Canadian Underwriter
News

The untold story of your client’s new corporate policy


December 11, 2017   by David Gambrill, Editor-in-Chief


Print this page Share

Your commercial clients may have all kinds of policies in place to reduce risk, but do they know if their employees are complying with the policies once they are published?

You might want to double-check with your clients, because it appears that more than half of them don’t.

A global study of 260 organizations working in various industries around the world found that a whopping 55% of respondents were unaware of policy violations that might have occurred in their enterprises over the past year.

“To me, that’s just egregious,” said French Caldwell of MetricStream, who talked to Canadian Underwriter about the results of the survey, What Makes an Effective Policy Management Program. “They’re putting out these policies and they don’t know if anyone is following them.

“Policies are there to either ensure compliance, or to ensure that no one does anything that is going to be damaging to the company or its reputation. You may have policies around customer service that may not be for regulatory compliance, but are just as damaging if you don’t follow those policies. You could end up with a lawsuit, for example, or certainly damage to your reputation.”

The study, conducted in April 2017 by MetricStream Research, speaks to the gap that exists between simply publishing policies and following up to make sure that employees are aware of them.

The survey covered a broad cross-section of industries. A majority of them are financial services organizations. Others include health care, manufacturing, energy, retail, government and media.

“It’s a lot easier for organizations to ensure compliance to their policies if they are actually using policy management software,” Caldwell observed. “They report many fewer policy violations than organizations that are not using policy management software.”

RelatedDirectors should ask managers these questions about cyber

But only 24% of the organizations MetricStream surveyed said they used policy management software. Using such software, a company would be able to tell who has attested to reading the policy and who has signed off on a policy. The system can also send reminders to people who have not yet signed off on a policy.

“We call this campaign management,” said Caldwell. “This is important for people who are investing in policy management software. They want an audit trail to show that the employees read it, that they agreed to it, and they have signed off on it.”

Surveyed companies using policy management software reported fewer policy violations than those who did not. Based on the responses of people who kept track of their violations, about 36% said they faced fewer than 50 violations over the past year. That number shot up to 60% for companies that used policy management systems.

Policy management software also speeds up the process of creating policies, said Caldwell.

Forty-two percent of the organizations survey reported taking more than three months to author and publish a new policy. In comparison, one in five of respondents using a policy management system reported taking less than a month to develop and publish a policy from scratch. And 70 per cent said they did not consider it challenging to author or distribute policies.

The survey found that four per cent of the organizations surveyed faced 50-100 violations. An additional 5% faced more faced more than 100 violations.