The importance of policy and procedure

Learn why strong policies and procedures are crucial—along with ways to enforce them 

September 16, 2021

A graphic of an orange gradient background.

Uniformity may not be something we strive for in certain areas of our lives—our kitchens, our calendars, or our wardrobes. But when it comes to “policies and procedures,” the name of the game is uniformity, uniformity, uniformity. Because policies and procedures touch every facet of your corporate compliance, their standardization, updates, and distribution are just as important as the actions and operations they regulate. So how do you give your policies and procedures the attention they deserve? Read on for a primer course below

Why policies and procedures are important 

For every department and corporate undertaking, policies and procedures seek to organize and mobilize your organization’s talent and time in a manner that is free from friction, recourse, or ambiguity. Want to launch that new product? Thinking about overhauling your customer experience? Dreaming about that next acquisition? Your policies and procedures must be in tip-top shape to achieve your business objectives compliantly, without any costly surprise or infraction.

When your business clarifies expectations and makes action effortless and well-defined, employees will have a clearly mapped, consistent path, rather than grounds to aimlessly wander. Uniformity may not inspire excitement, but it is certainly necessary to reduce obstacles to compliance. Your employees will appreciate thoughtful and uniform policies and procedures that accurately set expectations and help them shape and define processes.

What is the difference between policy and procedure? 

A policy is an established course of action, providing guidance towards approved business objectives. A policy acts as general guidance for consistent and accountable action.


  • Are described in simple language
  • Describe why they exist and who they cover
  • Outline the consequences of an infraction and how the rules are enforced

A procedure is the plan of action, putting the policy into practice with an accurate road map to follow. A procedure is an efficient and clear set of marching orders; think of them as a checklist for action and related follow-through actions.


  • Are detailed and written to describe sequential and specific actions
  • Describe alternatives and examples
  • Explain how missteps will be handled, giving detailed explanations of consequences


How to develop policies and procedures that fit your company 

As with fashion, one size does not fit all when it comes to developing policies and procedures for your organization. A manufacturer has wildly different needs for their policies and procedures compared to the needs of a financial services provider, for example.

Now, when it comes to what those policies and procedures say, consult your in-house experts. Remember that not only important stakeholders and your C-suite can be resources; employees at every level have a great deal of value to add as you generate new policies and procedures. Designate specific policy owners and subject matter experts in to eliminate any gaps in your policies and procedures. For example, your marketing team should consult on your organization’s social media policy.

Don’t forget to link your policies and procedures to your company’s values and ethics. Of course, your policies and procedures are put in place to comply with laws and regulations, but when they align to your values, they will be easier to enforce internally. Policies and procedures must remain consistent and uniform across the organization in order to eliminate ambiguity and miscommunication.

Once they have been written, consider integrating policies into trainings and make sure that employees know what all relevant policies look like in practice. Does your organization conduct a formal onboarding? Do you conduct quarterly trainings? Are your annual reviews formalized? Consider every regular and recurring business session or assembly an opportunity to go deep into policies and procedures. Regularly addressing your policies and procedures in both formal and informal settings (and ensuring employees really understand them) will set your organization up for success.

Ensuring that policies will succeed: awareness, engagement, and tracking 

The first step in achieving success with your policies and procedures is looking at how you will both enforce and organize them. The way you communicate policies and procedures with employees has to be unequivocally clear and concise. If your employees are not able to regularly access the documents you’ve spent so much time drafting, you might as well just call it a day. Moreover, if you are unable to track which documents have been distributed to what employees, you might as well be shouting into a void. This is where the uniform distribution of documents comes in; consider a tool like Ethics Policy Management from OneTrust to track your policies and procedures, as well as employee attestations to those documents.

When policies and procedures go wrong: one organization’s crash course and key learnings 


The situation 

One employee at a large company submitted a report to HR detailing that she was harassed by a coworker because of her gender. Allegations of harassment and problematic behavior spanned years and encompassed a Title VII claim. Based on the scope of the accusations, the organization’s HR manager concluded that an internal investigation should be conducted with the support of a third party to maintain objectivity.

The investigation 

The third-party investigation included a thorough review of documentation and interviews with several employees on site. These interviews illuminated several other alarming concerns surrounding the particular employee’s behavior, including verbal and physical altercations with fellow co-workers, insubordinate behavior, and numerous customer complaints.

Despite mounting evidence against the employee, investigators discovered the individual’s personnel file was void of information regarding disciplinary action. Instead, the employee was transferred from department to department over the course of seven years and given a “clean slate” every time.

The problem 

This case exemplifies how year after year, the organization failed to address the individual’s problematic behavior. What’s more is that despite clear written policies and procedures detailing employee conduct and discipline, the organization did not respond in accordance to these policies.

For example, in the accused employee’s first 90 days, they were involved in a physical altercation. Even with the organization’s zero-tolerance policy regarding violence in the workplace, there was no effort made to terminate the employee, who was instead transferred to a different department. These incidents were allowed to continue until one employee finally spoke up.

The result 

The organization had multiple opportunities to nip this unwarranted behavior in the bud, whether through discipline or termination. It was only after investing significant amounts of dollars and resources in a third–party investigation—and allowing the behavior to continue for several years—that action was finally taken. If the employee were terminated within the first 90 days, the additional resources and repercussions could have been avoided.

One thing is clear: well-documented and consistent policies and procedures are crucial, and they require reinforcement to back them up.

Polishing policy management  

Feel like your policy management could use a refresh? Fill out the form below to download our guide, The Secret to Effective Policy Distribution, and learn how to set up a winning policy distribution campaign, report on its effectiveness, plus get a BONUS policy template.

You may also like


Ethics Program Management

Ethics Exchange: Third-party applications and ephemeral apps

Learn practical advice on how to navigate the risks of ephemeral apps and employee privacy in BYOD world.

November 09, 2023

Learn more


Speak-Up Program Management

Navigating the EU Whistleblower Protection Directive: New rules, new risks

Join our expert-led webinar where we explore the EU Whistleblower Protection Directive and practical steps towards compliance. 

November 02, 2023

Learn more


Ethics Program Management

Ethics Exchange: Risk assessments

Join our risk assessments experts as we discuss best practices, program templates, and how provide an assessment that provides the best value for your organization.

October 25, 2023

Learn more