Thursday, June 14, 2007

The Trouble With Policies

In many facets of life, good intentions are frequently overshadowed by poor implementation. This is especially true with regards to company policies and procedures in the business world.

Policies and procedures are extremely important and absolutely necessary. Organizations must have policies and procedures so that operations run smoothly and personnel know what they can and cannot do. But the good intention of a policy or procedure can quickly transform into a nightmare if it is not developed, implemented and enforced with care and diligence.

The reason that “policy” and “procedure” are two different words is because they mean two different things. But all too often, the terms policy and procedure are used interchangeably; and therein lies the crux of the problem.

A “policy” should be a fairly specific statement of desired intent which includes a fairly broad statement of how that intent will be achieved. In contrast, a “procedure” should be a detailed enumeration of actions to be followed under certain defined circumstances for the achievement of a desired result and related policy. If a policy gets too specific in its statement of intent attainment, it wanders into the realm of procedure. If a procedure’s actions are outlined with great specificity in relation to broadly-defined circumstances, the procedures can be followed or applied to circumstances that were never intended. And if a procedure’s actions are contrary to the corresponding policy’s stated objective, confusion arises and mistakes are made.

In my more than 30 years of developing and reviewing policies and procedures in the security and loss prevention worlds, I have learned a lesson that has served me well: The best policies and procedures are those which are defined well enough to achieve the desired goals while still allowing enough leeway for common sense and initiative.

It should be fairly obvious that some latitude is necessary in policies and procedures. Very few things in life can be simply categorized as either black or white – we live in a world of grays. So even when a seemingly black-or-white situation arises (right vs. wrong; good vs. evil; rule adherence vs. rule violation), it is almost always different and unique from other such black-or-white situations, because while the act may be the same, the circumstances are always different. And since good policies and procedures should be developed with regard to circumstances, good policies and procedures must of necessity be constructed to allow for those differences in circumstances. In other words, policies and procedures should be designed with enough flexibility so as to allow for reasonable situational analysis, interpretation and initiative while still providing guidance towards desired results. Especially with regard to procedures, operational parameters are much better than specifically-fixed actions.

One of the reasons that poor policies and procedures abound is because the business world has become addicted to playing follow-the-leader. Whenever the current business guru with some new business management philosophy comes along, we have to try it out ourselves because if we don’t, and our competitors do, then it somehow makes us feel that we are inferior and “behind the curve.” As an example, the current buzzword and trend is “zero-tolerance” in policies. Perhaps well-meaning in theory but almost never good in practice, because such policies are usually developed just the opposite of what this article espouses: the objectives are too generally defined, and the mandated actions are too narrowly defined. Zero-tolerance policies almost never allow for the common sense and initiative that a truly good policy not only allows but encourages.

Let me illustrate: News accounts have been full of reports of children expelled from school because of the possession of something as innocuous as an aspirin. Why? Because the zero-tolerance policy used as the basis for the expulsion simply stated that students with drugs (a very broad, general term) must be automatically expelled (a very narrowly-defined action).

I presume that the person(s) responsible for such a policy’s development did not have that scenario in mind. But for a variety of reasons – time, budgetary, liability and so forth – there is a common misperception about policies in general:

· we believe that we must try to make as few policies as possible (easier to remember, cuts down on the size of the Policy Manual)
· we believe that each of those few policies must be as all-encompassing as possible (the fewer the policies, the more ground each has to cover)
· we believe that each procedure must specify very narrowly-defined actions (to tell the policy enforcers exactly what to do)
· we believe that the actions defined must leave no room for interpretation (the policy makes the decision, not the person enforcing the policy)
· we believe that each procedure must have strictly-enforced sanctions (if the policy says so, there can be no debate)

But the unfortunate result of such policies is that a never-anticipated situation will occur which does not exactly fit any specific policy. So a policy which remotely resembles the situation is brought into play, and a policy never intended for the specific situation is applied. And undesirable ramifications and consequences inevitably ensue.

I firmly believe – and the belief has served me well – that most operational policies and procedures must be developed with an eye towards allowing the persons responsible for their implementation and enforcement some latitude to exercise their own initiative, discretion and judgment. Since very few things in life are black and white, people must not be forced into only those two choices when situations involving policy interpretation and application present themselves. If the people entrusted with policy enforcement have been selected and trained well, they should be given not only the responsibility for enforcement, but the authority for reasonable interpretation and adaptation.