OIG Guidelines
Policies and procedures that are easy to use and understand can be created with attention to practical design principles. Organizing and synthesizing complex laws and regulations creates a simplicity that begets compliant habits in day-to-day operations, ultimately saving time, creating a compliant culture, and creating an effective compliance program.
Ideas for Policies and Procedures:
Separate policy from procedure
Organize different policies and procedures by discreet topics so people can find an answer quickly
Conduct interviews to design and determine processes and involve the people who will be using the processes. Clarify that the procedures need to be updated before changing processes. Keep iterating the processes until compliance is achieved and if anything changes.
Keep policies and procedures to two pages total per discreet topic
Use sans-serif fonts such as Ariel, as these are easier to read
Create an electronic library that is either on the internet or intranet organized by topics that is searchable and with taxonomies
Consistently review policies and procedures against auditing and monitoring results to determine if processes can be improved or if controls need to be in place.
Keep a log of any changes to policies and procedures with the date, topic affected, and approval source.
Provide hyperlinks out to regulatory citations at the end of the policy and procedure
Create physical spaces that assist in following policies and procedures, including creating posters, objects, review guides, checklists, or booklets of regulations to remind people of the compliance aspects so that they do not have to rely on memory.
Separate Policy from Procedure
The policy portion of policies and procedures can be viewed as containing the reasons “why” the entity is acting on the requirements listed in the procedural section while the procedural section can be viewed as the “how.” As the purpose of the two sections differs, separating the two sections from each other when writing policies and procedures helps a reader better orient themselves and find specific information. The procedures should be clear and detailed to the extent that an outside reader could understand how to perform a given job function.
Sources
The source of the compliance requirements, any relevant historical information as to how the regulations were derived and by whom, and the intent of the underlying requirements is important historical information to maintain a record of, particularly when analyzing areas wherein a regulatory burden can be reduced in a compliance program. Further, the source is also important when reviewing whether the underlying laws and regulations are current.
Language
The way laws and regulations are presented in a compliance setting is different from the way they are presented in a legal setting. The compliance audience is likely concerned with understanding how to do their work. The tone and wording should be from a practical viewpoint of whether the person reading the materials will understand the step by step operational work requirements.
Reimagining information
Reaching people with different learning styles may require the reimagining of the same information in different ways, including visually, physically, and experientially. Visually, compliance professionals may use web sites, checklists, information sheets, and flow diagrams to engage receptive learners. Physically, people can be guided toward compliance by using the architectural space to create compliant behavior, such as through the use of barriers or open spaces. Experientially, compliance professionals can engage others by conducting in-person compliance education that is innovative and interactive and uses humor and emotion.