I’ve worked in the compliance and risk field for almost 15 years. Every company I’ve worked for and with has had policies; all of them also had and made exceptions to their procedures and guidelines. The way the policies were written, stored and communicated tends to be similar across organizations. However, the way exceptions are managed is less consistent. Depending on the company’s size and maturity, exceptions might be granted during simple a hallway conversation; or in a more formal method, as a multi-level risk analysis and approval workflow using a technology.
Having up-to-date, accurate information in a shared environment creates accountability and makes for a more engaged employee. And that, in turn, helps create a successful company. An open form of governance and compliance helps ensure participation and trust. It’s a good operational principle.
Managing risk within the confines of your own business is hard enough. When you tack on risk associated with vendor relationships, the complexity only grows. As business leaders, we have to carefully manage vendor relationships to protect our customers, employees and stakeholders, but the process can be daunting.
I’ll admit it, when you’re starting a business, one of the last things you want to think about are corporate policies. Your focus is on getting your product or service to market and growing a solid team, not on some collection of dos and don’ts. Besides, that’s what large, stodgy companies do, right?