Compliance and Policy Compliance, might not be the most interesting of subjects for most people, but it’s bread and butter for HR and of course Compliance Managers. They know it’s more than just a tick box exercise to show one’s following the rules – a company policy is a guide for employees, but first and foremost it’s an insurance policy for an organisation in case of any compliance issues. But here comes the problem – not just one, but thousands in larger organisations – people.
You might have all the policies in place on your computer, sent them to staff via email or displayed them on the notice board – you did your job – but, did employees read those documents? Can you say who did and who didn’t read them? What if you need to show real numbers during a board meeting confirming policy compliance and importantly, non-compliance? Probably you can’t – it’s because most of the knowledge regarding policy compliance comes down to assumptions, not facts. A black hole of assumptions.
Organisation policies 101 or why should you really care about facts?
It’s obvious but it has to be repeated over and over – policies are there to define approaches and introduce internal laws and rules in organisations. For businesses, policies can be set internally – those developed within an organisation to guide how employees undertake specific aspects in their jobs or should behave – and externally, usually established at a national level by governments to ensure appropriate standards across different industries. The important role of HR or Compliance Managers is to make sure the organisation as a whole follows these rules – no matter if they are about safety or finance, it’s a matter of life and death for an organisation. Shareholders are looking for profits, not problems. And there are a lot of problems around if you read the newspapers. For example, Food Safety regulations data for the UK, overseen by the Food Standards Agency, show 978 convictions in 2015/16, with penalties ranging from a few hundred pounds to £10,000 and a prison sentence. The Information Commissioner’s Office reported 450 cases of non-compliance with the Data Protection Act between January and March 2016. And provisional figures for UK workplace health and safety convictions show that, in 2014/15, there were 905 convictions with an average fine of £18,000. In the same period, 142 workers were killed at work.
But the organisation, the one that needs to follow government requirements, is not just a legal term – it’s a living organism consisting of people; employees that need to be provided with guidelines or strict rules based on the law and corporate culture. Of course, it’s a multidimensional process – managers are often affected with both legal and internal policies and they are responsible for their implementation in their departments, while regular employees might only need to obey internal policies.
Back to the compliance black hole
As much as you and the shareholders understand all the reasons behind policies, most of the people in your organisation are basically immune to any communication regarding organisation policies. They can delete policy emails without even reading them, they may pass by the notice board every day as if it was invisible. Finally, they just yawn when you talk about the importance of compliance during meetings. There are three reasons for this:
- In most organisations, announcing a policy is a monologue communication and employees know that. They accept their passive role (of course) and just hit delete the moment a new policy arrives as they know you have no way to check what they did. The problem with that is, as much as you might understand that they’re averse to bureaucracy, your role is to ensure policy compliance and as mentioned earlier, you cannot assume compliance without knowledge of who did and who didn’t receive and accept a policy.
- In many organisations, policies are not targeted; all employees receive each and every policy into their mailbox even if it doesn’t apply to them. Considering the fact they want to focus on work, after receiving the 10th policy that isn’t relevant to them, they will just delete the 11th policy and all the following, no matter who they apply to. It is understandable, but what you can do is to make sure only relevant policies are delivered to the applicable people.
- •Let’s face it, people, in general don’t like rules – they are rebels at heart and like to be independent. So if you take the first two reasons into consideration and add this one, you cannot blame them for rolling their eyes when you tell them about ANOTHER new policy – for them it’s just another unnecessary piece of bureaucracy, while for you and the shareholders it might be a way to ensure safety or wellbeing in the workplace.
All the above makes your work as a person responsible for compliance extremely difficult. Not only is it hard to introduce rules that might be crucial for the business, it’s even harder to pinpoint departments or even smaller groups of people in your organisation that might be affected in the future. Without monitoring compliance, you cannot manage the problems of non-compliance. You’re powerless.
How to regain the power and forget about the black hole?
Think about your policy compliance strategy in this way: Preparation, Implementation, Audit. While you can fully control the first stage, you’re mostly helpless when it comes to the latter. Technology might not sort out all the problems of humanity but it will be very helpful here.
With proper software like WorkWize, you can automate the distribution process more efficiently than your current process. Connecting WorkWize to your HR system ensures all employees are (and will be) included but also allows you to assign certain policies to certain departments or even people. The whole process can be fully automated so if a new employee is added, the system will recognise what policies should be assigned to this person and how often to resend, if required.
Sending a policy is just the first step and as mentioned earlier, employees don’t engage once they receive the policy. But software like WorkWize can change that. Your employee will be asked to open and accept the policy so they will know that you know! And since you know who accepted the policy and who didn’t, not only can you prevent certain situations from happening, but also improve compliance in your organisation. Reports can then be easily generated for both internal and external audiences, drawing on solid evidence. The black hole is gone.
Policies might be disliked or even hated by people in your organisation. The same way a child doesn’t like sour medicine. But if you are in charge of compliance your role is to ensure compliance and apply the medicine to make sure the workplace stays safe and healthy. All you need is a proper tool and it’s probably time to start using it. Before it’s too late.