Policy Management by Design: How to Create an Effective Policy Strategy that Covers all the Bases
Whether an organization is in the public or private sector, policy management is critical — and becoming more so. A survey of 211 public and private sector organizations conducted by The Economist's Intelligence Unit found that 89 percent of the government respondents and 81 percent of the private sector respondents have suffered a negative impact from the lack of an effective policy management strategy.
The common costs include:
- Heavy fines for regulatory non-compliance,
- Inefficient utilization of business and IT resources,
- Inconsistent application of business decisions,
- Customer dissatisfaction, resulting in litigation and/or loss of revenue.
This article discusses the importance of an integrated, centrally-managed policy management strategy, the challenges organizations face in deploying such a strategy, and how a policy automation platform can help them achieve it.
Ineffective policy management can spell disaster for an organization. Consider these hypothetical, but by no means unlikely, scenarios:
- The two members of an urban child welfare agency's IT staff manage policies on an outdated, cumbersome file system. As a result, they are constantly playing catch-up with rapidly-changing federal, state, and local regulations. Equally overburdened administrative staff are responsible for ensuring that caseworkers comply with regulations and the agency's internal policies. As a result, cases are sometimes mishandled and children get hurt. The agency winds up in a widely-publicized child abuse case and is sued by the city.
- A Fortune 500 financial services firm's internal auditors and information security officers have developed a comprehensive set of internal policies to ensure compliance with federal regulations. However, the company has no rapid or systematic way to deploy, enforce, and manage these policies across the enterprise. The situation becomes more challenging when the company acquires two other companies, both of whose processes are different from each other's and from those of the financial services firm. A group of traders breaks some rules in pursuit of profit, and a major client gets burned and complains to federal regulators. The company pays a heavy fine and loses a big chunk of credibility and customer goodwill.
- A single mother receives her tax return and can't understand why she hasn't gotten a tax credit for her child. She goes online to the tax & revenue agency's website and queries her problem but can't find a definitive answer. She then puts in a call to the tax department, only to have the operator to give her a different response. Disillusioned, she hangs up and wonders how she can gain clarity or possibly even appeal the situation.
Such cases are all too common these days because so many organizations' policy strategies are fragmented, out of date, haphazardly deployed, and — ultimately — ineffective. High-level executives are acutely aware of the problem.
Several dovetailing trends are making it both more difficult and more critical for organizations to get a better handle on the rules and regulations that govern profit and loss, IT operations, and interactions with customers. Government and industry regulations are becoming more complex, far-reaching, and volatile — and the penalties for non-compliance more onerous.
Three-quarters of the survey respondents reported a rise in the number of new policies requiring implementation in the past year, and seventy-seven percent said they expected this trend to continue over the next three years. Eighty percent said they are only occasionally or somewhat effective at changing policies.
In the public sector, an aging population and the economic recession have greatly increased the number of applicants that social service organizations must deal with. Eligibility requirements have become more stringent and complex, and benefit packages and tax structures are more complicated and confusing to the average citizen. At the same time, budget cuts are forcing agencies to do more with less. Call centers are struggling to handle a growing volume of customer queries, whether they are about the latest tax laws, visa eligibility, or eligibility for a particular type of insurance plan or mortgage.
Organizations must thus design policies that facilitate the sharing of sensitive information without compromising security — no easy task. Executives are well aware that their organizations are paying a heavy price for ineffective policy management. One solution: holistic policy management through automation.
The Holistic Approach to Policy Management
Unfortunately, many of today's organizations suffer from policy fragmentation — rules developed and deployed in a more or less haphazard fashion, with each group or division creating and following its own rules or versions of rules. The challenge that business and technical leaders face is to figure out how to craft a more effective policy management strategy without breaking their overstrained budgets. For a growing number of public and private sector organizations, the answer is policy automation to ensure consistency, increase organizational agility, and enable transparency.
An integrated policy automation platform manages policies in a seamless, circular workflow that consists of the following processes:
- Collect information from policy experts, knowledge workers and legacy systems;
- Define and model policies; run what-if scenarios and perform pilot tests to determine their viability and effect on specific business areas;
- Deploy and enforce policies and controls across all relevant business areas and applications;
- Monitor and analyse policies' impact in real business situations;
- Update policies, based on analysis, new regulations, changing business priorities and so on.
Here is a closer look at how policy automation adds value at different stages of the process flow.
Policy Generation: Consulting the Experts
An effective policy management system needs to incorporate all relevant rules and knowledge that reside within a siloed group. Information security officers know the specifics of government regulations such as Sarbanes-Oxley and HIPAA. Business users know the value and sensitivity of different types of data. Customer-facing employees — such as caseworkers, call center staffers, loan officers, and sales executives — can provide best practices in critical areas such as eligibility screening.
Historically, however, business users' input into policy design has been limited because the users have needed access to an IT manager every time they wanted to create or modify a policy. A policy automation platform addresses this problem by enabling users to create and modify policies directly, using natural language and familiar software tools such as Microsoft Office. The platform can also interact with ERP and HR systems and various databases; extract rules and policies from documents; and present them in natural language (or in Microsoft Excel or Word) for review by policy owners and business executives.
Involving business experts directly in policy design and modification both streamlines the process flow and ensures that the end result reflects the knowledge and priorities of different areas of an organization. Rules and policies are stored in a central rules repository, and all additions and changes are tracked and recorded, along with who proposed which rules or modifications.
This not only facilitates collaboration but also enables an internal security officer, customer service representative, or IT manager to look up the logic behind a policy at a later date. Once a policy has been defined and formalized, it is modeled to determine the cause-and-effect relationships of rules involved in decisions and to determine their impact on various business areas.
Deployment: Make Sure Everyone Is on the Same Page
An effective policy management system automatically propagates rules and best practices on key applications and provides employees with a consistent set of rules and best practices. This assures quality in critical interactions, such as when a bank officer is determining a customer's eligibility for a special rate or mortgage or when a tax agent is assessing and determining the right action in a possible case of fraud.
On the security and compliance front, employees need to know what information they have that they can't share and what information they're not supposed to ask for in the first place from a customer. IT needs to apply system controls that monitor and prevent users from breaking those rules. Too often, however, organizations either count on employees to do the right thing or define very high-level policies that are open to individual interpretations. Either way there's risk, especially with today's increased stakeholder and shareholder liability.
A policy automation platform provides a variety of options for disseminating policies across an organization and out to customers as well. Policies can be made available to employees via a web portal, pushed out to their mobile devices, or embedded in a customer relationship management application. A policy deployed on a call center system might tell staffers not to ask a customer for more than the last four digits of a Social Security number. If the staffer forgets, the system might simply refuse to store the full number. Policies deployed on an organization's website can help ensure that customers and citizens receive accurate and consistent answers to their questions and are guided through often-complex screening processes that determine whether they are eligible for a new tax break, a certain visa, a particular type of mortgage, or a cash payout after an auto accident. Web-based policies need to reflect federal regulations as well as local laws. When issuing price quotations via a web browser, there are certain financial requirements and discounts within a certain range for a given customer. Tax policies, too, have to be accounted for if someone is buying from a certain state online.
Public and private sector organizations are using a policy automation platform (such as Oracle Policy Automation) to ensure that new legislation is incorporated into policy changes in a timely fashion and that IT, policy owners, and business units are all involved in policy development. The latest policies are automatically deployed to the call centers, drop-in locations, and field workers. Policies are also deployed on the organization's self-service website, so that citizens and customers are apprised of the latest rules and regulations that apply to them and can do calculations to determine if they are eligible for special programs or offers. This not only saves call center costs but also boosts citizen and customer satisfaction because they can get the answers at a time that suits them, without taking the time to contact a live person at the call center.
Other key elements of a successful policy automation platform include auditability and transparency. A policy automation platform keeps track of the process by which a policy is developed or updated so that, later on, experts can deconstruct it, determine what works, and fix what doesn't.
At least as important as these, when a regulator or a litigator comes calling, is the organization's ability to produce records that prove that their policies follow all the necessary rules. On the CRM front, loan officers and social service agents can cite the policies behind a decision to deny a customer or citizen eligibility. This can help defuse a potentially-volatile situation that could lead to the loss of a customer, or even a lawsuit.
For public as well as private sector organizations, automated policy management and deployment ensures that employees' dealings with customers are optimized for both sides — that customers' questions are efficiently and accurately answered and that eligibility decisions are substantiated to ensure true transparency.
A policy automation platform enables an organization to:
- Implement and enforce legislative and regulatory policies across multiple service delivery channels, ensuring consistency throughout the enterprise;
- Keep policies in tune with changes to regulations, in the marketplace and within the organization, governing situations such as an acquisition or entry into a new product area;
- Guarantee accuracy of decision-making by deploying rules that business users can understand, with direct links to source policy documents;
- Use what-if analysis to assess the impact of proposed legislation, regulations, and policy changes on customers and citizens.
The bottom line: A policy automation platform enables companies to make more consistent and effective business decisions while making more effective use of available resources. The paybacks include reduced costs, reduced risk, higher profits, increased organizational agility, and increased customer satisfaction through transparency and efficiency.
 Economist Intelligence Unit, Enabling Efficient Policy Implementation, January 2010. Available at: http://www.oracle.com/us/industries/public-sector/economist-report-193495.pdf
# # #