Bailey Naples, CCEP
Manager of Compliance and Internal Audit
This is a three series of blogs that covers Compliance’s role in annual reviews of policies and procedures, employee appraisals, and conflict of interest forms. The first in the series discusses annual reviews of policies and procedures.
In this fast-paced ever-changing regulation world how is a Compliance and Ethics professional supposed to keep up? While there are large companies who have the resources to dedicate compliance teams to specific areas of regulations, I suspect more are where the Compliance Department is a one-stop-shop for almost all regulatory compliance. This, of course, can be a daunting if not impossible task of staying up to date on not only new regulations but changes to previously established policies. We must remember to review even our most basic policies and procedures at least annually.
One option, if you have the support, is to set up a policy review committee. If you are fortunate enough to have a Compliance Committee already established you can tie this right into your normal routine. The committee can divide up the policies between members to review and then they’ll report back to the committee at the next meeting. Forming a committee divides the work-load and holds all members to the deadline of review keeping the process moving along.
If you are unable to set up a policy review committee a second option would be to set up a similar timeline of review by yourself. They key is to schedule the time and meet with yourself. Don’t push off the time because something else comes up. Hold yourself to the review time as though you were meeting with a team.
When reviewing policies, begin by reading the policy. If it’s a policy you wrote, it is easy to assume all details of the policy are known and you can just do a cursory review. I would strongly encourage you to read policies as though you are reviewing someone else’s work. Think about the perspective of the reader, they may not have the background knowledge you have. If employees are coming to you often maybe the policy needs some clarification, maybe the document could use an FAQ section.
After reading the policy you should check any hyperlinks and verify contact information. It is easy for hyperlinks to become broken, even ones within your company. While it is easier for employees to have links within the policy and procedures it creates an additional responsibility of the policy owner to ensure they work. While contact information likely won’t change every year, turnover does happen and updates do occur. Even the government changes phone numbers and websites from time to time.
Once you have completed with the link check and verification of contact information, it is time to decide if you need to make minimal updates, if any, or if the policy needs a complete overhaul. Minimal updates can be done by the reviewer without a rollout to employees. A complete overhaul may require input from other teams and will definitely require communication to employees.
However, you decide to review your company’s policies and procedures the important thing is to keep them up to date for the employees. If employees find or think the policies are outdated and unreliable, it will be harder to get them to turn to them after all your hard work of updating them. You will have to regenerate that culture.Annual Reviews and Compliance's Role: Annual Reviews of Policies and ProceduresClick To Tweet