One of the tasks that will be conducted in any audit is the review of policies and procedures. Effective policies and procedures provide legal protection for the organization and, in effect, perform a ‘road map’ for what needs to be done to keep everyone on track, from the governance body through to operational staff, about the standard of practices required by the organization. These documents frequently provide clarity to the reader when dealing with issues that are of critical importance either to personnel or to the organization, including factors related to compliance, legal liabilities and regulatory obligations, HR practices, health and safety, client service delivery, and issues that may have serious consequences for the organization as a whole.
However, when minimal attention is placed on ensuring the policies and procedures are effective and routinely used, organizational staff (whether paid or unpaid) may not have the information and guidelines they need to effectively perform their role, and operational excellence can be compromised. A survey conducted by Lexis Nexis found that 62% of workers experienced difficulties with effectively sorting through information, resulting in wasted time and work outputs suffering. Studies have also shown that a typical worker spends about two hours each week looking for information, including details identified in procedures. This can have a significant impact on the efficiency of the organization and affects both employees and clients alike.
When auditors are reviewing policies and procedures, we tend to look at the ways these are written and to see if the people working for the organisation (in either a paid or unpaid capacity) understand how these apply to their practice. We also look to see how accessible these documents are for people to find, what impact the policies and procedures actually have on the people performing them as well as to the people who are the customers of the procedures. These reviews are usually very insightful and informative for the overall audit itself.
However, having policies and procedures in place without being followed is something we also see, along with policy and procedure manuals that are neglected from one audit to the next. In recent times, there has been a marked increase in the numbers of organisations purchasing policy and procedure manuals which are then presented for audit. While the content of any of these manuals may be useful and relevant to the organization, problems arise when:
• The content is obviously written for a different sector, for example, home care content which is different to disability-specific content.
• The organisation has simply inserted its name in the header line and there is no evidence of a review of the manual’s content.
• Details in the manual refer to practices the organisation does not do. For example, companies with sole directors have a manual which references a management committee or situations where businesses that only provide therapy services have manuals that refer to specialist housing.
• Manuals are in place as a compliance tool to ‘get through the audit’.
• Operational staff have no idea that there are policies and procedures in place as they haven’t seen these manuals or details relevant to their responsibilities.
When these situations occur, there may be significant impacts on the outcome of the audit itself. Discussions with people who purchase policy and procedure manuals as a ‘tick and flick’ exercise simply to meet compliance requirements can be challenging, particularly when they genuinely believe the manual is adequate for the purpose and we present a different view. Challenging conversations also occur when policy and procedure manuals are neglected from one audit to the next. Reminding people of the legal protection afforded by effective policies and procedures is only one part of the discussion. Exposing and addressing the strategic and operational risk to the organization is often what is required to help people understand the impacts and benefits associated with having relevant and effective policies and procedures in place.
1. What do you do to ensure your organization’s policies and procedures are relevant to its operations?
2. Where do you source best practice information to guide and inform policy and procedure development over time?
3. If you have been surprised to find the organization’s policies and procedures are not effective or do not address what the organization actually does, what actions have you taken to resolve these issues?
4. What do your staff have to say about the effectiveness of the organization’s policies and procedures? If there is a discrepancy between what they are saying and what you believe, what can you do about that?