Is your policy control process putting your organisation at risk?

24 April 2019

All businesses have internal policies and procedures in some form. They play a crucial role in outlining key business processes, standards and expectations. Having such policies in place is one thing, but how can organisations be sure that their employees are aware of the policy, have understood its content, and have agreed to keep to it?

The role of HR policies 

Organisations use policies to communicate their ‘way of working’, as well as related legal requirements. Some, like health and safety policies, are mandatory but many are simply a way for organisations to establish common standards and make all employees aware of their responsibilities, as well as their rights. 

Yet HR policies play a crucial role in minimising an employer’s vicarious liability. An employer can be liable for the acts or omissions of its employees or contractors, which have taken place in the course of their work for the organisation, unless the business can demonstrate that they have taken ‘reasonable steps’ to prevent it. Being able to evidence that all employees have not only received, but also acknowledged and understood a related policy will provide strong confirmation of this. The same applies with the tracking of any updates to the policies over time.

The impact of non-compliance

The implications of employees not complying with policies are vast for businesses of all sizes. Firstly, there is the potential legal backlash resulting from employees failing to comply with legal and regulatory requirements, and the hefty fees and fines that these could entail. If this wasn’t enough, there is also the cost associated with potential criminal convictions including damage to brand image and reputation.

There are also people costs, namely:

  • the drop in employee engagement and morale associated with ambiguous protocols, or worse, conflicts at work, leading to reduced productivity; and
  • the time and effort required from key stakeholders and senior leaders to manage and rectify these issues, when their focus should be on developing and driving the business forward in line with its mission. 

In short, there are plenty of reasons why businesses should want to ensure they are getting their policy management process right.

What can be done?

Businesses should not underestimate the importance of the way in which they communicate new policies and any changes to existing policies with their employees. An internal policy control process can go a long way in maintaining compliance and creating a known directory of information, with both internal and regulatory standards, which reduces the risk of exposure resulting from a breach.

RSM’s Insight4GRC suite includes 4policies™, a policy management software which enables businesses to make all its policies available in one place and monitor deployment to staff. Policies can be matched to individuals to ensure that they only have the information relevant to them. Employers can request that they are formally accepted and can even test understanding of their content, in a similar way to e-learning. Alerts can be sent to employees every time the policies are updated, ensuring that their knowledge and awareness remains up to date. 

To find out more or to discuss other ways you should be tracking your employee’s awareness of organisational policies, contact Hannah Gibson-Patel