This post is the third in a series on the risks of using SharePoint for your policy management system.
In part three of our series (read parts one and two), we’re going to focus on the efficiencies you don’t gain by using SharePoint as a policy management system. Let’s take a look at some of the ways using SharePoint costs you valuable time:
Time: Following-Up On Policy Editors, Reviewers And Approvers
Managing policies requires a lot of manual follow up. First, in order to get a policy reviewed and approved, you need to chase down all of the people who contribute to the writing. This takes place over a period of time – could be days, weeks or months, and you may have dozens of people involved when dealing with wide-reaching policies.
With a robust policy process in place, those responsible for edits, reviews and approvals are notified when their contributions are due, and reminded when they haven’t followed through. Manual work isn’t required to chase down every contributor but instead can be deployed only when the reminders are ignored by select individuals.
Without such a process in place, there’s a lot of manual follow-up to do. Policies may stay in a state of limbo, waiting on approval or review by a single individual who is on leave or not responding to reminders. The release of the policy, and typically the release of related business ethics training, to the employee base is delayed because of a single person.
SharePoint supports basic workflow capabilities, but you must invest in software coding and development to configure the standard review and approval workflows inherent to policy management. The custom work is then at risk when updated versions of SharePoint are deployed.
SharePoint cannot help reduce this cost without custom programming.
Time: Following-Up On Those Assigned to Attest to the Policy
It is not always easy to get employees to do their compliance activities, like read policies and complete business ethics training. How do you get all the affected employees to read a policy that pertains to them? Can you see at a glance which employees have read it, and which have not?
With a robust policy process in place, you’ll be able to quickly see a list of employees (or third parties) who haven’t completed their assignment. You’ll also be able to see the employees’ supervisors, and send those supervisors a reminder to follow up with their direct reports.
Without a process like this in place, you’ll have to do a lot of collation of data from multiple spreadsheets and other sources to see the completion rate on an assignment. You’ll then have to do additional wrangling to get the employees’ managers to follow up.
SharePoint does not natively provide the capability to identify who has read a document and who stated they would comply. Audit capability can be enabled, allowing you to log who has opened a document, but in order to capture a deliberate attestation action, the document has to then be configured to open a separate form to record that action, which requires custom development. Then that data has to be reviewed to find out who hasn’t fulfilled the obligation.
SharePoint only partially reduces this cost.
Cost: Paper, Printing and Binding
How much are you spending on paper, printing and binding to publish paper-bound policies?
With a robust policy process in place, policies are available in an online system that provides access to current policy as soon as it’s published, without requiring a manual effort to print and distribute to every location. No money is spent on printing copies, binding, or delivering between locations.
If your policies are still on paper, it can cost thousands of dollars to print and bind enough copies of a single policy to distribute throughout the organization. These costs pale in comparison to the impact of an important policy violation, but they still contribute to the costs of the status quo policy process in place in many organizations.
SharePoint can provide access to policy documents electronically, where employees can read them without having to print them to paper.
SharePoint addresses this cost.
Time: Searching the Intranet for the Right Policy
How long does it take to find the policy you need? Can you find the answer to a question quickly?
With a robust policy process, all of your policies are in one place and employees can find them with a simple search tool. You can search the policy contents with keyword search, or search by tags applied by the policy authors and editors. Information is at your fingertips.
Without such a process in place, policies end up stored in a number of different shared folders, SharePoint sites and standalone document management systems. Employees have to search each of them to find the document they need, and the search process varies across each. I can take 45 minutes to find a certain policy, leaving employees frustrated and unproductive.
SharePoint provides search capability that accesses anything in the SharePoint site, so your results often include many documents and spreadsheets that aren’t policies. You literally have to browse the resulting list to find what you’re looking for. If it’s not there, you must search for additional SharePoint sites where that document might be. The process is inefficient and often leaves questions unanswered.
SharePoint partially addresses this cost.
Time: Replacing Old Versions on All Appropriate Intranet / SharePoint Sites
In how many different locations do you store your policies, to ensure everyone can access them? Do you always go back and remove expired policies?
If you have a robust policy process, all policies are stored in a single system of record, so employees know every policy they need is in that one system.. New versions are placed in the system of record and the job of distribution is complete. At the same time, old versions will be archived so that only the current policies are available.
Without such a policy management system in place, your enterprise may put copies of key policies on different SharePoint sites which are visible to different segments of the organization, such as Finance, Human Resources and Operations, to ensure everyone has access. Someone has to make sure to put the new version in all those locations so employees aren’t reading the out of date information, that is inconsistent with the company’s business ethics training or current legislation. That person has to also remove or archive the old version so it’s no longer visible.
SharePoint does not maintain awareness of redundant sites, so it will not notify you where the other copies live or provide any way to update them automatically. SharePoint can update an old document with a new one, but custom configuration is required to ensure that only select individuals can see the old versions.
In summary, SharePoint is not a defensible policy management system.
SharePoint does not address this cost without custom programming.
For more information on policy management check out these resources:
on-Demand Webinar: Securing Executive Buy-In for Your Policy Management System
OCEG Policy Management Illustrated Series
Blog: Why Printing Policies, Procedures is a Very Bad Idea