September 5, 2003—In a survey of over 100 companies corporate policy specialists PolicyMatter found that only 21% were confident that their organizations were fully compliant with key legislation and industry regulations.
Company legal expert Nathan Millard says there are two main reasons why organizations are unsure about their compliance status: “The first problem is keeping abreast of the latest legal and regulatory requirements—a lot of guidelines and corporate policies become ineffective as case law changes and new legislation is introduced. Secondly, organizations are still not taking adequate steps to ensure that they can prove employees are aware of their obligations and have ‘signed-up’ to abide by the firm’s policies.”
In the survey, 68% of organizations were unable to say for certain whether employees had seen policies or not. Overall, 50% of respondents stated that their firm made no efforts to check that employees had actually read corporate policies. There are plenty of good intentions: 47% said that, while they did not currently track policy deployment and acceptance, they would like to. But only 15% of those questioned reported that they already record the signing of all policies by employees.
Millard believes that those organizations that are keen to record policy acceptance may well struggle while existing deployment habits prevail. “Whilst the most popular policy deployment vehicle is the employee handbook,” he noted, “it is also arguably the least effective—as it is both difficult to keep up-to-date and nearly impossible to accurately record whether an employee has read a particular policy or not.”
Other popular policy deployment methods include hard copies (used by 31%), intranets (18%) and email (13%). While hard copy policies can be audited, they are often rendered useless by hand-written amendments made by employees and can be time-consuming to manually collate, Millard said.
According to PolicyMatter, these findings are a wake-up call that organizations need to make more effort to use policies as an effective way of ensuring compliance with key legislation and regulations.
“We’ve already seen both home secretary David Blunkett and information commissioner Richard Thomas raise the issue of bringing compliance breaches to task in the near future” Millard warned. “Now is the time for organizations to find a way of ensuring that up-to-date policies are read, understood and accepted by all employees—those firms that don’t can expect the penalties for compliance breaches to be harsh.”
—Elliott Chase
Reprinted with permission; copyright 2003 i-FM
