Monday, November 26, 2007

Policies and Procedures - Need of an hour

I was just reading an interesting article on "Why policies and procedures". Though many of us have breathe in and out with these terms, (Thanks to so many standards & framework floating around :)) this article puts it in very simple form so I thought of sharing it across and also it was long time I penned down :)

We have heard these impressive questions & quotes viz "Why do we need policies and procedures " or "Policies and procedures help your organization" etc. so many times. Probably you may also be the one instead asking these questions. So how happy were you with the answer you gave or the one you received. May be not very. Though it might seems such an obvious question but still we have to struggle to give it clear and meaningful response. Isn't it ?

Well, nothing to hide it off but at this point we need to understand this term clearly and understand it before starting the system of policies and procedures.

If you start listing it down the reasons "Why policies and procedures are necessary", I am sure to come up with page-long lists . But of course such long lists lose meaning and value because they are too long to really remember and absorb. And plus such long list I am sure will have overlap and repetition.

So here are some four very basic reasons that demonstrate why we should develop procedures to document important process:
  • Compliance
  • Operational Needs
  • Manage Risks
  • Continuous Improvement

1. Improve Compliance

Policies & Procedures Can Improve Compliance. Every organization has to comply with some laws and regulations . Even the smallest of organizations must comply with tax laws and with state and local regulations , while some bigger organization have to cope with a myriad of federal and state laws and regulations.

Also organizations today are geared towards implementing the quality standards and need to have compliance with standards like ISO 9001, CMMI, ISO 27000 , ISO 22000, etc.

While procedures themselves may not demonstrate compliance, well-defined and documented processes (i.e. procedures, training materials) along with records that demonstrate process capability can make evident an effective internal control system and compliance to regulations and standards.

Let’s face it; if your organization is having trouble in performing the rudimentary function of obeying laws and regulations, then it is likely struggling even more at being effective and successful in fulfilling its core missions. If compliance is an issue in your organization, then creating well-defined processes documented by procedures in order to meet your legal and regulatory requirements should be a high priority.

2. Operational Needs are Met through Policies and Procedures

What is really important in your business? What is fundamental for its success? Are practices associated with them being steered by top management? How much visibility and transparency is there into the effectiveness of these key processes?
This brings us to the next important role of procedures; to ensure processes fundamental to the organization’s success are properly guided by management, are performed in a consistent way that meets the organizations needs, and that important related information and data are captured and communicated.

For example, if regularly introducing new and improved products is essential to the success of your business, shouldn't you be in control of your sales and marketing cycle that captures customer requirements and desires so they can be translated into your product design?

Shouldn’t there be well-documented design review and product launch processes? Policies and procedures are a way to document such key activities so they are executed consistently and implement the best practices for the organization.

3. Risks can be Managed with Well-Written Procedures

Risk - It's in every business , every organization. If you are saying you don't have any risks, then This is the biggest risk you are enveloping of not identifying the risks properly.

Every business must recognize and manage risk. Risk management is a process to ensure all events can be managed according to an organizations risk appetite.

Established policies and procedures act as a control activity needed to manage risk.

So whether it is a fire or a corrupt/incompetent accountant, procedures define how reasonable measures are built into processes to prevent such events, and they describe how the organization will manage and recover from such events should they occur.

Another reason for procedures that fits well into this category is the documentation of organizational knowledge . Key personnel leaving, perhaps even joining a competitor is always a risk. That risk is diminished to a degree if key organizational knowledge is documented in a procedure, as opposed to important information being stored in a person’s head, in their computer, on simply jotted down in their notebook or journal.

4 . Procedures Can Drive Improvement

Continuous Improvement is one of the most important, yet frequently overlooked reasons for developing an internal control system of policies and procedures.

One role procedures play in continuous improvement is implementing a Plan-Do-Check-Act (PDCA) approach to processes.

Clear policies (that should be developed or approved by management) describe operational goals and direction, implemented by the Plan, which includes SMART objectives and that describe best organizational practices.
The Do section carries out the plan and captures the data related to the stated objectives.
The check phase reviews the data in relation to goals and objectives, and
Act means reflective changes in the process or the procedure that improves the process effectiveness, or altering objectives to be more realistic or meaningful.

Lack of clear communication is a common impediment to improvement and success. Procedures can also build important internal communication practices into processes.
For example, the collection process can include notifying the Sales Department which customers aren’t paying their bills, so the Sales staff isn’t spending time making sales calls to customers who do not pay for what they buy is one of the most important, yet frequently overlooked reasons for developing an internal control system of policies and procedures.

One role procedures play in continuous improvement is implementing a Plan-Do-Check-Act (PDCA) approach to processes.

So go ahead and embrace the power of Policies and procedures in your organization.

Final note - "The existence of procedures themselves does not demonstrate internal control; procedures that clearly document processes and that are used, followed, and maintained do."

No comments: