21/07/2020
Among the many other changes we have been going through, and expect, comes changes in policies. Instructor, Robert Annis, explores these potential changes in the continuation of his pandemic blog series!
All companies have policies, they guide actions and help make sure that we act within the law and company values. Sometimes their ethical guidance is critical and the lack of adherence can be catastrophic - see Deloitte and its recent record PS15 million fine for its failings in the audit at Autonomy[1].
Since we are entering a new state of affairs with coronavirus, distributed working and the ensuing economic turmoil, it is likely that a number of policies will be effected. We will need to reconsider what will happen in specific areas like food preparation, auditing, performance assessments, on-site checks of contractors and suppliers and even broader areas like social working norms i.e. number of people in an office elevator.
We will need to balance this against the risk of moving to an overly strict and constricting world. It will be easy to simply move to a situation where we use documents as a way to cover over real-world confirmation of satisfaction or meeting of guidelines. Judging by issues like that described at Deloitte, we are already running ourselves a little too close to confirm in regards to that risk. In that specific situation, policies were not adhered to and were perhaps used more as a 'tickbox' than having a real-world impact on behaviors.
So policyholders, owners and updaters will need to worry about more than just CYA[2], they will truly need to find new ways of making sure that policies match the real world, are achievable whilst being trackable and actually provide the protections that they intend to. Achieving those three is no small task. If, as we have seen, these critical policies struggled to be successful in the old world, they will only be more difficult in the new distributed world where trust must be of even greater importance. The biggest risk maybe that overreaction causes the policies to become odious and monstrous in their dominance.
So, how do we walk that line?
Policies have been created to ensure compliance by other people to a set of rules. Reasonable people will ignore rules or policies if they;
- don't believe in the underlying logic of the policy, or
- find the policy contrary or excessive
The outcome of all of this is that policies will need to be written with cognizance of the new distributed way of working not just with an aim of adherence but with a view to a positive effect on those effected in the direction of greater success. Each policy now gains a responsibility to create a better way of working for those struggling with new ways of working. When this level of intent is seen by the policy audience it will increase their loyalty both to the policy and to the policy authoring organization.
It may well be that policies will now need testing with the future audience to ensure their efficacy, relevance and ethical nature. Some companies already do this and in those scenarios it will just need to be focused on a new distributed target audience. When working in this way, the audience will be able to let the policy authors know if they believe in the underlying policy logic and find the policy in-line with their realities. This feedback loop will increase likely success of the policy in its desired outcome.
The end result of this thoughtful and compassionate approach will end up with policies that match the real-world and increased adherence that cause the change in audience behaviors that the policy really seeks.
[1] https://www.thetimes.co.uk/article/deloitte-faces-record-15-million-fine-for-failings-in-autonomy-audit-nvzlwlqt3
[2] Covering Your A*se