I’ve worked in the compliance and risk field for almost 15 years. Every company I’ve worked for and with has had policies; all of them also had and made exceptions to their procedures and guidelines. The way the policies were written, stored and communicated tends to be similar across organizations. However, the way exceptions are managed is less consistent. Depending on the company’s size and maturity, exceptions might be granted during simple a hallway conversation; or in a more formal method, as a multi-level risk analysis and approval workflow using a technology.
Having up-to-date, accurate information in a shared environment creates accountability and makes for a more engaged employee. And that, in turn, helps create a successful company. An open form of governance and compliance helps ensure participation and trust. It’s a good operational principle.
More than likely, you have a process for managing vendor relationships. You may even have a sophisticated process with a centralized vendor repository, risk assessments, due diligence, contract review, careful onboarding and ongoing monitoring. But how many of your employees know the process? And more importantly, how many of them understand how they fit in?
I’ll admit it, when you’re starting a business, one of the last things you want to think about are corporate policies. Your focus is on getting your product or service to market and growing a solid team, not on some collection of dos and don’ts. Besides, that’s what large, stodgy companies do, right?