Businesses need internal rules to operate, fulfill their mission, and comply with legal requirements. These internal rules may need to be written and might take the form of policies, procedures, or other document types. Sometimes internal rules are unwritten in the form of verbal instructions or cultural norms or habits within the organization. Unwritten rules and instructions are always an important part of business and life, but on occasion they are not worth the paper they are not written on.
The quiz
Here”™s our test question to assess your organization”™s stance on policies. Select any of the below that apply.
a. Sure, we have written policies and procedures, but they gather dust on a shelf somewhere.
b. We have many long policies and procedures which are difficult to read and time-consuming to maintain. They decrease our efficiency.
c. Our written documents might conflict with laws and regulations we are subject to.
d. We don”™t have any written policies nor procedures.
e. We hate to read or write them.
f. Our written documents are clear and helpful, regularly reviewed and updated, comply with legal requirements, and help us fulfill our mission.
The answer key
And if you selected “f”, great job, and remember to continually improve them.
If you selected any of the other options, improvement is probably needed and you might even be in precarious territory. It may be time to find someone within or outside your company who enjoys the project and can start to improve your documentation.
An important task
Reading and writing policies and procedures is a dreaded task to some, but it doesn”™t need to be that way. They are an important tool and creating and updating policy documents helps organizations assess and improve themselves, a part of good management and meeting legal obligations.
Polices are internal rules
People have different understandings about what policy documents are or should be, or how a policy, standard, and procedure differ. Some organizations create combined “Policy and Procedure” documents but this is not advisable.
One key is to focus on what your organization”™s “internal rules” are and should be, then next is how to formalize and communicate those rules. Written rules include policies which should be general rules approved at a high level and not require frequent change. Procedures should be detailed step-by-step instructions to accomplish a task and are approved at a lower level of management. Another type of document is the standard, (somewhere in between) and more document types exist.
Internal rules are one of three important platforms
Think of your company”™s internal rules as a platform you build through good management and planning. It is one of four important platforms. As you build and improve your internal rules platform it should align with a platform of laws and regulations (external rules from government) and then a third platform which is the actions (practice) of your organization. A business should conceptually align these three platforms, and that is my Three Platforms to Connect concept.
An organization whose internal rules conflict with laws could find itself facing civil or even criminal consequences, since the organization”™s own rules might direct improper or illegal action. Similarly, an organization can be in legal hot water when employee actions violate civil or criminal laws.
With some quick research we could probably find an example of an organization that allegedly flouted tax laws and other financial requirements and then found itself the subject of a criminal prosecution by a local district attorney as well as a civil inquiry by a state attorney general. That example is not a typical compliance issue, but all organizations should consider how internal rules might be required or advisable for legal compliance.
Violation of law, regulation, contract, or simply behaving negligently all lead to negative consequences. Further, organizations that are unsure about compliance waste time on fear, uncertainty, and doubt.
Good internal rules can keep the organization in compliance with legal requirements. Some laws even require the organization to develop written policies and programs to manage compliance, and all government enforcers recognize the importance of good written policies that are properly enforced. Privacy and cybersecurity are prominent examples, other areas include employment, anti-discrimination, conflict of interest, whistleblower, and more.
Compliance is essential but no business exists for the sole purpose of complying with laws. This is where the Fourth Platform of business needs and mission comes in. Organizations exist to provide something to customers or clients ”“ products or services. They have a mission, serve important purposes, and generate revenue. Good internal rules help organizations accomplish their mission more efficiently. Employees know what the rules are, what to do and how. The job gets done better.
Conclusion
Legal compliance management is conceptualized with Bandler”™s Three Platforms to Connect to align legal requirements with internal policy and company action. To incorporate the business mission and perspective, we need to include and align the Fourth Platform.
Good policies, procedures, and other internal rules help businesses run efficiently, accomplish the mission and comply with legal requirements. Organizations should annually review their policies, procedures, and practices and aim for continual improvement.
John Bandler is an adjunct professor at Elisabeth Haub School of Law at Pace University who teaches about law as it intersects with cybercrime, cybersecurity and privacy. He is ”‹the principal and founder of Bandler Law Firm PLLC, a law practice that helps organizations navigate these areas.John Bandler is an adjunct professor at Elisabeth Haub School of Law at Pace University who teaches about law as it intersects with cybercrime, cybersecurity and privacy. He is ”‹the principal and founder of Bandler Law Firm PLLC, a law practice that helps organizations navigate these areas.
