I doubt if I’ll get much objection to this statement: Compliance teams are overworked and understaffed. Many times we hear that compliance teams are aware that their processes for managing policies are haphazard at best, yet there isn’t the time to spend following up on out-of-date documents or trying to determine whether employees have completed their training.
Would it help if you could “set and forget”? Well, you can.
In Getting Things Done: The Art of Stress-Free Productivity, David Allen’s bestselling book from 2002 on the topic of time management and productivity, Allen not only tells audiences how to maintain “inbox zero,” but also how to implement systems to provide access to information when it’s needed. And only when it’s useful.
Allen writes about one of his two key objectives behind the tactics in the book, keeping one’s mind clear of to-do items: “Capturing all the things that need to get done – now, later, someday, big, little, or in between – into a logical and trusted system outside of your head and off your mind.”
Keeping policies up to date, and making sure employees are trained, is vitally important to the health of your compliance program. But there are more complex issues keeping you up at night and staying late at the office.
That’s why a true policy management system, and not just a bunch of documents on a network drive, is such a necessity, especially in an expanding regulatory landscape that requires a greater degree of auditability. It’s not just about having the policy. It’s just as important to have a tried and true way to develop your policies collaboratively, to distribute those policies, to track who read them and when, and to manage updates and previous versions. Simply put, you need a trusted system.
A trusted system, in David Allen’s paradigm, manages all the information you need and the tasks you need to accomplish, and makes the relevant information available when you are able to act upon it. When you aren’t able to take action, the policy management system keeps track of the information for you and acts upon it, so you don’t have to.
As Allen says, “If you don’t trust your system, you can’t let go of operational details and you’ll limit your ability to create at a bigger level.” And you want to – no, you must – create at a bigger level.
For managing your compliance policies, don’t you want to approve the policy, assign it to the right audience, and not have to think about it again? Wouldn’t it be nice to think about employee training when some people are past due, and have a system that’s able to tell you who? Don’t you want to know that when it’s time to review a policy, you’ll be reminded without having to think about it?
That’s what a policy management system gives you: Time to “not think” about managing your policies.