If your organization or business receives federal money through grants or contracts, you most likely have a duty regarding effective policies and procedures. Even if you do not have the express or implied obligation, however, there are plenty situations where the lack of good polices and procedures can cost a business, agency or organization.

Over my career, I have worked with a number of organizations. The ones that were the most effective, had highest employee morale and fewest compliance failures had one thing in common: they valued written policies and procedures highly. The organizations and departments that were the most troubled did not. They saw written procedures as inconvenient, unimportant, unnecessary and an annoyance.

If your organization or business receives federal money through grants or contracts, you most likely have a duty regarding effective policies and procedures that carries serious penalties for noncompliance. Even if you do not have the express or implied obligation, there are plenty of examples of situations where the lack of such procedures cost a business, agency or organization.

A Few Examples

The lack of written procedures is frequently named as a primary or contributing cause in product recalls, medical testing failures, allegations of unfair federal regulations, inadequate training programs and government program audits. It is also often determinative in court decisions in favor of employees who file grievances and lawsuits.

These examples show how expensive and embarrassing it can be for the organizations. The cost in lost productivity and distractions from each organization’s primary mission are at least as high as the costs of outside counsel, internal investigations and preparation of an appropriate defense against the accusations. In some cases, the failures held the potential to cost lives. In others, they mean wasted efforts and untold hours by people who most likely wanted to deliver good results.

Reasons or Excuses?

In some businesses, sheer arrogance and a false sense of impunity are behind the lack of written policies and procedures or refusal to follow those in place. (See my blog post “Too Small to Worry About Compliance?” inspired by a true situation.) In my experience, most of the reasons for inadequate, incomplete or nonexistent procedures are really excuses and have simple answers.

1. “We need flexibility. Written procedures are too constraining.” While some processes in your office may need detailed, step-by-step procedural guides, at least as many only need general guidance. Design your policies so that they provide as much guidance and restrictiveness as is necessary, but no more. Employees do not like to be treated like children. If you can develop criteria for what the output should be, while leaving your talented staff to arrive there using their own solutions, then all you need for the process is a set of guidelines—boundaries of a sort—to communicate the amount of latitude they have.
2. “We trust our staff to do the right thing.” Is it trust, or laziness on the part of management? Jim Collins, in Chapter 3 of his book, Good to Great: Why Some Companies Make the Leap…and Others Don’t, describes how the best leaders of the best companies first got the right people in place, then charted their paths to excellent results. But as judgment after judgment in employment, antitrust and product liability lawsuits prove, most organizations focus on their mission first, then select their staff and really cannot trust everyone to always do the “right” thing. Better to use the “trust but verify” approach, with a solid set of guidelines and quality assurance checklists. Employees generally want to do their jobs correctly. They will reward your efforts if you give them clear, smart, written guidelines so they understand what you expect them to deliver.
3. “There are already too many rules and regulations.” If you have “too many rules,” but still have compliance issues, then you may simply have the wrong rules. An attitude that there are too many rules means that many if not most are ignored. Talk to your staff and middle managers, then develop a way to update your policies and procedures so they are realistic, relevant and referential. The solution is not more policies, but good, sufficient policies. As Elaine Herman wrote in her article, “Less is Really More,”
   
   The impressive length of many nonprofit policy manuals is generally the result of good intentions; leaders believe that adding new policies to an existing manual will add emphasis to key issues. But this encyclopedic practice can be a recipe for disaster.
4. “By the time we finish writing procedures, our processes have changed.” In my series on business process improvement, I outlined a generic strategy for assessing internal processes then designing and testing better ones. Write and amend your procedural guides as you change your procedures. This hand-in-hand approach keeps the written guidelines fresh and relevant. Written procedures are not static. They have to be constantly reviewed and updated, because so many things change in our offices every day. If your procedural guidelines were based on paper-only processes, then update them for your electronic information systems. If your policies only addressed the use of company equipment and email, update them to cover the blending of work and home life that so many employees now have.

Ounces of Prevention In Our Hands

If you have compliance gaps, look first to ensure that you have current, clearly written and adequate written policies and procedures that address the situation. Look next to how those policies and procedures were published and communicated to the staff. Unwritten policies are as ineffective as written policies that are unpublished. When you find gaps in the written materials, fill them. One good resource for personnel policies is the Personnel Policy Service website, where you can read, for example, The Case for Written HR Policies. Other materials guide development of written policies and procedures of a general nature, such as 7 Steps to Better Written Policies and Procedures.

If you have no idea where to even start in terms of drafting procedures, look at this discussion of the most important topics for policies and procedures published by the National CASA Association and the list of “Integrity-Related Written Policies” by the National Institute of Ethics for its Certificate of Integrity Program.

Finally, if you still think that written policies and procedures are for schmucks, wimps and “the other guys,” consider this point well-stated by John Outlaw in his article, “The Case for Compliance: Why You Need an Effective Compliance Program,”

There is another benefit to implementing and maintaining a compliance program, although nobody wants to think about needing it. The Federal Sentencing Guidelines provide relief for any entity convicted of a crime that has an effective compliance program in place. In determining the amount of any fine, the Guidelines require a court to determine a “culpability score” by calculating aggravating and mitigating factors. Having a compliance program doesn’t excuse the crime, but demonstrates that the organization took reasonable efforts to prevent, detect and correct any improper conduct. It may lower the organization’s starting “culpability score” by 60%, and not having a compliance program is actually considered an aggravating factor which increases the culpability score! (Emphasis mine.)

Lewis Kinard, former executive and general counsel of a U.S. software company, is an experienced business, management and technology law attorney and consultant to small businesses and nonprofits on issues related to ethics, management, process improvement, compliance, risk management and technology. He is a frequent speaker and author on these areas and has been both a judge and radio talk show host.

This article has been reprinted with the author's permission from the Practical Compliance blog by Lewis Kinard. The original post is at http://lewiskinard.blogspot.com/2009/05/why-written-policies-and-procedures.html.