Organizations are responsible for creating and maintaining policies that serve one of the following purposes::
- Improve controls
- Reduce risk
- Increase efficiency and effectiveness
- Elaborate on new compliance regulations or rules
- Enhance understanding of what to do in a specific situation
- Delineate what is in Board of Trustees policy
If what an organization has in place does not serve any of those purposes, it may be considered an operating procedure or a guideline.
In order to distinguish whether or not a policy is necessary, the organization should review existing policies and create new ones when appropriate.
Organizations may use existing policies if the following statements are true:
- The policy is one that the organization currently uses.
- The policy does not need revisions.
- The policy reflects current operations.
- The policy is in writing or published.
- The policy has been approved by the chain of command.
Organizations must create a new policy if any of the following statements are true:
- The proposed policy does not exist or an older, outdated policy is in use.
- There is a change or revision needed to a current policy.
- No policy is currently in use but one is needed.
- The policy is not in writing. (Oral tradition is no longer an effective means of passing on information.)
- The policy has not been approved by the chain-of-command.
Policies must be reviewed according to the Policy on Policy Management.
If you have any questions pertaining to policies, please them via the Policy Questions online form.