Pink Elephant Blog
IT Governance and Employee Compliance
Last August we presented a special Symposium focused on IT Governance. One of the speakers was Lisa Welsher from Right Process. She talked about the challenges of getting people to take accountability for policies and procedures, especially when legislation such as the Sarbanes-Oxley Act is requiring organizations to do the same. Lisa's company has developed a method for taking policies and procedures (P&Ps) through an implementation lifecycle. The premise being that it's not enough just to communicate to staff that P&Ps exist, or have changed. You really need to be sure that what's written down as intention really is happening. So, how d'ya do that? According to Lisa, P&Ps and their associated documentation are not going to add value unless you do 4 things on implementation: 1. Get people to accept the documentation by having them sign-off once they've absorbed it. 2. Then test them on their new knowledge; thereby validating that the sign-off was done in good faith. 3. Going forward, require them to provide feedback and improvements from their ongoing work experience; again, validating that they have bought-in and are committed enough to embrace continuous improvements. 4. Regularly audit the application and validity of the P&Ps within the operation. Can you imagine going through all four steps and still having documentation, policies & procedures that no one respects? This all sounds like a great idea to me. We've already seen at Pink that cultural issues are one of the critical success factors for deploying change in IT. Just writing down and even communicating new policies and procedures is never going to be enough. We need something to help follow-through, because people are always likely to fall back to more familiar ways of working - it's human nature. Sometimes you just have to take the horse to water and MAKE it drink! Anyway, the folks at Right Process have developed a tool containing activities and KPIs to help make the concept of "employee compliance" a practical reality. If you're interested in learning more, get in touch with them and ask for a demo of their web enabled solution (you'll find Right Process at http://www.rightprocess.com). I really think they're on to something.
Like this article? 
Comments