Meeting at the Intersection of Policy and Compliance

If you’ve spent any amount of time with your compliance unit, you know about the seven elements of an effective compliance program. These are the foundation pieces that frame compliance at our institutions. The first element speaks directly to the establishment of policies and procedures. It’s not good enough to just have policies and procedures, however. There’s more to this element, namely, policies must be:

• clearly written,
• relevant and current,
• specific to job functions within the organization,
• reviewed on a regular basis, and
• readily available.

This is why your role at your institution fits so well with addressing this element.

Clearly Written

This is a bit subjective since everyone has different experiences. Using the word “debit’ in an accounting policy may not resonate with individuals who don’t often use this word. The good news is that it’s also not likely that the policy would apply to them.

Here are some questions to ask yourself or group:

• Are there words or phrases that are not allowed in your administrative policies?At the University of Minnesota, ‘shall’ was only used in our Board of Regents policies.Administrative policies used ‘must’, ‘are responsible for’, ‘are prohibited from’, etc. to make it clearer to the reader.
• Do you require that acronyms only be used in policies once the full term has been spelled out the first time it was used? Are acronyms then used consistently throughout the policy?
• Are there sentences that are too long?How might they be broken up into smaller chunks of information to be more easily absorbed?
• Are there terms that are not commonly understood?
• Are the sections of the policy in the correct order (e.g., initiation to termination)?
• Do you use bullets to make points vs. wordy sentences, when appropriate?
• Do you have someone with editing skills who is part of the review process?
• Do you have institutional mechanisms to create usability tests?

The most important question, however, is this: have you asked your stakeholders? This may not be a small investment in time but if the policy is not understood, it’s hard to know if the individual will be able to comply with the requirements.

Relevant and Current

This is typically the role of the policy owner, but you as the policy administrator can send out routine reminders to review the information and let your office know if changes are needed.

• Are policy owners encouraged/required to regularly review their content to ensure that the content is current?
• Is the policy still needed? If so, why?This is a hard one because there is ownership, and it can be hard for the owner to ‘let go’ of a policy.
• Does your office help watch for changes in related policies (e.g., Board of Regents or governing laws and regulations) so that the policies may be updated?
• Do any new laws trigger the need for a new policy?

Specific to Job Functions within the Organization

Most of the work here likely resides with managers who should ensure that their staff know which policies apply to them. I use the word ‘should’ but it often doesn’t happen, especially if there are a lot of policies in your policy library. Helping the policy owners make it clear as to which audience is impacted by the policy could fit well with your role as policy administrator.

• Does the policy scope or equivalent state the individuals/groups for whom the policy requirements apply?
• Are there definitions in the policy that might further elaborate the roles that are impacted?
• Do you have groupings by high-level functions (research, teaching, outreach, human resources) that might help guide employees to the right sections?

Reviewed Regularly

If a policy needs to be ‘dusted off’ before viewed, it’s likely been too long since an actual review was conducted. There are also flavors of reviews. A simple review might be one that merely confirms that the content is still current. This is the most passive of reviews and it does allow policy owners to take the easy way of just saying ‘yes’.

A more comprehensive approach to regular reviews will net you significant benefits:

• Are there policies that can be combined because the topics are so closely related?
• Are there policies that should be retired?
• Would existing policies benefit from a partial or full re-write to improve readability, etc.?

Readily Available

If part of your responsibilities includes managing the website and the policy library, the onus for this part of the element is all yours. It’s a bit more complicated for you if you depend on technical resources not under your control to accomplish updates and more.

• Is your website and content available 24/7?
• Are downtimes announced?
• Are stakeholders able to view policies on a version specifically for mobile devices?
• Are you able to promote new and significantly revised policies on your home page to help stakeholders stay up with the most current of information?

Institutions care about being compliant and the important work you do is essentially to helping fulfill this element.