10 steps for a successful policy and procedure review process

The regular review of your policies and procedures is a critical element of successful policy management. You need to make sure that policies and procedures remain up to date and in step with any changes – otherwise you increase risks across various different fronts. Policies also start not being trusted and followed. A regular policy review is the best way to achieve this.

However, making sure a proper regular policy review process takes place is not always straightforward. Busy policy owners can get maxxed out, and then cut corners, delay a review or simply forget. In this post we’re going to explore what an effective policy and procedure review process looks like, why it’s important, and the ten steps to take that can help achieve success.

What are the benefits of having a policy and procedure review process?

There are a number of benefits of having a regular policy and procedure review process in place:

• It helps keep all your policies and procedure up to date in the face of a rapidly and frequently changing world, organisation and regulatory landscape.
• It helps to minimise risk by ensuring your policies are aligned to your legal and compliance requirements.
• It supports operational efficiency again by keeping your procedures up to date – sometimes a small change can make a big difference.
• A review can drive and identify opportunities for process improvement and address areas which might have been missed, either in your overarching policy or your derailed procedures.
• A review can also help to make improvements to your policy to make it more readable, understandable and actionable for your employees.
• It will give confidence to employees and stakeholders that a policy is up to date, helping ensure policies are trusted and followed.
• It helps to keep policy owners mindful that a policy needs to be an up-to-date “living” document, supporting accountability.
• And more!

When does a policy and procedure review process take place?

There are usually three instances when a policy review takes place:

1. As part of a regular diarised review, either annually or every six months.
2. A review that has been triggered by a significant change, for example new regulatory requirements, a risk that has been identified, or the introduction of a new technology platform.
3. As part of a general overhaul of policies and procedures, for example reviewing a policy with a view to having a more rigid and standardised approach to policy management going forward.

While all these instances sound quite different, the steps you need to follow for each are similar.

What are the ten steps for a successful policies and procedures review?

There is no standard way to review a procedure, but here’s our view of ten steps you should follow for a successful review of your policies and procedures!

1. Agree on the trigger and process for the review upfront
2. It helps to define the circumstances that may trigger a review of any policy or procedure and then to have also thought about the process. Having clarity means a review won’t get missed; when the trigger and process are fuzzy and vague, then the review tends to get put to the bottom of the “to do” list and might not even get done.

Defining the trigger will usually mean deciding on the period for any regular policy review – perhaps every year or six months – and listing the events such as a regulatory change, technology change, strategic pivot or workplace incident that might also prompt a review.

1. Gather any data and sources relating to inform changes to the policy
2. You may well need to have data and background information to help inform whatever changes need to be made. Sometimes this stage can involve some research, and involve speaking with other internal stakeholders, employees and even external experts to get their thoughts and input.

1. Gather data and feedback relating to the policy document itself
2. It’s also useful to get data and feedback relating to how the policy and procedure is actually written itself. Is it clear? Is it helpful? Is it actionable? Are additional guidelines required? Here policy management software can be useful in providing data and insights into how and when an existing policy is being accessed and used.

1. Identify what needs to change in the current policy
2. Having undertaken what is effectively a mini-discovery exercise, it’s useful to identify the areas that need to change in your current policy and procedure document.

1. Rewrite a first draft
2. You should now all be set for rewriting the first draft of your policy. Time to get in that extra coffee and then focus on the writing stage.

1. Make any potential changes and submit for approval
2. You’ve got the feedback and now it’s time to make the changes and prepare a final draft, and then submit this for approval. In terms of the approval hcani, it’s usually important to try and keep this relatively simple; an approval workflow with too many stakeholders involved can mean going around in circles.

1. Make any revisions until there is final approved draft
2. Ideally, you may even pass this stage with your policy approved without any changes. However, you may have to go through a number of further revisions if your policy is particularly complex, or involves multiple stakeholders. In any case, eventually your policy should be approved.

1. Identify the change management and communications
2. Creating the new policy is not the end of the process. You’ll need to identify how you’re going to communicate the change. Do all employees need to know about it or just a particular group? Do you need an accompanying employee attestation process where people confirm they have read and understood it? Do you need to embed the new policy into your onboarding process? Giving some thought and preparing necessary communications is important, although this can be done in parallel while you make final revisions.

1. Make the policy available and enact the change if necessary
2. Finally, it’s time to make the policy available and issue any communications, and potentially start the employee attestation process. Here a policy management solution like Xoralia can do much of the heavy lifting providing personalised access to polices, initiating employee attestation and more.

How policy management software can help your policy and procedure review process

A robust policy management solution like Xoralia can help at every stage of the review process in a number of different ways.

Provides overall clarity and transparency At a high level, policy management software provides clarity about the policy review process in establishing who is responsible, when a regular review takes place, any approval workflow and so on. It also supports transparency which in turn drives accountability across policy owners, and makes a policy review more likely to take place. Provide analytics and data A policy management solution should give be able to give you some useful data that provides useful insight into your policy, such as views, attestation rates and more. This data could identify a need to make improvements. You should also be able to view any feedback from users about the policy, such as if particular areas are difficult to understand. Overall, your policy management solution should provide data to feed into your review. Trigger reminders to policy owners A policy management solution like Xoralia automates elements of policy management. One of the most useful is sending a notification reminder to a policy owner that a regular annual or six-monthly review is due. This consistently proves highly effective as it is very easy for busy policy owners to miss a review date. Workflow for review Xoralia can also help you with the associated approval workflow when reviewing the policy so only the right people are actually signing it off. Xoralia also keeps an audit trail of the changes and the workflow. Manage version control Having multiple versions of a policy in circulation causes confusion and presents a risk of the latest policy not being followed. It also undermines user trust, as nobody quite know if the policy they are referring to is the latest one. A solution like Xoralia has robust version control built in so only the latest version can be accessed within a central policy library. Communicate the change Xoralia is excellent for communicating the change relating to a policy, providing a personalised view where an employee can see any new policies added that require their attention. Mandatory reads and employee attestation features can also ensure that the revised policy is read. An integration with Microsoft Teams also means that employees won’t miss a relevant communication or mandatory read. Ensure compliance Reporting on employee attestation means you can manage any associated compliance around a reviewed policy, for example demonstrating to a regulator or third-party certification body that the majority of your employees have confirmed they have read and understood a reviewed policy.

The power of policy and procedure reviews

Reviewing your policies and procedures is essential for keeping everything up to date, minimising risk, supporting better processes and ensuring everyone can find the right policy at the point of need. When reviewing your polices, it’s critical to follow the right steps. Here, a solution like Xoralia can help do some the heavy lifting, streamlining the review process and making it far more straightforward. If you want to see how Xoralia can help, why not arrange a free demo?