Whether you call them policies, standards, or guidelines, rules are everywhere in our organizations. We have rules for how we hire, train, take time off, buy things, and do our work. We have rules for our employees, our vendors, our partners, and even our customers.

Rules are designed to avoid confusion, keep us safe, mitigate risk, and help us to work more efficiently and effectively (or at least they should be).

But rules only work when people follow them.

Unfortunately, bad rules and policies have the opposite effect. Not only will no one follow them, they can send the wrong impression of what the organization is about and how its management treats its people. Policies that sound confrontational, micromanage-y, and out of touch with reality can cause more harm than good.

Rules are designed to avoid confusion, keep us safe, mitigate risk, and help us to work more efficiently and effectively, too. Unfortunately, bad rules and policies have the opposite effect.

rules and policies

Making Rules and Policies Work Better

The good news is that creating good policies is not rocket science. In fact there are four principles I use with my clients that can improve your policies exponentially. Whether you are writing policies from scratch or reviewing and revising your existing ones, use these concepts for the benefit of your employees, management, and organization overall.

1. Put the focus on behaviors you want to change or enforce.

When you are starting on your policy creation or update journey, it can be tempting to obsess over the documents you have already or to start googling every best practice or sample policy out there.

But existing materials can only take you so far. Instead, start with the question: “Which behaviors do I want to change or enforce?” 

When I kick off  a policy project with this question in most cases the answer from my client is an obvious one:

  • “We want to standardize our technology.”
  • “We want compliance.”
  • ”We want people to think about resources before taking on a new project.”
  • ”We want higher quality work going out to our clients.”

I was once working on expense policies for two clients, each with different motivations. One was interested in driving compliance with established parameters; the other wanted to reduce spending. As you can imagine, the clients ended up with different expense policies.

Defining the behaviors you want to see has a domino effect that will guide the next steps of your policy work.

2. Talk to people like they are adults.

Treating people like adults is such simple but often-overlooked advice. Policy expert and trainer Lewis Eisen, whom I have heard speak several times at the AIIM conference, reveals the insidious danger of rules that sound like “angry parents scolding their children.”  While the command-and-control style of management is almost gone in the workplace, why do we still tolerate it in our policies? In Eisen’s book How to Write Rules That People Want to Follow, he shares helpful tools for removing the sneaky “musts,” “shoulds,’” and “mays” from policies that stem from this antiquated parent-child power dynamic of business communications. 

Instead of… 

The vice president must approve all requests to borrow company equipment.


The vice president has the authority to approve requests to borrow company equipment.

Small shifts in the tone of your policies improve compliance and clarity, and, on a deeper level, has a positive impact on how you communicate and show respect for people in your organization. 

3. Write policies that are enforceable, realistic, and short.

When I walk into a company and see loads of unwieldy policies or painfully long ones, it’s a warning sign that policies are weak, unclear, or not being followed.
I have watched this vicious cycle in organizations many times. Policies aren’t followed, so they start writing more and longer ones. It’s like a trainwreck in slow motion. Policies grow to 30 pages and departments spin up hundreds of standards, procedures, and manuals in the name of “compliance”.

Write policies you can enforce. I have seen policies that say things like “all documents must follow the Metadata Standard.” WHOA!  Who is going to enforce that? (As a documentation expert, I can tell you that’s not reasonable.)

Focus on the few things that matter most, not compliance perfection or textbook execution. And yes, this means letting go of things that don’t matter. Trim out any the points that:

  • Aren’t mission critical to your process.
  • Wouldn’t constitute a “failure” of compliance.
  • Might be considered to be micromanaging.
  • Are impossible or improbable to enforce.

If you want employees to take your policies seriously, make it easy(ish) for them to follow (that is, while still remembering to influence their behaviors).

4. Use a principle-based approach.

Maybe this is the Canadian in me, but I have a bias toward policies that are principle-based, not rules and requirements-heavy. (In contrast with our more rules-based neighbors, the Canadian love of principle-based thinking transcends our legal system and accounting rules.)

Principles are about giving people guidance about what to do but not addressing every situation. This means assuming your people are smart and reasonable and will know what to do if they understand what’s needed. 

I was once working with an educational institution on a guideline for assessing and managing projects that brought in additional funding for the school. Instead of outlining the vast range of scenarios (from bake sales to international training opportunities), we used a set of principles to get people to consider the school’s resources and values before taking on new revenue-generating projects.

Think of Enron. Their accounting “complied” with mark-to-market accounting rules, but in principle, the accounting was baloney. Would the Enron shareholders and pension holders not have been better off if, instead of following the accounting “rules,” they followed good accounting principles instead?

And how about your rules, policies, and other documents? 

  • Are you focused on the most important behaviors and requirements? 
  • Do your policies and standards respect your people and the goals of your organization? 
  • Are you laying out core principles for your people to follow?

I hope you can use some or all of these concepts to improve your policy projects and programs. If you have any questions or are looking for help with your work on policies, procedures, or processes, I’d love to speak to you to talk about how Risk Oversight can help you. Please reach out at [email protected].