April 3, 2011

Understanding Policies, Standards, Guidelines, and Procedures


A plethora of documentation exists in the operation of any organization. Management uses this documentation to specify operating and control details. Consistency would be impossible without putting this information into writing.
Organizations typically have four types of documents in place:

Policies These are high-level documents signed by a person of significant authority (such as a corporate officer, president, or vice president). The policy is a simple document stating that a particular high-level control objective is important to the organization's success. Policies may be only one page in length. Policies require mandatory compliance.
  • The highest level of people in charge is the officers of upper management. Chief executives, financial officers, and operating officers are the principal issuers of policies.
Standards These are mid-level documents to ensure uniform application of a policy. After a standard is approved by management, compliance is mandatory. All standards are used as reference points to ensure organizational compliance. Testing and audits compare a subject to the standard, with the intention of certifying a minimum level of uniform compliance.
  • Public standards include the International Organization for Standardization (ISO), Sarbanes-Oxley, and most government laws.
Guidelines These are intended to provide advice pertaining to how organizational objectives might be obtained in the absence of a standard. The purpose is to provide information that would aid in making decisions about intended goals (should do), beneficial alternatives (could do), and actions that would not create problems (won't hurt). Guidelines are often discretionary.

Procedures These are "cookbook" recipes for accomplishing specific tasks necessary to meet a standard. Details are written in step-by-step format from the very beginning to the end. Good procedures include common troubleshooting steps in case the user encounters a known problem. Compliance with established procedures is mandatory to ensure consistency and accuracy. On occasion a procedure may be deemed ineffective. The correct process is to update the ineffective procedure by using the change control process described later. The purpose of a procedure is to maintain control over the outcome.

Figure 1 illustrates the hierarchy of a policy, standard, guideline, and procedure.

 
Figure 1: The relationship between a policy, standard, guideline, and procedure

1 comment:

  1. Thanks for sharing such a great information, Hope you will publish more.
    I really appreciate the blog,
    Please publish more blogs like this
    To know more about CIA do visit the below mentioned Link-
    CIA CERTIFICATION
    Again thanks for providing great quality blogs...

    ReplyDelete