local_phone
+1-888-541-9707
local_phone
+1-888-861-6795
A policy, by general definition, refers to a course of action established to give guidelines toward sound business strategic plans and acceptable objectives. According to Ramey and Carl (1991), it represents a direct link between the vision and the daily activities of an organization. Policies are very crucial because they point out the main activities and provide an overall plan to decision-makers on how to tackle issues facing an organization. They also offer limits and a wide range of alternatives that would guide the process of decision-making. Policies are general in nature and are usually put in simple terms. They identify the rules of an organization, give reasons as to why the rules exist, when they apply, the people it covers, how they are enforced, and lastly, stipulate the consequences of not adhering to them (Ramey and Carl, 1991). However, policy should be differentiated from law, because law compels or prohibits behavior, but policy acts as a guideline towards attaining a desired goal.
Types of Policies
An organization can have many different types of policies, such as Information Security Policies, HR Policies, IT Policies, Finance Policies, Information Management Policies and many more others (Smith, 2002).
Human Resource Policies
They refer to the official rules as well as guidelines that organizations follow, which direct the way they assess, hire, train or reward their employees. According to Green (1999), Human Resource Policies can go a long way into eradicating misunderstandings between employers and employees that may arise due to infringement of certain rights or obligations. However, they have to be well organized and spread in a form that can be easily understood. Ardella Ramey and Carl Sniffen (1991) state that, “Sound human resource policy is a necessity in the growth of any business or company”. An acknowledgment of this requirement may occur when managers in the organization realize that a lot of time is often wasted due to issues dealing with human resource. This time could be used in planning for the growth of the organization or even in production and marketing. An organization is always at a disadvantage if there is a lack of clearly written and standardized policies.
Small businesses have no choice but to execute and apply fair human resource policies in their running of daily operations. Businesses that go out of their way to institute sound and comprehensive HR management policies are better prepared for success in the end than the rest. However, HR management policies have to be consistent in nature; otherwise, the results would be disastrous. Workers will have low morale, minimum employee loyalty, and the company will be highly exposed to legal penalties.
Green (1999) stipulates that, HR policies of a small organization should cover every aspect of human resource including holidays, meal periods, employee classifications and many more others. Koch and Rita (1996) also advance that formal human resource policies are advantageous in many ways as they contribute to the success of the organization. Notably, even the best policies will go to waste if managers in charge of the HR policies become reckless and incompetent in administering their duties.
However, organizations or small businesses that are consistent and intelligent in administering their HR policies will reap rewards in many areas, such as:
Making Constant Changes to Existing HR Policies
According to Ulrich (1998), it is paramount that organizations constantly revise their established HR policies. This is because as an organization or company grows, the environment they operate is changing. However, small businesses have to be cautious when they go about updating their HR policies. At times, even minor alterations to policy can end up in unplanned consequences. Ulrich (1998) also views that small firms and organizations have to understand the fact that any change in HR policy can have some impact on every individual in the organization. Any proposed change has to be cautiously examined and should involve consultations with trusted individuals within the organization. A change in policy should be circulated effectively and widely to each employee.
Information Security Policies
Many organizations possess high-level information policy that stipulates how and what information can be handled within the organization. Long (2006) describes an information security policy as that which addresses issues such as integrity, disclosures as well as availability concerns. Notably, many factors have to be considered before developing a security policy: for example, the type of the audience, the maturity of the process of policy development as well as the size of the company or organization. If an organization plans to start developing information security policy, it is advisable for them to employ the use of a phased approach, which starts with a basic policy framework, touching on the major policy required, before developing a large number of policies.
According to Long (2006), a security policy should:
Jarmon (2006) also adds that information security policies provide a framework that would reduce or minimize security risks and that there is an effective response to security incidences. The policies also help the staff become a part of the security team and hence secure the organization’s information assets. Barman (2001) also states that they also define the organization’s attitude towards information, thereby announcing that information is also property of the organization, and therefore, has to be protected from being accessed, modified or destructed by outsiders.
Information security policies can serve as compliance tools, which show where the company stands when it comes to the best practice issues (Jarmon, 2006). The policies should be useful in protecting the security of the organization. However, they must be workable and realistic; they should match its audience and intermingle with other organizational policies within the organization. To attain this level, an organization must involve all the key players in policy development. Stone (2008) also adds by stating that the importance of the policies has to be communicated to organizational members who will live by them. To avoid facing users’ rejection, it is important to communicate the message that the policies are a framework that creates an enabling environment for employees to work.
The audience of such policies includes all company employees, who can then be divided into sub-categories: management, technical staff, and the end users. The audience plays an important role of determining what can be included in each of the policy document. Organizations have to make sure that security policy documents are consistent with the everyday needs of its audience; hence, they have to use different document types within the framework of a policy.
Governing policy
At a high level, governing policy should take care of information security concepts, define them, describe their importance, and state the organization’s stand on them. Both managers and end users will read it. The two groups, together with technical custodians, by default, will use the policy to achieve a sense of the organization’s philosophy on security policy. It is important to note that Governing Policy should be aligned with both existing and future company policies.
On the other hand, technical policies are to be used by custodians as they go about with their security duties for the system they are aligned with. Technical policies are more detailed that Governing Policy since they cover more topics that are specific to the general technical topic; they describe things that must be done. According to Barman (2001), procedural documents lay down the necessary steps required to carry out the policy statements. They may be written to assist readers understand what is in policy explanations.
When writing security policies, there is a need for policymakers to prioritize the topics that need to be addressed first. The remaining information can then be prioritized due to business sensitivity or criticality. It would enable one to discover which of the information is more sensitive than the rest.
In conclusion, Security policy in any organization provides evidence of the organization’s position on security matters and provides a living tool for every worker to assist in building or maintaining a certain level of security (Jarmon, 2006). This, therefore, calls for security policy to be accurate, useable, and comprehensive.
Information Management Policy
Information management policy includes a set of rules that manage the behavior and availability of a specific type of content that is important to an organization. Anderson (2005) stipulates that the policy empowers administrators to direct and evaluate individuals that can access information and the duration for information to be retained. The creators of this policy include records managers, compliance, IT staff, and all those responsible for managing risk. Information management policies cover all information assets that belong to an organization. However, some aspects of the policy could be available for the public; that is if the organization can be subject to freedom of information legislation.
Records Management Policy
The policy falls under information management policies. It is usually referred to as a “top level” policy, which is all about the maintenance and destruction of business records. The policy deals with documents, paper based files, computer-based files, electronic mail messages, faxes, diaries, intranet and internet web pages, brochures and reports, forms, maps and plans, photographs, microfiche and microfilm, and seized evidence (Anderson, 2005).
Records Management Policy usually applies to all employees, consultants, contractors, and secondees who can access organization’s records any time. The management of records helps organizations meet their statutory objectives. Records management policy, notably, cross-refers to related policies, including:
Information Technology Policy
IT policies express an organization’s vision, principles, and strategy as they relate to how information and information technology resources can be used. They interpret laws and regulations that can be applied within the company as well as ensure that the policies conform to legal requirements. Moreover, IT policies denote specific requirements for the regular use of IT resources across the organization.
For there to be a meaningful IT policy development process, an organization has to adopt a framework that would:
IT policy usually applies to all handling of the IT facilities in an organization. It covers both communication and computing facilities, including desktops, email, printers, photocopiers, internet, telephones, mobile telephones, facsimiles and other web services. The policy represents an organization’s position on matters dealing with IT. Therefore, it should be consistent and appealing to all users. On the other hand, users must know of their responsibilities and be ready to comply with the IT policy. They should also be aware of their legal obligations.
Accounting Policy
Accounting policies refer to specific policies that an organization uses in preparing its financial statements. They include bases, specific principles, rules, measurement systems and procedures that can be used to present disclosures. They represent an organizational way of following the rules involved in accounting.
Selection and Application of Accounting Policies
The accounting policy applied to a transaction has to be determined by using the Standard or Interpretation issued by the International Accounting Standards Board (IASB) for the particular Standard or Interpretation. In case the Standard or Interpretation is absent, then the management is allowed to use its judgment to develop and apply an accounting policy, which will bring out reliable results.
An organization can pick and apply accounting policies repeatedly for transactions that are similar, except when a standard or Interpretation allows items to be categorized so as specific policies can be applied. An organization can decide to change an accounting policy, if it is required to do so by a standard or interpretation or if the accounting policy results in financial statements giving relevant information on the effects of transactions.
Various disclosures arise due to changes in accounting policy caused by a brand new Standard or Interpretation:
Critical Accounting Policy
This refers to a policy for an organization considered as possessing a highly subjective element, which also can affect the financial statements materially. According to Howard (2005), most accounting policies usually involve subjective valuations put on various items to allow an observer to have the best view of a company by looking at just one single balance sheet or loss statement. Critical accounting policies are policies particular to an organization and are more subjective than other policies. Many analysts and investors focus on critical accounting policies, because their subjective nature is more vulnerable to creative accounting, especially that the one referred to as a slush fund accounting. Here, excess earnings from a specific financial period are hidden by altering the subjective element of the policy. The hidden funds can then be channeled back to profit the company during a bad quarter. Most companies do this because they have to maintain the profitable aspect of a company.
Examples of critical accounting policies include:
Characteristics of a Good Policy
Characteristics of a Bad Policy
In analyzing policy,Jenkins (1978) lays down the following characteristics:
Conclusion
According to Smith (2002), a policy is essential because it gives an outline for action that helps an organization accomplish their tasks. A policy can also be seen as a tool to be used in quality improvement, which allows various requirements to be met. It forces an organization to conform to accreditation standards. The various elements of a policy are as follows:
Comedy | Minimalism |