It’s so obvious to most of us.
Yet, countless executives act as if a corporate policy eliminates risk.
A policy alone accomplishes nothing. It starts to have a tiny effect once it is communicated to employees. The effect grows slightly if training is provided. It become a bit more effective when, after a violation and investigation, the findings are broadly shared with the organization. But none of the above gets even close to a control
The only way for a policy to reach is full potential is to be paired with effective controls and regular audits.
Hat tip to Matthew Letts
The Ethical Leader 