Policies define expectations and boundaries for behavior, but these expectations frequently go unmet.

There are three major triggers for new policy creation or policy amendment:
• An adverse event highlights an operational risk that is not effectively controlled. A policy is required to address this risk and how this adverse event can be avoided in the future.
• A strategic objective: when an organization wants to achieve something important and commits to this in writing. The policy acts as the action plan and guidance for staff, making success more likely.
• A new regulation or law comes into force

All organizations are subject to numerous compliance requirements. Some are common to all—human resources policies, for example. Some are industry specific. Either type requires strict compliance with documented evidence. Policy management provides a formal process for acknowledging a regulatory requirement and translating this to action.

In some ways compliance-based policy management is straightforward:
• The policy objective is clear.
• The need for the policy is compelling.

 …