Three warning signs of poor governance policy
As a risk manager, you are an important guardian who safeguards the future of your company. This is not hyperbole: Flawed policy management processes can result in non-compliant, unauthorised or inaccurate policies. A policy misstep around governance, risk or compliance can attract fines and penalties, brand damage and even a loss of customers.
Yet keeping tabs on policies can be difficult and sometimes even seem impossible. That’s why it’s important to know where your company’s policy regime stands. Fortunately, there are some easy signs to see if you have a policy problem:
Policies in silos: Different risks affect different parts of a business. So it leads that some policies will only make sense inside certain environments. As a result, many are created within specific departments or by certain individuals. While this practice is not necessarily a problem, it can complicate any clear view on all policies. Also, without good templates, the different policies could stop adhering to company standards and become even more opaque. If your business is generating risk-related policies without reliable standards and templates, you have a growing problem.
Out of date policies: Is your company able to review policies regularly? Is it a well-defined process, one that matches the templates and expectations upon which policies are created? Flawed version controls can lead to out-of-date policies being confused with new ones, while unattended policies risk slipping behind compliance requirements. Sadly this happens all too often, especially if the above problem of limited visibility due to silos is also in place. If you cannot say for certain that risk policies are being reviewed and updated regularly, you should be concerned.
Inefficient policy management: Creating a policy is one thing, but it’s quite another to get the input and sign-off from different parts of the business. The result is usually policies that languished in administrative limbo or, worse, a policy maintenance regime that is neglected, even ignored. This can really compound matters: policies aren’t being effectively updated and could lack the proof demanded by some compliance and governance rules. Since risk managers can’t be everywhere all the time, they must rely on others to do their part – and this is where the problems really start. Does any of that sound familiar? Then you certainly should be concerned about poor governance policies.
Fortunately, it’s not all bad news. The above problems are typical of robust companies. It’s simply that risk management systems have not kept pace with the growing dynamic nature of companies. But platforms such as Riskonnect link all the parts, include all role-players and deliver reliable templates that ensure coherence across your policy environment.
How does it work? Data integration, easy user tools and machine intelligence combine to give you real results.
To receive a monthly email consisting of a summary of all articles published by thryve during the previous month, please click here.