Organizations Score Well on Policy and Procedures Attestation – but Struggle to Measure Program Effectiveness

Leading organizations – especially those in highly regulated industries – increasingly turn to automated systems to improve efficiencies and ensure they’re audit-ready

PORTLAND, Ore.--()--Leading ethics and compliance software and services company, NAVEX Global® today announced the release of its 2018 Ethics & Compliance Policy & Procedure Management Benchmark Report. Eighty-six percent of respondents said they require employees to attest to having received and read a policy or procedure. But just 15 percent of those reported using metrics to confirm employees’ understanding through their automated policy software solution -- and nearly one-third of organizations don’t measure effectiveness at all.

The findings, based on a survey of 1,200 respondents, come after the US Justice Department’s Evaluation of Corporate Compliance Programs released guidance in 2017 to prepare organizations for potential audits. The suggestions include providing proof of employee attestation as well as connecting policies to metrics that demonstrate success at reducing or prohibiting misconduct along with a process for revising them as needed.

“Policies and procedures are the backbone of a compliance program – and it’s no longer sufficient to merely document that they exist,” said Carrie Penman, Chief Compliance Officer and Senior Vice President, Advisory Services, NAVEX Global. “From a regulatory perspective, organizations must be able to show that employees know and understand the policies. In addition, rigorous program measurement has the benefit of helping demonstrate program effectiveness. This is significant because four out of five respondents expect their budgets to remain flat or decrease in the next year.”

The report also found that leading organizations, particularly in highly regulated industries, are turning to automated policy management systems and best-practice procedures to be ready for audits. Most organizations not adopting such a system cited cost as their principal roadblock.

“Closer analysis shows that automated systems more than pay for themselves, because they improve collaboration, increase operational efficiency, establish consistent version control, provide employee accessibility, measure performance and deliver considerable savings on administrative overhead,” Penman said. “Adoption of automated systems is higher among regulated industries, but organizations in virtually any sector can benefit.”

NAVEX Global’s benchmark survey also found that for more than one-third of organizations, members of the board of directors are either key, or singular, decision makers for policies at the organizations they oversee. Regulators often require boards to have knowledge and oversight of an organization’s compliance program, including policies and operating procedures. But best practice is for policy and procedure determination to be a management’s responsibility, with the board playing an advisory role.

“It’s good that the board is involved, but its role needs to be properly calibrated,” Penman said. “Board members should be influencers on policies and procedures, not the decision makers or the individuals who run the actual program.”

Other findings in this year’s report include:

  • Although the vast majority of organizations require all employees to formally attest to at least one policy – and nearly half (48 percent) require annual re-certification -- only a third of the respondents (36 percent) are leveraging a commercially developed policy management software to consistently deliver policies, track attestations and automate audit trails.
  • Similar to the results from the 2017 benchmark report, training employees on policies was once again the top challenge for policy management, followed by aligning policies with new and changing regulations, and improving version control and policy redundancy.
  • Nearly half of organizations (48 percent) feel they have avoided legal action or reduced costs due to their policy management program.
  • Compliance, Human Resources, and Legal are all highly involved in influencing and decision making for policy and procedure management. Internal Audit, IT, Procurement, Finance, and even the board are also active in providing input and advice. Business units consulting with each other prior to rolling out policies and procedures is a positive trend in light of the recommendations provided by the Justice Department’s Evaluation of Corporate Compliance Programs.

Join the webinar diving into these findings by registering here.

About NAVEX Global

NAVEX Global's comprehensive suite of ethics and compliance software, content and services helps organizations protect their people, reputation and bottom line. Trusted by 95 of the FORTUNE 100 and more than 13,000 clients, our solutions are informed by the largest ethics and compliance community in the world. For more information, visit

Learn more about NAVEX Global ( online: Ethics & Compliance Matters™ Blog (, @NAVEXGlobal (, LinkedIn (, Facebook ( and SlideShare (


Chris Gale, 646-695-2883

Release Summary

NAVEX Global today announced the release of its 2018 Ethics & Compliance Policy & Procedure Management Benchmark Report.


Chris Gale, 646-695-2883