Policy Management and Remote Work: Adapting to the New Normal
This is a guest post from Michael Rasmussen of GRC 20/20.
The COVID-19 pandemic has changed everything. What started as a health and safety risk has had a domino impact of other risks that have resulted in changed business practices, processes, objectives, and expectations.
One critical area of impact is the proliferation and support of remote workers. Coming out of the pandemic, it is safe to say that working from home is going to remain a common practice for most organizations, and for some, a primary practice.
For me, this does not change much. I have been working from a remote home office for going on 25 years. I work best from home, but, this is not the case for everyone—for many, remote working is very new and confusing.
Corporate policy confusion
One area of confusion is corporate policies. Over the past three months of quarantine, I have talked to dozens of organizations that are struggling with policy management. As they aim to revise policies to support remote workers, to change policies to adapt to the pandemic and its requirements, and try to communicate policies that have not changed to remote workers, they have realized that policy management and communication is a mess.
One financial services organization I talked to told me they discovered they had 20 different policy portals. HR has their policy portal, IT has one, accounting has one, compliance and ethics, legal, and on and on and on. Policies looked different on each portal and were in different writing styles and templates. Some were out of date and inconsistent. But, what really was confusing: remote workers were looking for a singular portal to access corporate policies, and none existed.
As organizations react to a changing business environment, it should be easy for employees to find revised policies—the home office expense policy, home office IT security policy, compliance policies related to remote work, and more.
Greater crises, greater stress
In a time of crisis, some policies do not change. But the risks associated with those policies do change, and people need to be reminded of them—increased risk of fraud as employees are under financial stress or increased risk of bribery as an employee might be tempted to bribe to a foreign government official. There is even an increased risk of harassment and discrimination as employees are working from home and may feel that the same rules do not apply, when they certainly do.
This all means that policy access and communications become more critical in a time of crisis.
In a time of stress and change, such as the current pandemic, it is necessary that we simplify and streamline access to policies for employees. Any confusion we add to employees increases their stress and frustration and weakens their sense of security and control of the organization.
What to do and six questions to ask
Simply put, companies can combat this by catering to the needs of their employees.
Organizations need a single portal for employees to access policies, complete policy-related tasks such as attestations, and find the answers they need when they need it. Instead of scouring 20 different portals for policies, every official corporate policy should be on one portal in a common template and using consistent writing and style.
During this crisis, and coming out of it, organizations need to rethink their approach to policy management and employee engagement on policies. Consider these six questions as you aim to create a strong corporate culture across a remote work environment.
- Do you know or have a list of all the official policies of the organization across departments?
- Are all policies written in a clear and consistent writing style using a common template?
- Are policies current and up to date to reflect your current environment and requirements/needs?
- Are all policies accessible via a singular common policy portal and easy to find and access?
- Do employees know what policies have changed and their responsibilities in context of those changes?
- Is it easy for employees to accomplish policy-related tasks and ask questions on policies?
Looking for more? Read Michael Rasmussen's recent article about COVID-19 risk management.
About the Author
Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC)—with specific expertise on the topics of enterprise GRC, GRC technology, corporate compliance, and policy management. With 22+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architecture, and select technologies that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC,” being the first to define and model the GRC market in February 2002 while at Forrester.