Skoda Minotti: CPAs, Business & Financial Advisors

RESOURCE CENTER

Blog

Case Studies

Advisor Insights

Ask an Expert

Tip of the Month

Taxes Quick Guide

Rates, dates and requirements.

  • BDO Seidman Alliance
  • Weatherhead 100

  • SERVICES

    • bio page

    Effective Policies – Building the Foundation of Your Organization

    By Lee Klumpp, CPA

    Policies are guidelines that regulate organizational action and control the conduct of individuals within an organization and ensure that an organization has the foundation to accomplish its mission. Procedures on the other hand describe the normal operating method and provide the protocol for implementation of the policies or the “how to.” Both policies and procedures are required by all organizations in order to operate efficiently, avoid confusion among employees, and ensure that an organization is in compliance with its legal and regulatory requirements. In this article we will explore the best practices for developing sound and effective policies for an organization.

    The day-to-day operations of an organization are managed by every member of the organization’s leadership team (management team) except for the board of directors. The management team members are the ones that are responsible for an organization’s operations and the boards of directors’ are responsible for providing the monitoring and oversight process in order to carry out their fiduciary duty related to the organization. It is important that this concept of division of responsibilities be understood by all parties. If a board of directors is not involved in the organization (therefore hands off or providing the rubber stamp) that is almost as bad as a board of directors that micro manages an organization. In either of these cases the individual board members are opening themselves up to substantial risk and exposure as well as putting the organization at risk. The management team is responsible for developing the organization’s policies and ensuring that they are developed, designed, implemented, and carried out in the day-today operations of an organization. The board of director’s key responsibilities, besides those described above, is to provide vision, strategic thinking, and planning for the organization.

    Management has a wide variety of responsibilities as discussed above, which includes not only the operation of the organization and development of programmatic policies in order to accomplish the mission but also to develop policies related to fiscal controls, physical security, behavioral policies (code of conduct, conflict of interest and ethics), human resources, administrative, and information technology, including social media. When developing policies in these areas it is important to be concise without strangling innovation. Many staff complain that their organization’s policies are too burdensome, confusing or too time consuming to work through. This can cause a culture in which policies are ignored completely by individuals within the organization and therefore the organization develops a vast difference between the written policies and the actual policies within which the organization operates. In most of these cases, the policies were not developed correctly in the first place with little effort put on the effectiveness and efficiency of the policies when they were written. There is no one correct set of rules or methodology for developing policies for an organization. An organization’s policies should be developed specifically for that organization taking into consideration its size, number of employees, segregation of duties, employees’ workloads, consideration of fraud and abuse, and compliance with laws and regulations.

    A key element to remember about policies is that employees and other stake holders look to senior management and even the board of directors to be a model of behavior (tone from the top). If the leaders do not follow the prescribed policies then others will believe they do not have to follow the policies either. A perfect example is that of an Executive Director who wears jeans to the office against the organization’s prescribed policy. Within several months very few people will be following the prescribed dress code. The unofficial dress code being set by the Executive Director will prevail. Individuals in the work force will follow the leader and ignore the official policies. If the policy is worth having then it is worth having everyone follow it from the top of the organization down to every single employee. Once you start to deviate from a prescribed policy it is very hard to get back on the right course.

    Some of the key considerations in developing strong and effective organizational policies are:

    • Involve the people affected by the policies in the development phase to the maximum extent possible.

    • Document all policies and make them available to all employees. With today’s technology this is very easy to accomplish through the use of an intranet site and web portals. Using technology to disseminatethe organization’s policies allows individuals at different sites easy access to the most current version of the organization’s policies. Additionally, having the organization’s policies in a manual that is computerized and maintained centrally makes updating the organization’s policies relatively easy.

    • Obtain an employee’s written acknowledgement affirming that they have read the policies and understand them and accept the responsibility to adhere to them as a condition of employment.

    • Make sure that you use one consistent format in documenting the organization’s policies.

    • Assign effective dates to all newly issued policies and affix the date to the document in order to be able to track when the policies became effective. This can be very important for documentation purposes and discussions with employees that are not following a prescribed policy.

    • Write all policies clearly and concisely. The key is to avoid language that uses vague terms or language that is confusing. If you need to use terms that are specific to the organization or that are based on a specific discipline (i.e. accounting or finance) provide definitions for those terms.

    • Provide training sessions for all employees in order to ensure that they are aware of the policies. Additionally, keep in mind that these training sessions need to occur on a regular basis as your staff expands or turns over and when there are significant changes to an organization’s policies.

    • The management team should consider the risk of fraud that the organization might be vulnerable to as policies are developed. The key thought process here is “what could go wrong” in the transaction streams and processes. Questions like this will go a long way in the development of sound and effective policies to prevent fraud and other abuse.

    • Everyone needs to go the doctor from time to time for a check-up and an organization’s policies are no different. An organization’s policies need to be reviewed on a regular basis to ensure that the policies have stayed current with the needs of the organization and the current environment.

    Some potential sources of feedback on the effectiveness of your policies are:

    • External auditors;

    • Internal audit procedures;

    • Audits by funding sources;

    • Feedback from contributors and grantors;

    • Supervisors or employees bringing weaknesses to the attention of management;

    • New Board Members’ or managers’ input; and

    • Known reported instances of fraud and/ or abuse.

    When the various types of feedback are received the management team must take them seriously. Consideration should be given to the feedback received from these sources and any necessary updates to policies should be made.

    At first glance this may look like a daunting endeavor; however, to avoid feeling overwhelmed, management teams are advised to look at the key processes at each level of their organization as a start. As yougo through this process it may be important for the management team to look for insight and direction by reading articles and other literature on the topic, attending seminars, and seeking the help of professionals and consultants in this area. It is important that no matter how you gather the information and insight to develop your organization’s policies, at the end of the day they are your organization’s policies and the management team needs to take responsibility for them.

    The needs, requirements, and circumstances for designing and developing an organization’s policies vary from organization to organization, and even within an organization that may be complex. At the same time, addressing and applying the information discussed in this article is the first step in designing appropriate policies for an organization. The next step is the design and implementation of effective procedures to carry out the policies and provide the organization with strong internal controls. Stay tuned for a discussion of this process in the next edition of the Nonprofit Standard.

    For more information contact Lee Klumpp, Senior Manager at lklumpp@bdo.com.

    Information courtesy:

    New BDO Logo