policy, which refers to matters in respect of a specific activity and relevant to all staff (e.g. human resource policy).

Templates

Templates should be developed for each type of policy document the organisation uses to ensure they are presented consistently. Information should also be provided about how to use each template.

Policy and procedure development process

An important topic to include in any policy framework policy relates to the triggers for a new policy and/or procedure. For example, these may include changes to the external operating environment, a review of the strategic direction of the organisation, or changes to government policy or legislation.

The development and revision of policy documents will generally comprise a process similar to the one set out in the table below. This process should be fully explained in the procedure section of the policy or a separate procedure document depending on your organisation’s preference.

Stages

  1. Needs analysis: Identification of need for the development of a new policy or procedure or review of an existing policy or procedure
  2. Appointment of a policy author and policy approver
  3. Research and data gathering
  4. Draft document
  5. Circulation of draft document
  6. Consultation with stakeholders
  7. Circulation of redrafted document
  8. Policy approval
  9. Communication and implementation
  10. Maintenance and review

The importance of terminology

I would advise setting up a glossary or vocabulary of definitions to ensure consistency of terms in your policy documents. Policy documents with multiple definitions for a single term, obscure acronyms or technical/professional jargon can cause a great deal of confusion to users, who may inadvertently breach a policy through a lack of understanding about what was meant. It is also a major reason so many employees find it difficult to read policy and procedures. Write your policy documents in plain English, and avoided jargon, acronyms and abbreviations wherever possible. If you must use jargon, make sure the term is clearly defined the way the organisation wants it interpreted so there can be no misunderstanding on the part of those looking for guidance in the document.

Roles and responsibilities

Setting out the roles and responsibilities are essential to an effective policy framework. This includes:

  • the need for clear authority for the formulation of policy documents (i.e., delegations of authority);
  • guidance concerning the responsibilities of policy owners and how policy is formulated, approved and disseminated;
  • the selection of a policy system manager for the management of organisational policy documents and for setting standards as to the development, content and review of those documents.

A policy document must be approved by the highest delegated authority. For example, the board (for all new or any major amendments to existing governance policy documents or to firm-wide operational policies which have significant risk, compliance or cost implications) or the CEO or a delegated authority (for new or major amendments to existing operational policy documents which do not require board approval).

Why have a policy on policies?

Policy is important to the efficient and effective operation of the organisation. It is a tool enabling:

  • Individuals to get on with their jobs without the need to discuss issues each time they arise;
  • Participants from different parts of the organisation to work towards a common goal;
  • Consistency and predictability throughout the organisation;
  • Compliance with legal and other requirements; and
  • Quality assurance and improvement.

Therefore, the rationale for a policy framework policy is to ensure that organisational policies are established, applied, monitored and reviewed consistently and appropriately across the organisation. Such a framework will make all organisational policies subject to a formal approval process and ensure all policy documents are stored in a centrally maintained document management system. It will be of long-term application to the organisation as a whole and will:

  • Help ensure that the organisation complies with relevant legislation, industry and other standards, and community expectations;
  • Assist the organisation to attain its mission and strategic goals;
  • Promote operational efficiency; and
  • Reduce risks.

[1] For more on policy frameworks, see G. Kiel, G. Nicholson, J.A. Tunny & J. Beck, 2012, Directors at Work: A Practical Guide for Boards, Thomson Reuters, Sydney, pp. 375-392.

9 COMMENTS
  1. Tshepo Mothoa / 18 Jul 2017

    What are the implications of policies with timelines not being approved by the board?

    • Effective Governance / 17 Oct 2017

      Not all policies have to be approved by the board. For example, operational policies will be the responsibility of the CEO or delegated to a senior manager. If the board is responsible for approving a policy and the timeline for reviewing the policy has not been followed, the policy may be outdated, which can have serious consequences if the policy concerned relates to an area such as compliance, e.g. WHS when there are changes to the legislation. If the board has simply not approved a policy, then it cannot be implemented. The consequences of failing to approve a policy in this case will again depend on the nature of the policy. For example, the board of a financial institution that fails to approve an anti-money laundering (AML) / counter-terrorism financing (CTF) policy and program would be in breach of the Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth).
      Good governance demands that boards take their responsibilities for their organisation’s policy framework very seriously and we recommend that all organisations develop a policy framework policy to ensure that organisational policies are established, applied, monitored and reviewed consistently and appropriately across the organisation. Such a framework will make all policies subject to a formal approval process as well as ensure all policy documents are stored in a centrally maintained document management system. (For more on policy frameworks, see G. Kiel, G. Nicholson, J.A. Tunny & J. Beck, 2012, Directors at Work: A Practical Guide for Boards, Thomson Reuters, Sydney, pp. 375-392.)

  2. Wim Blaauwendraat / 07 Oct 2017

    One question: who is accountable for the governance on policies? CEO or which function typically in the organization?

    • Effective Governance / 17 Oct 2017

      The governance of policies depends on who (individual or group) is delegated with responsibility for each policy. A policy document should be approved by the highest delegated authority. For example, the board (for all new or any major amendments to existing governance policy documents or to organisation-wide operational policies which have significant risk, compliance or cost implications) or the CEO or a delegated authority (for new or major amendments to existing operational policy documents which do not require board approval). The CFO, company secretary or the head of risk or compliance could be given responsibility for the policy management system, and, for example, be charged with determining who can approve a specific policy after consulting the chair and CEO.
      We recommend that all policies have a designated “policy approver” (e.g. the board, CEO; senior manager) and “policy owner”, which is a governance or management position or body responsible for the development, oversight and review of policy. Policy owners are accountable for the timely review, updating, and dissemination of policies and procedures throughout the organisation or in their functional area depending on the policy.

      A policy management system including a policy and associated document register is also recommended—this can range from a simple spreadsheet to dedicated software depending on the size of the organisation. The register will record, at a minimum, the name of each policy and its associated documents, approving authority, latest date of approval for each policy and any associated documents, the names of the policy owner, most recent review date, and the due date for the next scheduled review. In this way, there is no doubt who is accountable for each policy.

  3. Phatu Mashela / 22 May 2018

    Hi
    Can legislation substitute policies? I serve in the Board of Schedule 3A SOE and there are no policies for the core business, which is research. The CEO argues that policies are not necessary since the company uses legislation. Yet the company has several campuses spread throughout South Africa. As a recently appointed board member Serving in the Research, Development and Evaluation Committee, I wanted to familiarize myself with how decisions are taken in this Co. But there is nothing. Your advice, please.

    • Effective Governance / 23 May 2018

      In answer to your first question, no, legislation cannot and should not be a substitute for policies, which includes charters, terms of reference, procedures and guidelines. It seems inconceivable that a state-owned enterprise of any type would not have a policy framework and it goes against the principles of good governance. The SOE’s board would need to direct the CEO to establish such a framework. However, given the nature of SOEs, it is likely that the board may not have the degree of power over the CEO that would be expected in the private sector, i.e. the board may not appoint the CEO or set the terms and conditions of their employment. As such, trying to change the CEO’s views around policies could be difficult and you may need to mount a case using leading practices in other SOEs along with private companies.
      An organisational policy framework allows for the proper operations of the organisation, consistent with its members or shareholders’ (or in your case the government or public’s) best interests and the requirements of legislation. A policy, at its most fundamental level, is a rule or principle that is used to guide decision-making activity in order to achieve a specified outcome. A policy will usually be formally documented and policies, along with associated documents such as charters, procedures, manuals, work guides and forms codify an organisation’s business processes and operating structures, and will affect both decision-making processes and day-to-day operations.
      While a policy primarily exists to assist in decision making, policies within an organisation will fulfil a number of different objectives from a number of different perspectives. From an operational and decision-making perspective, policy will help explain the operating constraints that individuals must work within. From a management perspective, policy allows management by exception, rather than active management. It allows for managers to spend time on valuable activities, rather than supervision.
      The governance policy framework is the highest level of policy in an organisation and sets the rules for the operations and procedures of the board, management and employees. Further, many governance policies serve to cover legal and legislative and regulatory requirements and will also provide a framework for a culture of compliance within the organisation. Governance policies include your organisation’s code of conduct, governance charter, conflict of interest policy, risk management policy, IT governance policy, senior executive remuneration policy and stakeholder communication policy. Operational level policies on the other hand, relate to matters such as HR, organisational work arrangements and financial management. Legislation cannot provide the level of detail contained in organisational policy documents nor is it tailored to individual organisations, which in your case is the business of research.

  4. Alex / 14 Sep 2018

    Hi – Do you have any approaches for ranking/tieiring policies to determine what the highest authority level should be? Regulation will stipulate where certain policies need to be approved but what about the others? Taking too many to the board is onerous and potentially not good use of their time however, not providing necessary policies to the board could leave them exposed to not understanding the management of certain risks in the business.

  5. Ramakgapa / 03 Dec 2018

    Am I correct in saying that a Governance framework encompasses policies, processes & procedure manuals/guidelines? What is the difference between a Governance framework and Governance Operations framework?

  6. Vikas / 13 Aug 2019

    How can we ensure the all the implemented polices are effective.

    We have 3 Line of defence working to monitor and control the process, but how to measure policy effectiveness at point in time?

Leave a Comment