The Case for Updating Your Policies and Procedures Manual

When corporate leaders consider updating their policies and procedures manuals, it may seem that the reasons for delaying the project outnumber the pages in the document.

Making changes to the manual is time-consuming. Policies and procedures in the organization may be so siloed that maintaining a manual becomes a challenge. And by the time the ink dries on the newest edition of the document, a new law or regulation may be enacted that requires changing the manual again.

The result is that many organizations have manuals that are incomplete, out of date, badly written, poorly understood, and inadequately enforced. Yet there’s no question that a high-quality policies and procedures manual can provide underlying documentation that helps an organization run effectively and efficiently.

The basics of an effective policies and procedures manual are straightforward. The best manuals are clearly written and easy to understand, with a table of contents that’s easy to use for employees who wish to quickly refer to material on a certain topic.

The best manuals also are created and updated by welcoming information and input from people at all levels in an organization, with a bottom-up approach rather than a top-down system, People who feel they have a say in the creation of the manual will be more likely to follow the rules it contains.

It may be easier to keep manuals up to date if you write the date approved next to each policy so it’s clear whether new rules have been issued.  Dozens of policies may be included in an organization’s manual, but these highlighted five are especially important for reducing risk:

• Approval process over company credit cards. Staff members need to understand that company credit cards are a privilege. To receive a company credit card, employees should agree to terms in writing that enable the company to withhold funds from their pay if they misuse the card. Employees should understand that serious abuse of card privileges may lead to termination or prosecution.

• Segregated payroll responsibilities. If payroll responsibilities reside in human resources, one employee may have the ability to both add people to the payroll and write payroll checks. That presents a big fraud risk. For that reason, it may be more appropriate for finance to handle payroll.

• Conflict-of-interest policies. Board members, executives, and senior staff who negotiate and commit to contracts should sign agreements stating that they will avoid outside influences that may conflict with their duties with the organization. When conflicts of interest are not addressed, it becomes easier for personnel to act on their own behalf at the not-for-profit’s expense or award contracts to someone other than the most qualified vendor.

• Whistleblower policies. An anonymous hotline that exists outside the organization would encourage employees to come forward with reports of malfeasance. The policy also should address the proper method for investigating complaints, and employees should be notified and reminded that the hotline exists.

• Cybersecurity policies. The constant threat of hacking that exists today makes it essential for an organization to have a policy that addresses cybersecurity. Employees need to be made aware of the ways they can help the organization prevent fraudsters from gaining access to sensitive data and systems.

Updating an entire policies and procedures manual can be an overwhelming task and it is better to undertake a little bit at a time. One suggestion is to review and update 25% of the manual  every six months, so that over the course of two years, the entire manual receives scrutiny.

Policies and procedures manuals are of little use if employees aren’t aware of them, so they should be provided to all affected staff. An online version with hyperlinks from the table of contents to relevant sections of the manual may be useful, and some organizations require employees to sign documents stating that they have reviewed the policies and procedures manual.  Staff training associated with the manual may be more successful if the organization makes it entertaining.

Once the manual is created or updated, it’s up to the board and management to establish the tone at the top about enforcing it. This means that the policies and procedures apply to the organization’s directors and leadership as well as to staff.

Meanwhile, management’s efforts to back the policies and make the manual available to all staff can encourage staff to adhere to a document that is designed to enable effectiveness and efficiency.
(Source:  AICPA - CPA Letter Daily - Journal of Accountancy - June 26, 2017)