Emendas Blog » Chipping Away at Compliance: Policies

Create a firm foundation of documentation

Posted 4 mins ago by Sarah Glover 7 Minute(s) to read

aaron burden y02jEX B0O0 unsplash

 

Is it true that policies are nothing but dusty (metaphorically dusty, in the digital age) documents sitting on a shelf?

Without good implementation and practice, it just might be. However, when done right they create a framework for a robust business. Your policies can be a theoretical structure for your business systems which clarify, guide, and inform. They are also important when it comes to fulfilling due diligence and compliance requirements. Having policies in place that speak to HR and H&S practices is a big part of the proof of your efforts to ensure that your business is operating within the law, and that employers and employees are on the same page.

Business owners often consider policies to be overwhelming—and if you’re drowning in policy paperwork, you might be doing it in a way that’s not the most productive or efficient. A good framework of policies and procedures should be:

  • Relevant to your organisation.
  • As simple as they can be while still covering the bases that need to be covered.
  • Written in language that’s clear, understandable, and commonly used in your business and industry. A policy is for use internally but will be viewed externally; write it for the correct audiences.
  • Living documents that change when necessary.

Creating a policy shouldn’t feel like a huge effort, conjuring up something from nothing and making sweeping changes. Some people view them as the fun police, eliminating character from your operations. It’s more about preserving and recording the way that things are already being done, including your unique culture. If you use your current practices as the foundation, you’re most of the way there.

 

The risks of insufficient policy

We’ll start with the glass half empty: looking at what you’re risking when you put policy in the too-hard basket. Before we dive into this, we’ll clarify that simply having policies in place is not the standard. A framework of policies and procedures that is insufficient, clunky, or irrelevant to your organisation can create extra risk. They should reflect your company’s unique ethos, practices, and systems.

Risks of a nonexistent or unsuitable policy framework include:

  • Being legally liable for incidents that occur if there is no policy demonstrating you have done due diligence to prevent it (this includes ensuring implementation, as we learnt in the Ports of Auckland case).
  • Employment risks; finding yourself on the wrong side of employment law.
  • Financial risks from poor productivity. The business suffers when employees are unsure of a correct process or procedure leading to waste, rework, or loss of revenue.
  • Miscommunication and confusion: without policies to refer back to, practices can shift and change not only over time but between different people and teams. This stifles recruitment, onboarding, and promotion of team members.

 


The benefits of strong and relevant policy backing

The tangible benefits to culture, profitability, and risk reduction afforded by good policies make it clear that they serve a purpose beyond collecting dust. Creating, reviewing, updating, and improving your policies can:

  • Preserve and reinforce your unique systems, practices, and organisational culture.
  • Outline and make official the expectations of all parties, so everyone’s on the same page.
  • Streamline operations for consistency and therefore, efficiency.
  • Make it easier to onboard and induct new team members.
  • Create a mechanism for training and upskilling.
  • Create a guide for managing an area of the business, or some form of conduct.
  • Demonstrate a commitment to following rules and regulations when regulators and assessors come around.
  • Provide a written, official set of instructions that workers and managers can refer to.


While policy is necessary for your compliance efforts, that should not be the only goal. Working yourself into knots trying to create policies with the sole intention of covering your legal butt can be torturous. If you instead approach the task intending to capture the real, effective processes and practices that make your business unique and record them for clarity and as a very helpful central source of information, you might find it easier. If you’re ticking a ”policy” box, you might as well make it genuinely valuable to your organisation.

 


Creating policies that work for you

Where to start? If you’re constructing a policy framework from scratch or reviewing and improving an existing one, there are a few broad phases to consider:

  • Decide what policies are needed.
  • Identify which policies are already in place.
  • Review the existing policies: are they relevant? Are they current?
  • Consult interested parties and seek feedback on the updated or new policies.
  • Publish and implement, making space for continued feedback.
  • Add to your policies and procedures off the back of operational events or feedback that is organically generated through work as done.

The first three steps in particular may benefit from targeted specialist help. Outsourcing the whole shebang is not recommended, as your organisational IP, culture, and established processes will be crucial to the process. However, a good advisor will be able to guide you through the steps and ensure you have ticked all the boxes as well as created policies relevant to your business.

Throughout the creation, review, or updating of policy within your organisation, you should keep these considerations in mind:


Your practices shouldn’t necessarily be led by your policy. Rather, your policies should be led by your practices. We like to say that companies should document what they do, rather than do what they document. In this way, creating policies is a more natural and intuitive process.

Bullet points? Fine. A single-page policy? Fine. Simple language? Better than fine! It needs to be clear and understandable to those who use them. Just getting an idea down is key here; it will be refined organically with business-as-usual operational events and feedback.

All risk must be considered. Policies should certainly aim to mitigate critical risk. However, it’s important to remember that if the regulator gets called, something can be retroactively labelled a critical risk; an assessor could make the call that something you deemed not critical in fact was. All risk should be taken into account. Even a lower-grade risk repeated over time will hinder profit and productivity in the best case and cause serious harm or death in the worst case. Focus on critical risk first, but do your customers, workers, and yourself a favour and please don't stop there.

Policies should show that you are fulfilling due diligence and compliance requirements. Having policies in place that speak to HR and H&S practices is a big part of the proof of your efforts to ensure that your business is operating within the law.


TL;DR: What’s in a policy?

Policies need not live up to their dusty, boring reputation! Done right, policies create a framework for success. They can mitigate financial, employment, and safety risk, aid communication, preserve and reinforce your unique systems, and demonstrate compliance to the regulators and assessors when they come around.

Want that? Here’s how:

  • Decide what policies are needed
  • Identify which policies are already in place
  • Review the existing policies: are they relevant? Are they current?
  • Consult interested parties and seek feedback on the updated or new policies.
  • Publish and implement, making space for continued feedback.

It’s important to let your policies be led by practices already in place (assuming they fulfill safety or compliance requirements). Keep them clear and simple, aim to mitigate both critical risk and lower-grade risks, and keep in mind that they must show you are demonstrating your obligations under the law.

 


Get guidance to power up your policies

If you’d like a helping hand to perfect your policy framework and create documentation that is relevant to your organisation, Emendas is the top choice. It’s our goal to set you up for self-supported success with capability uplift and targeted advice, equipping your own people with the skills they need to sustain quality business systems.

Get in touch with the team!