I recently had the opportunity to attend our Client Advisory Council (CAC) in Atlanta to visit with a group of clients to discuss compliance trends and hear from Subject Matter Experts in the field of ethics and compliance training and policy management. I have only been with The Network since August so this was a great chance for me to meet our clients and hear about how they tackle compliance training and policy management challenges.
I’m the Product Manager for our Policy Management Solution so I was eager to speak with our clients and hear about their processes. A main focus of conversation at my table was ethics and compliance management systems and how most clients were in the process of taking their policies online. The clients at my table all agreed that the next step in developing a robust compliance management system was to take their Word documents and employee handbooks and put them in an online repository. This led us to the discussion of policy ownership. There are two reasons why I believe policy ownership becomes far easier when you have the right ethics and compliance management system in place.
You Can Identify the Owner, Not Just the Person Who Uploaded the Document
I’ve heard this approach from clients and prospects before – taking the employee handbook policies and putting them in a central location – however, inevitably what happens is that once the policies are online you are no longer able to recognize who the true owner of the content is. This may not sound like a big problem, but it is. Most organizations have policies owned by HR, IT, Compliance, Finance… and the list goes on. Some large companies have several hundred or even thousands of policies. The first step in being able to keep track of all of those policies is knowing who is responsible for updating each one, and that’s knowing who owns it.
Many of the clients I talked with mentioned how their name was associated with multiple policies simply because they were the ones to put them on their company’s Intranet or SharePoint. (Read my colleague John Peltier’s great blog series on why using SharePoint as a policy management system is a bad idea.) They were not the content owners and had no real authorship or control over the policies. When those policies are up for review, people naturally go to the name they see next to the document, who, again, is just the person who uploaded it.
This becomes even more challenging when you’re trying to keep your policies up to date with changing industry legislation. Just because your name is next to the document does not mean you are the one who owns the content of the document.
When You Know the Author, You Can Automate the Review Process
One of the many reasons to digitize compliance management systems is so the review process becomes more automated. Making sure that your employees are reading and attesting to your policies is hard enough, but throwing in the need to make sure the correct individual is assigned as the owner of a specific policy does not help with streamlining the process.
A proper ethics and compliance management system should help designate who owns the content of the policy and allow for ownership to be changed amongst individuals if needed. At The Network, our Policy Management solution allows for the digitization of a company’s policies in one central repository. We recognized the need to be able to assign ownership of a policy to an individual on a policy by policy basis.
One of the individuals I had the opportunity to speak with at the CAC mentioned how one of the people listed as an owner of multiple policies at his company is no longer working there, but people are still trying to contact the person to update the policy or explain specifics within the policy. Because no one at the company can change the name associated with the person who uploaded the policy to their Intranet, it was preventing people from getting the correct information from the correct people when they had questions or suggestions about a policy.
That is a very serious issue. What if there were questions about reporting issues? Or disclosures? Or requesting exceptions? Those are very important issues that have to be tracked and documented, not lost out in cyberspace because they’re being sent to an empty mailbox. It’s just critical for employees to be able to identify a policy owner.
With an ethics and compliance management system like the one we offer, the issue of who owns the policy and who should be assigned to own the policy is not a roadblock to allowing for a comprehensive management of policy content.
Policy ownership is an important part of the policy management process and it’s one that doesn’t get talked about often in the ethics and compliance space. I’m grateful I had a chance to talk about it with the clients at the CAC.