From MetricStream press release
More than half of organizations (55 percent) can’t tell when their own employees violate company workplace rules and policies across the enterprise, according to a revealing survey by MetricStream.
The company, a developer of governance, risk, and compliance (GRC) apps and solutions, said the survey, “What Makes an Effective Policy Management Program?” paints a picture of how organizations create, manage, and communicate policies.
Other results from the survey:
While only about 1 in 4 organizations use policy management software, the benefits they enjoy are significant. Of these organizations:
- 21 percent take less than a month to develop and publish a policy from scratch
- 70 percent do not consider it challenging to author and distribute policies, or provide training
- 60 percent encountered fewer than 50 policy violations in the last year
Policy management software eases policymaking
- 80 percent of organizations using policy management software on a GRC platform take less than three months to author and publish policies, compared to only 55 percent of organizations using pure-play policy management software
- 42 percent of organizations that require employees to attest to certain policies encountered less than 50 policy violations.
- 59 percent of organizations that have mapped their policies to risks and compliance requirements do not consider it challenging to update polices as regulations evolve.
- The majority of organizations that use standardized policy templates (62 percent) take less than a quarter to develop and roll out a new policy.
French Caldwell, Chief Evangelist at MetricStream, said the survey shows automation and consistency work.
“Our survey findings indicate that an integrated and consistent approach to policy management can yield significant benefits,” Caldwell said.
Many organizations have written policies, but much more is required to ensure that those policies are adhered to across the enterprise. To build a pervasive culture of ethics and risk-intelligent behavior, organizations must ensure that their policies are communicated effectively and updated regularly in line with regulatory and business changes. Moreover, policy compliance and violations must be tracked and addressed proactively.
“Those surveyed who have mapped policies to risk and compliance requirements, have integrated training into policy management programs,” Caldwell said, “or are using policy management software on a GRC platform are able to create and communicate policies faster, update them effectively, and minimize compliance violations.”
To read the entire survey results, go here.