Policy Management Tips


With the crisis in investor confidence many businesses face today, it never has been more important for a company to have clearly documented policies and procedures covering all aspects of its operations. Occasional updates are not enough to prevent accounting errors and to help avoid litigation or operating problems. CPAs can help clients and employers implement effective practices governing the creation, review and communication of policies and procedures by recommending these best practices.
Delegate responsibilities and empower employees. Policy management begins by reducing the bottleneck in policy writing. Instead of limiting the process to just a few managers, involve more staff members but keep responsibility for the ultimate review and publishing in management’s hands. Including more employees means policies get completed faster and workers feel empowered to suggest improvements.

Make policies easy to read and understand. Keep documents short, clear and concise. A long policy generally is less useful. A better approach would be to separate the document into smaller sections. For example, a 40-page capitalization policy could be split into smaller documents on the capitalization and approval process, periodic asset review, the disposal and writeoff process and depreciation rules and procedures rather than trying to cover every aspect of managing a company’s capital assets.

Track all changes. Policies and procedures change frequently. To help resolve conflicts and misunderstandings, require managers to document the modifications, with the date and time, the reasons and who made and reviewed them. Store prior versions for future access; use policy management technology to automate the process. Documenting changes also provides a trail for auditors to test compliance with the company’s policies and procedures in internal and external audits.

Control who has authority to issue policies. Management should decide the level of review required for new and revised policies. For example, the CFO might have authorization to change the monthly closing process without other levels of review, but the company’s external auditors first should review any new accounting policy.

Organize policies logically. Most companies do a poor job of this, making it difficult for employees to find the information they need. Organizing policies alphabetically, in order of issuance or by policy number ignores their content. A sensible organization scheme might group accounting rules by balance sheet and income statement account and human resources policies by activity (hiring, compensation and benefits, personnel review and termination). Well-organized policies also make it easier for companies to identify gaps or inconsistencies in content.

Provide centralized access. Well-organized policies are useless if employees cannot access them. Post electronic versions of policies on your intranet site or Web portal or use policy management software. If hard copies are the only option, store them at a location in the office, plant or warehouse that provides easy access.

Communicate new policies and updates on a timely basis. Frequent communication ensures employees are operating with the most relevant information and reinforces a culture of taking policy management seriously. Communicating all aspects of a change, as well as the answers to expected questions, will limit the number of repeat inquiries employees must make.

Test and document employees’ review and compliance. Periodic compliance testing is a key element of an effective internal control structure. How a company documents employee adherence to policies will depend on the type of policy management infrastructure it has in place. Use technology to record when an employee views the electronic version of a policy and require an electronic sign-off that the employee has complied with that policy. Companies also can install manual procedures to document compliance such as an annual written acknowledgement for specific policies, with periodic updates tested by internal audit.

Provide a feedback mechanism. Good policy management encourages employee involvement. Failure to ask for input likely will produce a substandard set of policies that go unused. If workers cannot easily ask questions about policies they don’t understand, they may make the wrong decisions. CPAs can help companies establish a feedback mechanism. Policy management technology can integrate these questions directly into the electronic versions of a policy. Or, employees can be encouraged to e-mail questions and suggestions or drop them in a central place.

Require managers to do periodic reviews and updates. Many policies today have a very short shelf life. Make an ongoing commitment to periodically review and update policies before they become outdated. Set review dates when a policy is first created. Reviewing policies regularly, even if no one has made changes, is an important internal control. To make sure managers comply with this requirement, companies should consider making policy review a factor in managers’ annual evaluation. Adequate controls are necessary to identify managers who do not meet this requirement.

Source: Adapted from “Effective Policy Management,” by Rocco Tarasi, CPA. He is CEO of Snap River Technologies, a policy management company in Pittsburgh. His e-mail address is rocco@snapriver.com .

SPONSORED REPORT

Year-end tax planning and what’s new for 2016

Practitioners need to consider several tax planning opportunities to review with their clients before the end of the year. This report offers strategies for individuals and businesses, as well as recent federal tax law changes affecting this year’s tax returns.

QUIZ

News quiz: IRS warning on cyberattacks and a change in pension rules

Once again, the IRS sounds the alarm about a threat from cyberthieves. See how much you know about this and other recent news with this short quiz.

CHECKLIST

Bolster your data defenses

As you weather the dog days of summer, it’s a good time to make sure your cybersecurity structure can stand up to the heat of external and internal threats. Here are six steps to help shore up your systems.