As your small business grows and more employees are hired, it becomes increasingly critical that your organizational policies and procedures are clearly defined and communicated. Without policies and procedures it is difficult for new employees to understand your organization’s culture, expectations and requirements.
New employees need to know their specific roles and responsibilities, as well as employment policies for vacation time, sick time, health care, etc. In order to ensure compliance with all regulatory requirements you must also ensure all employees are following regulations like HIPAA, FERPA, OSHA, FMLA, etc.
All employees (new and existing) should be reminded on an ongoing basis about your organization’s policies and procedures and updated as new risks and regulations require updates on policies and procedures. Too often small organizations are too flexible with requirements or expose themselves to expensive and embarrassing data breaches, lawsuits, losses and mistakes by not updating their people and their processes.
The first step for a small business is to determine their requirements and then create their policies and procedures accordingly. However, this is where many organizations quit. They create a comprehensive policy manual or binder, distribute it to their employees and never mention it again.
Do you really think your employees are reading the manual and identifying the specific roles and responsibilities that apply to them? Are they signing off on certain policies required by federal and state regulations?
As regulations, guidelines, best practices, risks and threats change, are you updating the policy manual or are your policies still the same as the day you first created them? If your organization is just blasting your policies out to your people in e-mails and memos…how do you know if anyone received the email or is reading the policies and understands them?
It is critical for organizations of all sizes to not only create comprehensive policies and procedures ongoing, but to ensure those policies have been implemented down to the individual level and read, understood and acknowledged by all employees (staff, management, third-parties, vendors, etc.). Your organization might have the best policies and procedures in the world, but if they are not implemented at the individual-level with awareness and accountability, there will be failures (lawsuits, breaches, losses, employment fraud, etc.).
Actually implementing policies, procedures, plans and processes means organizations have documentation and proof that individuals have read, understood and acknowledged their roles and responsibilities. Regulations require proof of implementation. Legal due diligence requires proof of implementation. Lessons Learned continue to prove that organizations that lack implementation will continue to experience expensive and embarrassing results.
About the Author:
Katie Weaver provides marketing and client support for Awareity, a company that helps organizations cut costs and improve awareness, accountability and CYA at the individual-level. Katie blogs at http://blog.awareity.com