7 Ethics and Compliance Policy Must Haves

Does your company’s ethics and compliance policy resemble a textbook? If so, it’s likely that your employees haven’t read the policy.

Posted by Joe Gerard in Code of Conduct, Ethics, Ethics & Compliance, Hotlines, Human Resources on September 17th, 2010

Does your company’s ethics and compliance policy resemble a textbook? If so, it’s likely that your employees haven’t read the policy. What’s even more likely though is that the policy probably doesn’t make sense. If this is the case, how can you, as an employer, expect your employees to follow the rules? Writing a clear, concise and practical ethics and compliance policy takes time- but it’s worth it. An ethics and compliance policy is the foundation of your company’s ethics and compliance program. Without a well written policy, your ethics and compliance program is bound to fail.

At the SCCE Compliance and Ethics Institute, I had the pleasure of attending a session on policy writing. The speaker for the session was J. Stuart Showalter, a health care lawyer, compliance consultant, professor and author, with numerous years of experience in ethics and compliance policy development. Please note: Stuart can be contacted through e-mail at showalter.stuart@gmail.com or you can check out his website at jstuartshowalter.com.

Here are my notes from his session:

Writing Policies, Making Sense- Presented by J. Stuart Showalter

According to Showalter:

“Good compliance programs must begin with good policies and procedures. In fact, that is the first element in the OIG’s compliance guidance. So without well-written policies you don’t have a prayer of having an effective compliance program.”

FREE Investigation Report Template

Prepare thorough, consistent investigation reports with our free report template.

Download Template

– Typical scenario: A company operates with a decentralized structure, policies are inconsistent, there’s no central repository for company policies and most importantly, no policy development process.

– To be successful, you need to get buy in: Key influencers consist of senior management, “policy owners”, legal, compliance, and privacy / information security. Everyone needs to be on board in order for the policy development program to work. From this group, designate members to a policy development committee and select a “policy librarian”.

– Format/Template: Research states that companies lack standard policy templates. To be consistent in policy development/ writing, establish a template with the same headings and body. Obviously the content within the policy will change to meet the needs of a specific department or issue, but templates improve the readability of your policies.

– Put definitions in the section in which they are first used: Don’t wait to explain a work or acronym in a footnote or an appendix. Provide a definition to the reader immediately following the work or acronym. This makes the policy easier for employees to read and understand.

– Keep your policy short: Showalter recommends creating a policy that’s no longer than two pages. He also suggests that posting the policy online is the best solution.

Policy Template

During the session, Showalter stressed the importance of consistent policies. The easiest way to ensure policies remain consistent in the workplace is to develop a standardized template. From the presentation, I was able to gather 7 “policy template must-haves”:

  1. Scope: Who does the policy apply to? When is it effective? Is it in place at all times, during emergencies, at night, etc.?
  2. Purpose: What is the policy about. Ex: “To protect the confidentiality of patient information.”
  3. Policy Statement: Statement of standards, fundamental principles. Usually begins with “It is the policy of Company XYZ, that…”
  4. Procedure: Implementation- who, what, where, when, how?
  5. Who is?: Who is accountable, responsible, concerned, informed? Identify these people in the policy.
  6. References: Many employees want to see proof and tend to ask, “Show me where it says I need to do that.” Incorporate citations to laws, regulations, journals, articles, etc, to back up your policy.
  7. Attachments: Use this section to add more details to the policy. If the policy makes reference to certain forms, don’t include the form in the policy, make reference to it and include it in the attachments. Since forms and other documents change frequently, place them on a company intranet, reference their location in the policy and update the forms when required by replacing them on the intranet.

I would like to take the opportunity to thank Stuart for granting me permission to post my notes from his session.


Joe Gerard
Joe Gerard

CEO, i-Sight

Spend my days showing off the i-Sight investigative case management software and finding ways to help clients improve their investigations. Usually working with corporate security, HR & employee relations, compliance and legal teams.

Visit Website

Want to conduct better investigations?

Sign up for i-Sight’s newsletter and get new articles, templates, CE eligible webinars and more delivered to your inbox every week.