Company policies are a foundational element of any compliance programme. They set out the principles and standards of behaviour expected of employees and are designed to ensure the organisation’s compliance with all relevant laws and regulations. However, are your policies a valuable and practical aid to employees that promote understanding and drive compliance in the workplace or are they just a box-ticking exercise, used primarily as a defensive “I told you so” after wrongdoing has occurred?
I would suggest asking yourself a few simple questions to help you decide where your policies sit on the spectrum of “proactive guide to employee behaviour” to “defensive artefact in the face of wrongdoing”.
Where are your policies?
If you want employees to be guided by your policies, they need to have easy access to them, so communicate their whereabouts with clear signposting. Highlight their benefits as a practical tool to aid ethical decision making and make them available through a variety of channels (for example, via the web or a mobile app) and in a variety of formats (such as interactive PDFs, web pages or printed documents).
What do your policies look like?
Today, most of us have short attention spans and high expectations of any document that we read. If your policies are simply densely worded, black and white documents, it’s unlikely readers will persevere with them. Although there is a certain amount of rules-based information that your policies will necessarily contain, it is also important to consider applying elements of content and visual design that will help readers access, understand and digest the information that is being presented to them. The use of visual elements (such as pictures of managers, employees and locations that are familiar to the reader) have been shown to enhance audience understanding and engagement.
What do your policies say?
When it comes to policies, the adage of “less is more” applies, so avoid the temptation to include too much information. Where possible, adopt a standardised and repeatable structure for your policies. Also think about what belongs in the policy and what should perhaps be presented elsewhere in a standard or a procedure:
- Policy. A statement of overarching principles.
- Standard. A set of minimum requirements.
- Procedure. Step-by-step guidance on how to complete tasks in a compliant way.
How do your policies say it?
If you want your policies to drive behaviour, you need to write them with your intended audience in mind. User engagement is key and therefore your policies should be simple, clear, unambiguous and unequivocal statements of principle.
At Waypoint GRC we have developed a seven-point engagement model that you can use to help evaluate your existing policies and to guide the drafting of new ones. And this is where the fairy tale comes in. Think of each engagement factor as a spectrum and remember Goldilocks and the Three Bears: your policies need to avoid the extremes and find the spot that’s just right!
Theoretical v Practical
A clear and simple statement of the principles and rules relating to policy areas is important but examples of the rules in practice aid understanding and application.
Technical v Simplistic
Your policies will inevitably include a certain amount of technical or legal terminology but, wherever possible, we recommend avoiding technical terms and phrases in favour of simpler language. Of course, language should not be so simplistic as to patronise the reader.
Impersonal v Familiar
Research on discourse processing shows that people work harder to understand something when they feel that they are conversing with someone, rather than just receiving information. We advocate a conversational style using the active voice, short sentences and personalisation (using words like I, we, me, my, our, you or your). However, personalisation should be used with care. Ensure the material is written in an appropriate tone and is not so informal that it distracts or even irritates your readers.
Rational v Emotional
It is often assumed that decision making, including decisions around workplace behaviour, is based on reason and logic. However, neuroscience research suggests that decision making is heavily influenced by the areas of our brain that are responsible for emotion. In terms of policies, this means that, as well as presenting the rational aspects of policy requirements, we should address emotional dimensions such as why policy requirements are important from a human perspective.
Dogmatic v Persuasive
Although policies are concerned with principles and rules, we tend to engage more with content when language is persuasive. Of course, we need to be clear about what is and is not acceptable, but we can influence behaviour without being dogmatic. For further information, see The Language of Persuasion, Harvard Business Review.
Long v Short
Policies should be as short and as succinct as possible, while at the same time being engaging and providing a valuable aid to workplace behaviour and decision making. The content should address risks at the level of key principles rather than detailed standards or procedures which should be captured elsewhere.
Simple vs Complex
Policies are typically directed at a broad readership and, in many organisations, levels of education and literacy will vary widely. For this reason, the language used should be simple and easy to understand without being patronising. Consider using one of the well-known readability scales to evaluate your policies. For example, the Flesch Reading Ease test rates text on a 100-point scale. The higher the score, the easier it is to understand the document. Aim for a score between 60 and 70.
By following some basic principles of user engagement, compliance policies can become valuable tools to aid understanding and support compliant behaviour in the workplace. If you want to improve the effectiveness of this key element of your compliance programme, we offer a free evaluation of any of your policies or your Code of Conduct using our engagement model. Please visit our website or contact us at info@waypointgrc.com.