Jodie Flowerday, a Policy Advisor working in the New Zealand tertiary sector, discusses different types of compliance documents and the importance of each.
In an earlier article, I discussed how to decide when a policy is needed. This article looks at the different categories of compliance documents you could have and how to define them to create a consistent understanding within your organisation of the importance of compliance documents.
The term “policy” can be used broadly to cover a suite of compliance documents as well as a specific document type. Compliance documents could be policy, procedures, guidelines, frameworks, strategies and many others. The definition that is attributed to your different classes of policy documents are less important than how they are universally understood and used.
There will be differences between organisations as to what definition is attributed to the various types of compliance documents it uses, but the key is to ensure a consistent understanding amongst your ownorganisation. Whatever definitions you choose to use to describe the suite of compliance documents your organisation has can be captured in policy drafting and support documents such as a Metapolicy (a policy on policies describing the status of compliance documents in your organisation, use and management of these).
Earlier this year, I researched definitions from a range of sources that described the document category to develop more refined and instructional definitions for those that are responsible for updating existing policy documents. These help establish a consistent understanding among my organisation regarding the most commonly used policy document categories; policy, procedure and guidelines. I have re-produced these below, albeit slightly amended to have a broader application than just to my organisation:
- Policies: A policy is a Board/Council or delegated authority approved document regarding the organisation’s position and expectations in a particular area. It clearly communicates the organisation’s direction and ensures compliance with Organisation goals, values, strategies and relevant statutory and regulatory regimes. A policy will consist of statements including (but not limited to) what the policy is about, why it is required, consequences of non-compliance, what department governs it and who is responsible for executing and enforcing it. Policies will usually include procedures and/or guidelines as sub-headings.
- Procedures: A procedure is a standardised, step-by-step method of implementingthe organisation’s goals, strategies and compliance with regulatory and statutory regimes, at a high level. Those procedures published on the policy repository are also Board/Council or delegated authority approved. Compliance is expected to avoid breach of policy. Procedures will identify what tasks are performed who performs what task, as well as when and at what standard they are to be performed.
- Guidelines: A guideline is a Board/Council or delegated authority approved “bestpractice” statement that supports the implementation of policy or procedure by identifying risk mitigation methods and/or methods to enhance efficiency, accuracy or productivity. If the guidelines are followed, the risk of acting outside of policy or procedures is substantially reduced. If guidelines are not followed, deviation should be explained as it could contribute to a breach of procedure or policy, or increase the risk of a breach.
Depending on your organisational structure and authority levels of staff, your definition may differ. Whatever categories of compliance document you use, it is helpful to include in the definition who has been given authority to approve them. This helps align the status of the compliance document with organisational authority levels and the compliance relevance of the document.
Jodie Flowerday has been working in various roles since 2011. She currently works in the tertiary education sector in the role of Senior Policy Advisor for a tertiary education institution. Contact Jodie at [email protected] or connect via LinkedIn