How Do You Identify Policies and Procedures that are Needed?

How many policies and procedures you develop depends on your acceptance of risk and variation within your organization. This acceptance of risk combined with your policies and procedures make up your governance model for how senior management manages risk. How do you identify policies and procedures that are needed?

• Accounting Policies and Procedures to close your books, count inventory, and manage cash,
• Financial Procedures to forecast working capital needs, arrange credit, and manage risk,
• IT Policies and Procedures Manual to arrange data backup, network security, and disaster recovery,
• Production Procedures to detail order fulfillment, scheduling, and quality control,
• Sales & Marketing Procedures to define sales cycles, trade show management, and target marketing.

Every area in your company has some type of policies and procedures that are being used, even if they are not written down in a procedure manual. They still exist.

Most businesses wait to standardize them until after a negative event. Don’t wait until after you lose a customer over poor customer service. Start writing down what daily procedures are being used right now. Now that we know how important procedures are, how do we determine how many we need?

How to Identify needed Policies and Procedures

Positive Future Vision

There are a number of variables that can help us determine needed procedures for your company. The steps include: your vision and mission, map core processes, define your policies and metrics, identify internal controls, write necessary procedures and “Review, Improve and Adjust”.

Let’s look at each one.

1. Start With Your Vision And Mission

The first part of risk management starts with your vision and mission. Your vision is about you while your mission is about your customers. By defining your vision and mission you are also defining what processes are critical to achieving your goals.

For example: if you are a pizza delivery business, then your mission might be Good Pizza Fast.

2. Map Core Processes Needed To Achieve Vision And Mission

Your core business processes include product manufacturing/service delivery, purchasing, and product development. Other core processes may include sales, marketing, finance, quality, human resources, information technology, and management responsibility depending on your business model, size or industry.

For example: if your mission is Good Pizza Fast, then your mission defines food preparation, purchasing, and delivery as critical processes.

3. Define Your Policies And Metrics

Metrics are a critical control item for how you are going to measure and manage those processes and the achievement of your vision and mission. Metrics make the difference between strategic platitudes and actually realizing your vision.

For example: if your critical processes are purchasing, food preparation, and delivery, then your policies may include fresh ingredients used within 48 hours; pizzas made within 10 minutes; and delivered within 30 minutes.

4. Identify Internal Controls

Internal controls are used to prevent process failure, which are needed to reduce risk, decrease variation, and focus on results. Your internal controls are the check step to ensure your process is under control.

For example: if your policies include fresh ingredients used within 48 hours; then your internal controls may include time stamping all ingredients, FIFO inventory, and temperature alarms.

5. Write Necessary Procedures

Can you manage all of this with just your process maps? If your processes are more complex than a process map then you can add the process map detail to a procedure. If your process possess a lot of risk or is complex then this process is a good candidate for writing a procedure. If you need more detail then add work instructions or job aids to add more detail.

For example: if your internal controls include time stamping all ingredients, FIFO inventory, and temperature alarms, then do you need to explain these controls in a procedure, work instruction or job aid?

f you have a lot of ingredients or critical temperatures that could cause spoilage, then more detail might be necessary to avoid waste, food safety issues, or maintain customer satisfaction.

6. Monitor, Review, And Adjust

How do you know if you have enough procedures? You can determine needed procedures by monitoring, reviewing and adjusting. This is the Plan, DO, Check, Act (PDCA) process approach to policies and procedures management. Metrics provide the measures that can be monitored for review.

For example: if your internal controls are not working then you might see increased waste, spoilage or decreased customer satisfaction. By monitoring these measures, you should see changes that can trigger an action to adjust your internal controls and improve service levels.

Identify Policies and Procedures that are Needed

Can You Lead an Organization Without Policies and Procedures? Yes it’s possible. Companies do it all the time. The question is: how much risk can you absorb before it fails?

Companies with high profit margins can absorb a lot of risk (in other words throw away a lot of pizza ingredients) before they document their processes. As long as your profits are greater than your risks, then you can get away with it.

But as soon as an unacceptable risk appears, it’s all over. And that is when the steps above for determining needed procedures come into play.