CXO

Have a policy for making policies

Formalized policies and procedures help protect you, your company, and your employees; but what should they cover, and how do you formulate them? This article explains how to make policies and procedures.


While many large companies have in-house legal departments to approve all policies, “progressive discipline” plans, and well-documented procedures, plenty of smaller and midsize organizations leave these important decisions to the human resources department and department managers. Too often, policies and procedures at these companies run to extremes, with either too few directives to be effective or far too many to be reasonable.

If you’re a manager at one of these companies, planning your policy strategy is important for setting behavioral guidelines and expectations, both for you and your employees. It’s usually far more effective than postmortem reactions as well. Protect both yourself and your team by keeping your policies clear and consistent. You need a policy for making policies.

Progressive discipline plans
For more information on progressive discipline plans, see the gantthead article "Progressive discipline: Preparing for the critical first meeting."

The difference between policy and procedure
Policies intended to protect employees and employers from personal or professional infringement require two parts: a guide for behavior and rules for enforcing it. When it comes to your department, you must present expectations that are tangible and that can be followed. This is what is meant by procedure. The guidelines that dictate what actions should be taken when a procedure isn’t followed constitute your department’s policies. The difference is that procedures explain how to accomplish a task, while policies lay down the rules for following procedures.

For example, if you expect all programmers to check their code into a versioning control system at the end of the day, your department’s procedural document should make this clear. If an employee doesn’t check in his code, your department’s policy document should detail the repercussions.

If your department doesn’t have either of these documents, you’re operating way outside of safety norms. Of course, few policy guides outline the penalties and rewards for specific procedures. But used together intelligently, your policies can cover the broader scope of operations without needing to be changed on a case-by-case basis.

Plan ahead and get approval
The key to effective and fair policies is to make them simple, clear, and comprehensive. When tackling the creation of a policy guide, the easiest way to approach it is to first document your department’s procedures. This is no small task, but if you don’t know what your expectations are, how can you expect your employees to know them? You should document job descriptions, processes, interdepartmental communications, and anything else your team does.

Once your procedures are in place, it’s time to formalize your policies. For this task, I highly recommend working closely with business drivers, human resources, and your legal advisors, if at all possible. To avoid employee litigation, you must be careful not to violate employee or employer rights when laying out the law of the land.

Take a look at past disciplinary actions and see how they relate to your documented procedures. Then, look at procedures that aren’t related and determine what policies you need to enforce them. Finally, look at exception cases that aren’t covered by your procedures, and determine if they need policies. If so, write procedures to accompany them.

Formulating policies and procedures
Assume you’re a manager of a software development division that has no formal policies in place. In the past, you’ve spoken to developer John Doe about his lack of productivity. You’ve created a procedural guide that outlines how, where, and to whom he’s expected to turn in his work. First, you should update the procedure to cover any crisis situations: “If a deadline is going to be missed, notice should be delivered to the project lead detailing why work won’t be completed, what work will be missed, and when it can be expected so that adjustments can be made to scheduling documents.” Next, you need a policy that dictates the penalties for not following the procedure: “Undocumented missed deadlines will be noted in the responsible employee’s employment file and will result in revocation of telecommute privileges.”

Look at your procedures, and ask yourself what happens if something doesn’t get done. Let’s say you have a procedure that dictates that only the lead programmer can move code to the production server. No one has ever violated this procedure, but the effects could be disastrous if someone did. This procedure warrants a policy; for example: “Unauthorized migrations to the production server will result in a loss of access privileges.”

You must be careful not to thwart honest attempts to get work done. For example, suppose an employee needs access to the production server to do his job. Violating the unauthorized access policy could cost him his access privileges or even his job. In this case, procedure dictates that the employee merely needs to get the authorization he needs.

Finally, some policies may have no accompanying procedural outline. For example, you might want a policy outlining how employees obtain permission to work from home. In actuality, this process should be covered in your procedures—“To request working from home, e-mail your manager at least three days in advance”—and be accompanied by a policy that governs use of that procedure: “Employees may work from home four days per month, upon manager approval.”

Reactive policy is too late
With all the issues a manager faces, creating policies and procedures may not get the attention it deserves. Waiting until after an employee does something inappropriate to create a policy governing the action is not only unfair; it’s also an ineffective way to manage your team. Policies should cover procedures that can affect the team, the department, or the company. Not every procedure requires a policy; however, every policy should have a procedure that outlines how the policy can be upheld, and it should be put in place before it’s needed.

It’s easy to go to extremes with operational guidelines, but you must consider the potential risks and dangers to your department when policies and procedures aren’t followed. You should try to avoid being heavy-handed with your policies, but having a solid resource available to both you and your employees helps you manage expectations and protect everyone’s interests.

Editor's Picks

Free Newsletters, In your Inbox