Building Boundaries for Your Organization: Why Policies Set the Corporate Culture

Has your organization established boundaries of behavior for employees, relationships, and procedures/processes? Policies, starting with your organizations code of conduct, are meant to filter down throughout the business to govern the enterprise, divisions/regions, business units, and processes to create the overall corporate culture and standard of ethics.

The definition of GRC is, “a capability to reliably achieve objectives [governance] while addressing uncertainty [risk management] and acting with integrity [compliance].” Policies are a very important aspect of practicing GRC effectively. When efficiently and effectively managed, communicated, and enforced policies should:

  • Provide a governance framework - Policy paints a picture of behavior, values, and ethics that define the culture and expected behavior of the organization; without policy there is no consistent rules, and the organization goes in every direction. Policies enable the organization to reliably achieve objectives.
  • Identify risk - The existence of a policy means a risk has been identified and is of enough significance to have a formal policy written which details controls to manage the risk. Policies are critical risk documents of the organization to address uncertainty to objectives.
  • Define compliance - Policies document compliance in how the organization meets requirements and obligations from regulators, contracts, and voluntary commitments such as ESG statements. Effective policy management enables the organization to act with integrity.

Most organizations, unfortunately, do not make the correlation of policy to the development of corporate culture. Without policy, there is no written standard for acceptable and unacceptable conduct — your organization can quickly become something it never intended.

Your organization needs to develop and implement policies that can and will be enforced, but you also must clearly train and communicate the policy to make sure that employees understand what is expected of them. Your organization may have a corrupt culture with good policies in place, though it cannot achieve strong and established culture without good policy and training on policy.


Get Early Access