Policy engagement: There is a lot to be said for how technology can make policies easier to find, social, and interactive. In fact, I have been on my soapbox proclaiming next-generation policy and training management for the past decade in which organizations de­ploy a portal that brings together policies, training, and related resources in one in­tegrated interface that is intuitive and en­gaging for employees to use.

Policies define boundaries for the be­havior of individuals, business processes, relationships, and systems. At the highest level, policy starts with a code of conduct, establishes ethics and values to extend across the enterprise, and au­thorizes other policies to govern the entire organization. These filter down into specific poli­cies for business units, depart­ments, and individual business processes.

To deliver engaging policy requires a firm foundation. We might be quick to think this foundation is technology itself. No. Technology is important, but the foundation for good policy is a well-written policy. A policy that is clear, void of cluttered language, written in the active voice, and delivers the message.

The typical organization is a mess when it comes to policies. Policies are scattered across the organization, re­side in a variety of formats ranging from printed documents to internal portals and fileshares, are out of date and poorly written. Policy writing that is wordy and confusing is damaging to the corporate image and leads to confusion and misun­derstanding, which then costs time and money. Organizations are not positioned to drive desired behaviors or enforce ac­countability if policies are not clearly written and consistent.

Well-written and presented policies aid in improving performance, producing predicable outcomes, mitigating compli­ance risk, and avoiding incidents and loss. Good policy writing and layout:

Articulates corporate culture

Shows that the organization cares about policy

Demonstrates professionalism

Avoids expensive misunderstandings

Aids those that struggle with reading or do not speak the language natively

Provides consistency across policies

Consider a supply chain code of con­duct I was asked to review for a global brand with thousands of suppliers. This code of conduct had long para­graphs that were written in the passive voice and not active voice. It was cluttered with unnecessary and complex language. The audi­ence for this code of conduct is an international audience of whom many did not speak the language of the code of conduct as their na­tive tongue. Further, the first sen­tence of the first paragraph stated “Company believes …” and the next paragraph began, “Company strong­ly believes …” Do we have different levels of belief in the code of conduct?

We are working against ourselves when we deliver such rubbish. As a native Eng­lish speaker this might be quick to glance over, but for someone that has English as a second language, they will analyze every word and come to the erroneous conclu­sion that the second paragraph is more important than the first. Organizations are full of individuals who are not native speakers (or in this case readers) of the language policies are written in. We do them a disservice when we write policy that is not clear and to the point.

Good policy writing is not just about clear and concise language but also about layout and design. How we structure paragraphs and present them in print or digital form matters.

When we break policies out into shorter paragraphs and utilize white space it aids in the comprehension of the policy. White space, and in that context design and layout of the policy, is just as important as the actual written words of the policy.

I have three sons; two are now adults and the third is in his last year of high school. The oldest and youngest do well academically. My middle son is very reli­able and can be counted on to get things done but has struggled academically. He is brilliant but has been plagued with a learning disability—dyslexia—his whole life. In educating him, my wife and I tried a variety of options. I remember giving him something to read that was a page of nearly solid text in just a few paragraphs. He struggled to get through it. I then gave him the same text broken out into many paragraphs with plenty of white space between them. His comprehension of the text skyrocketed with the revised version. The text itself did not change, simply the presentation of it.

When we break policies out into short­er paragraphs and utilize white space it aids in the comprehension of the policy. White space, and in that context design and layout of the policy, is just as impor­tant as the actual written words of the policy.

Critical to the success of policy en­gagement is a policy style guide. Every organization should have a policy style guide in place to provide clear and con­sistent policy. This establishes the lan­guage, grammar, and format guidance to writing policies. It expresses how to use active over passive voice, avoid com­plicated language and “legalese,” how to write for impact and clarity, use of com­mon terms, how to approach gender in writing, and even internationalization considerations.

Engaging Employees Through Interactive Policies: An OCEG Roundtable

Switzer: When we are trying to engage employees without overloading them with policies, how can we make sure that each employee gets what they need and no more?

Childers: First and foremost, remember that today’s diverse workforce con­sumes information in different ways. Baby Boomers typically want it all in black and white from their desks. Mil­lennials prefer just what they need from whatever pc, tablet or phone is in front of them with links to additional infor­mation should they need more. Today’s compliance management solution must take into consideration the role, loca­tion, and activities in which the stake­holder is engaged. Compliance obliga­tions must then be transformed into automated activities triggered by spe­cific events and conditions to ensure the right information gets to the right per­son, in the size and format they prefer, as well as offering that array of forms and policies in an easy-to-search-and-receive demand-based portal.

Lin: Smaller, focused amount of inter­active content can provide the type of engagement both employees and orga­nizations are looking for. Organizations should provide employees the tools to answer their most common questions and help make decisions in different sce­narios. Seek to understand areas of con­fusion before setting out to deliver mas­sive amounts of content. If an employee is presented with a lengthy PDF docu­ment full of text, the content is likely too complex and received with a negative impression. Focus on key takeaways, embedded interactives, and multi-media to help illustrate the key points.

Balasubramanian: The key is to implement appropriate policy pull-and-push methods. Use a system that lets you map business functions or processes to employees and then distribute poli­cies in a section-by-section manner so each employee receives only relevant sections and updates. Another aspect is that of personalization—knowing what medium or channel the employee prefers most for policy communica­tion, and then leveraging that medium extensively. Provide a simple, easy-to-use interface which allows users to select their favorites, conduct quick and advanced policy searches, get one-click access to help, and explore policy FAQs. These kinds of features go a long way in reducing policy clutter.

Switzer: In the past, a big challenge has been keeping policies fresh and making sure people aren’t accessing and using old data. How does automation in a policy system address these issues?

Lin: Policy systems today are more than just file-share—as they should be. All aspects of policies are more distrib­uted than ever before, from the SMEs to the audiences. Automation can help streamline the processes around policy creation and maintenance, but they can also help provide the most up-to-date version, in the context of the policy topic, to those who need it most. The automated system also provides ben­efits to the target audience—helping to remind them of behavioral boundaries, even before incidents arise through au­tomatic reminders, additional training and awareness content, and timely de­livery of targeted content.


Carole SwitzerPresident,OCEGModerator
Vasant BalasubramanianVP of Product Management,MetricStream
David ChildersCEO,Compli
Jimmy LinVP of Product Management &Corporate Development,The Network

Childers: Content is not the issue. There are more subject matter experts (SME) working in compliance today than ever before. What is missing is a systematic review of the organization’s evolving environment (regulatory, contractual, geographic, demographic, etc.) and en­suring the content and trainings are relevant. An automated compliance management system must include a con­tent management component. Periodic review of content is the only way to be certain that the workforce is receiving fresh and accurate information. Content management is complimented by policy management. Policy management, also a key component of a compliance man­agement system, establishes the cadence of the compliance obligations and ac­tivities through defined, automated workflows. This ensures policies, pro­cedures, and supporting content are re­liably distributed and monitored.

Balasubramanian: The importance of workflow management in keeping policies relevant cannot be over-em­phasized. It’s essential to implement a federated data model and robust work­flow management capabilities that es­tablish data linkages whenever there is a change in associated processes, regulations, risks, or organizations that may create a need for policy review and updating. Once this federated model is implemented, automation comes into play. For instance, a change in a regu­latory requirement can trigger a policy review. Or a merger of organizations can be followed by policy consolida­tion and harmonization. Or, a transfer of duties from one department to an­other could trigger a transfer of poli­cies, and so on. Efficient workflows are critical in seamlessly managing every­thing from policy initiation, approval, and publication to automated periodic reviews, revisions, and archives. Work­flow management is strengthened with automated notifications, alerts, escala­tions, audit trails, role-based access, delegation, and sign-off capabilities.

Switzer: It seems that it would be best if employees could get training or receive policies at the point of need; that is, if some activity they are engaging in would trigger notification and deliver remind­ers about policies or links to training. Is that the wave of the future?

Lin: The future of policies and training is timely and contextual delivery of in­formation. For example, an employee who moves overseas to a high-risk country, should automatically receive key policies and training in regard to their new locale. The same applies to promotions to management positions. Policies and procedures around execut­ing compliance risk assessments, for example, can be pushed at this trigger point. And studies have shown that while maintaining a training schedule ensures consistency, one can create gaps of risk if an employee waits six to nine months for the needed training, just because of scheduling.

Balasubramanian: Yes, and in many ways this kind of targeted policy training is already being incorporated in systems and solutions. But it is important to note that it can be achieved at the user level only when the underlying plat­form supports inter-linkages between policies and the associated processes and sub-processes. It’s also important to ensure that users get all the help they require in a self-service mode. One way to do this is to have on-screen, context-specific help tabs, as well as quick access to relevant training videos/material. Built-in risk intelligence is going to be a key driver of the shift to targeted policy management wherein a process risk is prioritized, analyzed, and scored, fol­lowing which policy awareness and training is recommended as the mitiga­tion measure. This kind of risk intelli­gence helps ensure that if employees are working on a process with a high risk score (based on probability/impact), a mandated policy training session can be immediately organized for them.

Childers: Delivering training and poli­cies at the point of need isn’t the wave of the future; it is now. The days of dusty policy binders, slide decks and helter-skelter classroom sessions are gone. Driven by a younger, always online workforce, their expectation is that if it is important, someone will let them know and point them to a blog post or a short-subject video that explains it. They also want access to additional reference materials and a social compo­nent to share or ask for advice. Compli­ance officers must rethink who needs what when, and then implement an au­tomated system that is triggered when new employees come onboard, when people change roles, when new regula­tory obligations emerge, when certifi­cations expire, etc. Based only on this forethought and automated capability can they meet the compliance manage­ment needs of today’s workforce.

Switzer: Every company is going through a generational change in work­force, and we all know that younger people are now used to having infor­mation at their fingertips. How can we make it easier for employees to pull what they need to know out of the poli­cy system and encourage them to do so?

Balasubramanian: A few of the points we discussed earlier—like relevance and ease-of-use—are more important than ever for the new-age employee. Policy management solutions are quickly adapt­ing to these trends. For instance, we now have multi-channel/ platform access to policies through mobility. In fact, mo­bility is a major driver in the way em­ployees are accessing company informa­tion. However, it isn’t enough to simply have policy content available on mobile devices. You need to define apps with the right functionalities, user experience, and advanced features. Offline access to policies is also important in today’s or­ganizations, which transcend traditional geographic and network boundaries. In these cases, security is critical—mobile apps need to ensure proper user authen­tication and authorization.

Childers: This really goes back to the marriage of content and policy manage­ment. Making it easier for employees to pull what they need to know means changing the way compliance officers view compliance content management and getting the right information in place. Effective compliance commu­nication is a combination of push and pull, a keen awareness of the audience and their learning preferences, and a means to trigger when to start the flow of information. Generational change in the workforce is occurring, but that doesn’t mean that the Baby Boomers are gone. A compliance management system needs to span and close these generational divides by delivering the right information to the right person at the right time, and in the right format. Technology is driving this issue. For­tunately, technology can help fix it, but only if compliance officers respond ap­propriately to these workforce changes.

Lin: The generational shift is prompting different expectations of the workplace. All generations, with the increased us­age of tablets and smartphones, are learning to consume information dif­ferently. Succinct, interactive content is required as we all face a dramatic increase in information availability and delivery. To that end, policies should not have to be “found” by an employee. Just like marketing, compliance has to start tracking statistics on page views, questions asked, location sources, and many other marketing metrics to start understanding their audience to im­prove targeted information delivery.