First, what is a policy? We know that a policy and procedure are two distinct entities. According to the dictionary, policy is a “definite course or method of action selected from alternatives and in light of given conditions to guide and determine present and future decisions”. So, what is a policy cycle? Organizations typically have high- and low-level policies. High-level policies govern the entire company in most or all circumstances. They are somewhat generalized and often articulate soft goals. They speak of company desires, needs, and aspirations. High-level policy doesn’t readily lend itself to procedures; instead, it takes the form of a standard, or a guideline. Low-level policy deals with a more specific set of circumstances.
Low-level policy is the kind that usually leads to procedures. An example of a low-level policy that everyone’s familiar with has to do with attendance; employees are expected to come to the office to carry out their duties during “normal working hours”.
Because the world around us is continually changing, our policies – especially the high-level policies – have to be reviewed and reshaped occasionally. We do this by implementing a “policy cycle”.
What Does the Policy Cycle Consist of?
Setting the Policy Agenda
Your organization has limited resources – time, money, people, etc. Whatever your company’s intent, whatever its objectives and strategy, you can only do so much. Your policy agenda is a concession to the scarcity of resources. What resources you have, you manage well and you prioritize.
The smaller the organization, the easier it is to start the policy cycle, generally. It’s with large organizations that we see more intense competition to politicize an agenda – to get preferred items on the agenda because they serve localized interests, which are easier to understand and deal with, rather than those of the entire company.
Writing Policy
This is a big part of the policy cycle because a policy has to be easy to understand and implement. New business policy statements have to be written clearly, concisely, and directly. Policies should not be open to interpretation, though this isn’t always possible, especially with high-level policies. In that case, the company must identify policy experts who will be readily available to interpret policy and resolve differences.
Policy writing has to be an iterative process. Policy drafts should be reviewed by a representative sample of the group or groups who will be responsible for implementing the policy on a daily basis.
Implementing Policy
IT Security Policies
People have to know that a policy exists if they’re to be held accountable for it. Not only do they need to be aware of it – they should also know why the policy exists. People generally view policies as restrictions and unless it’s clear where and why the policy originated – that there’s a valid reason for it and that the organization benefits – compliance will be a problem in this part of the policy cycle.
Policies have to be communicated effectively and there needs to be a suitable introductory period to ensure compliance. People should have plenty of advance notice – give them time to learn the policy, discuss it with others, understand it, and submit their comments. When people feel like they’ve had a say in policy, they’re more likely to comply.
Enforcing Policy
Given that policies are often developed in response to problems, how do you make sure the problem doesn’t recur? Well, you try not to do what a lot of governmental bodies often do – you don’t make policy that’s unenforceable. The U.S. Congress has been doing this for years with respect to food safety, writing more laws for the FDA to enforce while hampering its ability to conduct inspections by slashing its budget.
Policy has to be clear on what constitutes compliance and what happens in the event of noncompliance. There has to be a clear responsibility for ensuring compliance and imposing penalties.
Reviewing and Updating Policy
Policies are often changed only because a noticeable event or trend occurred which forced the organization to respond. A notable example of that is the proliferation of smartphones; so many individuals have purchased smartphones and incorporated them into their daily routines so quickly that the company can’t keep up.
The majority of company policies, once written and implemented, are rarely looked at again. Yet, the reviewing part of the policy cycle is needed to ensure that they reflect the business realities of the moment. A good example of that is some automakers’ infatuation with the SUV, based on a policy of maximizing profit rather than giving customers what they need. Even if $140 barrels of oil and the decline in SUV sales weren’t a strong enough signal to them, the automakers should have been reevaluating their policy periodically with an eye to updating it. Their hundred-year-plus histories should have told them – you either change or you have change forced on you.
What about your organization? When was the last time you reviewed any of your policy manual? Do you follow a policy cycle?
Download free policies and procedures in easy to edit Microsoft Word templates to quickly and easily create your own policy and procedure manual the fastest way possible — using Bizmanualz policy and procedure templates.