Getting Policies ‘Just Right’: What we can learn from a 19th Century fairy tale

It’s clear that policies are a foundational element of any compliance programme, setting out the principles and standards of behaviour expected of employees that will assure compliance with laws and regulations. But, are you confident that your policies are a valuable and practical aid to employees, promoting understanding and driving compliance in the workplace? Or are you worried that your policies are really just ticking a box – being used primarily as a defensive ‘I told you so’ after wrongdoing has occurred?
To decide where your policies sit on the spectrum of ‘proactive guide to employee behaviour’ to ‘defensive artefact in the face of wrongdoing’ I suggest a few simple tests:

  • Where are they?
  • What do they look like?
  • What do they say?
  • How do they say it?

1.        Where are they?

How do you make your policies available to the employees who need to access them?  Is the whereabouts of your policies a carefully guarded secret?  Are they hidden in the depths of your intranet or on an obscure shared drive?

If you want employees to be guided by policies they need to have easy access to them.  Communicate their whereabouts with clear signposting.  Highlight the benefits of the practical guidance policies can offer and make them available through a variety of channels (web, mobile app etc.) and in a variety of formats.

2. What do they look like?

Today most of us have short attention spans and high expectations of the production values of any document we are going to devote our limited time to.  If your policies are nothing more than densely worded, black and white documents it’s unlikely readers will persevere with them.

Of course, there is a certain amount of rule-based information that policies will necessarily contain but consider applying elements of content and visual design that will help readers access, understand and digest the information that is presented to them.

The use of visual elements such as pictures of employees and locations that reflect the reader’s day to day experience have also been shown to personalise documents and enhance engagement.

3. What do they say?

There can be a temptation to include too much information in policies – we worry that, unless we are explicit and detailed, we will present wrongdoers with some sort of loophole to slip through.  However, when it comes to policies, the adage of ‘less is more’ applies.

Where possible, adopt a standardised and repeatable structure for your policies.  Also think about what belongs in the policy and what should perhaps be presented elsewhere in a standard or a procedure.

4. How do they say it?

User engagement is key and your policies can be written in a way that will either drive or deter user engagement.  Policies should be simple, clear, unambiguous and unequivocal statements of principle.  And, if you want policies to drive behaviour you need to write for your intended audience.

At Waypoint GRC we have developed a 7 point engagement model that you can use to evaluate your existing policies and to guide the drafting of new ones.

And this is where the fairy tale comes in.  Think of each engagement factor as a spectrum and remember Goldilocks and the Three Bears.  For our policies we want to avoid the extremes and find the spot that’s just right!

By following some basic principles of user engagement, compliance policies can become valuable tools to aid understanding and support compliant behaviour in the workplace.  If you want to improve the effectiveness of this key element of your compliance programme, we’re offering a free  evaluation of any of your policies or your Code of Conduct using our engagement model, please visit our website or contact us at

Leave a Reply

Your email address will not be published. Required fields are marked *