The Principles of Policy Management: Tailored
Is your organization's policy management framework designed to fit the business context, objectives, values, and strategies? In OCEG’s Policy Management Capability Model, it outlines 10 universal principles of policy management - the second being tailored.
There is no one size fits all structure for policy management,” The Model states. “It needs to be aligned with the risk appetite and operational model of the organization.”
Policy management is shaped by the organization’s governance structure, size, industry, diversity, and culture. Every organization needs to craft a policy management program that fits their needs and in their context. A tailored policy management is critical because of:
- The organizations culture is critical. It is reflected in how policies are written, i.e., their tone, but it is also reflected in the number of policies and level of control. Policies need to be tailored to the culture of the organization.
- Policies help the organization reliably achieve objectives. Policies need to be tailored and aligned to support the organizations objectives. From entity, to division, department, process, project, and even asset level objectives mapped to policies. An organization without policies has not consistency to reliably achieve objectives.
- Policies are risk documents, there would not be a policy if there was not a risk. Policies need to support the risk culture, tolerance/appetite, and mitigation/control, and be tailored to the risk environment of the organization.
- Policies define and provide a foundation to support the organizations values, ethics, and obligations (e.g., regulations and contracts). Policy management needs to meet the needs of managing the integrity of the organization.
If you'd like to stay up to date with policy management best practices, industry insights, and key trends across governance, risk management, and compliance, check out Policy Management Pro . Policy Management Pro is where organizations can learn principles and practices you need to support your organization, receive training from the experts on how to become PROficient at Policy Management, as well as earn and maintain a CPMP (Certified Policy Management PRO) designation through our Rapid Path to Certification™.
The Policy Management Capability Model is an effective resource to leverage policies to protect your organization. A well-documented set of policies and training helps the organization to prevent compliance violations, manage risks, and reduces management time and effort. The Policy Management Capability Model is a free and open-source standard for Policy Management. It was developed by OCEG and vetted by a review board of skilled policy management professionals to help your team build a framework to manage risks and meet requirements.
Featured in: Policy Management, OCEG HQ