I am often surprised at the number of organisations that don’t know the difference between a policy, process or procedure, which I will refer to as the ‘three P’s’ in this blog.
Security policy, security process, security procedure sounds like the same thing, right?
It’s not. There’s a reason why it’s so difficult for businesses to determine the difference between the three P’s: they are poorly defined and structured in most organisations. Most organisations – mistakenly use the three P’s interchangeably.
A policy sits at the top of the hierarchy. A policy is a rule or guideline that helps an organisation govern a process and manage risk.
The example of a policy shown above in Figure 1 is a Finance Policy stipulating a limit to the invoice amount a staff member can process without authorisation.
Policies are often influenced by legislation and industry requirements and are mandated by the company’s CEO and Directors.
Processes sit below policy. A business process is a series of related, structured activities performed by a group of people to accomplish a specific organisational goal.
Processes can also be described as workflow management as it is a system of overseeing the handoff of information, documents, and tasks from one employee within a team to another.
The example of a process shown in Figure 1 is an Accounts Payable Process which is governed by the Finance Policy stipulating the invoice limit that requires CEO approval.
A procedure is a sequence of steps or work instructions to complete an activity within a process. Procedures often have system related instructions so they may include screen prints from the relevant application.
The documented procedure should be detailed enough for an experienced employee or new starter to carry out the process activity without difficulty.
The example of a procedure shown in Figure 1 is for entering invoices, which is one step of the Accounts Payable Process.
A mid-tier accounting firm has a team of 2 to perform their accounts payable activities. Last month one of the employees quit suddenly whilst the other was on long service leave. The accounting firm hired someone immediately however they were unable to provide the new starter with any documentation on how to manage the accounts payable process within the firm.
As you can see from the example case study above, if this accounting firm had documented standard policies, processes and procedures it would have been relatively smooth sailing when their accounts payable clerk suddenly departed.
Implementing standard policies and processes to execute specific procedures is also integral to business productivity, growth and profitability. Further it is important to regularly review and update them to ensure you are receiving the maximum benefit of having them. We have found a great platform that helps with easier adoption of and updating of company procedures called Guidethrough.
Defining the three P’s will:
Correctly defining and implementing the three P’s will benefit a business by:
A defined process makes it easier to track employee and machine performance. When a link in the chain is broken, it is simple to go back and determine where this occurred. It also serves to standardise working methods, ensuring that every employee working on the same level is performing the same function.
Providing a consistent product or service that is predictable at every level, will empower customers with access to timely and personalised solutions. A consequence of a customer-driven process is increased or repeat business.
A defined process can help businesses find ways to improve their production or service process. By defining and clarifying the roles and responsibilities within the process, the company can easily determine where improvements can be made and implement changes to increase productivity and improve the quality of the product or service
By tracking processes with workflow management software and generating insights on business processes, the company can more easily determine viable options for continuous improvement. Having a standard business process mapped enables you to more easily deploy workflow management software. Examples of workflow management tools used by our clients are Trello, JIRA, Planner, Karbon, Asana, Wrike and Smartsheet.
Properly defined policies, processes and procedures will undoubtably lead to better business outcomes. Support your business objectives, improve customer service and create efficiencies by setting the right foundation with the three P’s or risk running your company blind!