6. Styrande document Policy Governance

Transcription

1 6. Styrande document Policy Governance Kunskapsdagen Malmö

2 Agenda 1 Background 2 What do we want to achieve? 3 Policy Governance - approach 2

3 What people talk about when they think of Group Policies... Instructions Process Functional Standard Statements Guidelines Ambition Mandate Vision Approver Rules Matters of Major Importance Instruction Consequences Procedures Policy Owner Policy Sponsor 3

4 ExCUSME what do we want to achieve with policy governance? Existence The Policy is defined (and relevant) and documented by the Document Owner Communicate The Policy target group is defined and it is communicated to them Understand The Policy is understood by the target group. Any questions/issues are raised and handled Sponsor The respective responsible manager is securing the implementation in his/her target group Monitor The adherence (and relevance of) to the Policy is continuously followed up [by self assessment where the target group report adherence and policy owner regime has the oversight and monitor compliance] Enforcement Any consequences of non-compliance are enforced 4

5 project model of Policy Governance to be tailored Approach The approach is divided into the following five phases. Define Policy Governance Framework Define Portfolio of Policies Create Policies Implement 5 Monitor & enforce Main activities To achieve the objective of the approach, we propose the following major activities in each phase Define building blocks of Corporate Governance Define document hierarchy including definitions Define roles & responsibilities Define Work flow relating to maintenance of Policies Define Portfolio of Policies considering external requirements, business risks, Vision & Values and good practice Appoint document owner Gather information leveraging on existing documents and obtain subject matter expertise. Create draft using defined standard template. Align & Review. The draft is aligned with other dimensions of the Policy Governance Framework. Communication activities Training activities Handling of exceptions Local implementation Clean-up activities Perform self assessments Provide compliance statement Validate through assurance Define monitoring of compliance Define templates The Policy owner obtains proper feedback from representatives of the intended audience to confirm that it is understandable Result Each phase produces the following results and output. Policy Governance Framework Templates Portfolio of Policies Document owner appointed Approval of Policies Portfolio of Policies created and approved Approved Policies are implemented and acknowledged Compliance statement provided and validated 5

6 Define Policy Governance Framework Define building blocks of Corporate Governance Define document hierarchy including definitions Define roles & responsibilities Define Work flow relating to maintenance of Policies Define monitoring of compliance Define templates 6

7 Reporting Reporting Building blocks of Corporate Governance Oversight and Directional Trustee on behalf of the shareholders/owners Owners/Shareholders Board of Directors Audit Committee Special Committees Vision, Philosophy & Core Values Culture and Enabling Structure Define Tone at the top Ensures alignment with objectives Strategic Objectives & Goals Corporate Organization Structure Code of Conduct Internal Control System Facilitates achievement of objectives, oversight and Controlling supporting the Board s agenda Policies and Procedures Delegation of Authorities Roles and Responsibilities Management Processes Strategic Planning Operational Planning Budget/ Forecast Risk Management Monitoring Core Processes R&D Marketing & Sales Purchasing Production Distribution Service and support Support Processes IT HR Financial Reporting Quality Procurement Communica tion 7

8 Document hierarchy and definitions - example Policy (What) Code of Conduct (Principles) Mandatory Policies apply to all employees and all entities in the organization and establish rules and boundaries for how the Group will act in significant areas. It mandates conduct relating to business activities, where the consequences of non-compliance could have severe consequences for the Group. Group Policies to include purpose statement outlining objectives to: Instruction (How) Procedure /Process (How) Mandatory Nonmandatory achieve aspirations upholding values and ethical standards managing significant business risks define the boundaries for the management and control of operations A Group Policy shall include a section on monitoring, i.e., objective evidence that will exist to verify the implementation of the policy. Standard template for Policy is mandatory format to use. The standard template is populated with mandatory headings (incl. instructions) requiring mandatory information and statements to be made when creating the draft. 8

9 Define Portfolio of Policies Define Portfolio of Policies considering; External requirements Business risks Vision & Values Good practice 9

10 Portfolio of Policies should reflect: External requirements Risks Good practice Group Policy Portfolio (example): Corporate Governance Policy - Board Procedures CEO Instruction Audit committee Instruction Remuneration committee Instruction Nomination committee Instruction - Policy management Procedure - Risk management and internal control Procedure - Approval Procedure (including approval matrix) Finance Policy - Procedure for financial reporting (Finance Manual) Dividend Policy IT Policy IT Security Policy Intellectual Property Policy Information and Insider Policy Logbook Instructions HR Policy - Employee Handbook (Procedure) Environmental or Sustainability Policy Equality Policy In addition to defined Policies the Group has adopted a Code of Conduct with mandatory principles regarding management and employee behavior. Policy structure Vision & values Vision Mission Values 10

11 11

12 Corporate Governance Policy - example Group Policy Portfolio (example): Corporate Governance Policy - Board Procedures CEO Instruction Audit committee Instruction Remuneration committee Instruction Nomination committee Instruction - Policy management Procedure - Risk management and internal control Procedure - Approval Procedure (including approval matrix) Finance Policy - Procedure for financial reporting (Finance Manual) Dividend Policy IT Policy IT Security Policy Intellectual Property Policy Information and Insider Policy Logbook Instructions HR Policy - Employee Handbook (Procedure) Environmental or Sustainability Policy Equality Policy In addition to defined Policies the Group has adopted a Code of Conduct with mandatory principles regarding management and employee behavior. 12

13 Procedure for Policy Management - example Definitions Roles & Responsibilities Policy (What) Code of Conduct (Principles) Mandatory The Board The Board is authorized approver of Group Policies The CEO The CEO has the right to initiate and issue Policies The CEO appoints owners of Group Policies Instruction (How) Procedure (How) Mandatory Nonmandatory Policy owner responsibilities Ensure: Policy is approved by the authorized approver Policy statement Policy is published and communicated and all redundant or superseded material is removed or withdrawn relevant training activities are developed and performed implementation and compliance of the Policy can be monitored 13

14 Risk management & Internal Control Procedure - example Risk assessment Processes Control matrix (control activities) 14

15 Create Policies Gather information leveraging on existing documents and obtain subject matter expertise. Create draft using defined standard template. Align & Review. The draft is aligned with other dimensions of the Policy Governance Framework. The Policy owner obtains proper feedback from representatives of the intended audience to confirm that it is understandable 15

16 Policy creation procedure - example Create Propose Approve Implement Monitor & Enforce Assess need The need to create or update a policy, yes or no, shall be assessed based on: Existing document not in compliance with the rules of the Policy Framework Changed conditions within the Group Changed conditions in the business environment Gather information Relevant information shall be gathered in order to create a draft Policy by: Leveraging on existing documentation and retrieve other information to support the changed conditions within the Group and in the business environment Identifying stakeholders and retrieve input for BA and Country needs where applicable Obtaining subject matter expertise Create draft Standard templates for Policy and Procedures are mandatory format to use. The standard templates are populated with mandatory headings (incl. instructions) requiring mandatory information and statements to be made when creating the draft. Prepare mandatory coversheet (see Appendix) Align & Review The draft is aligned with other dimensions of the Policy Framework by using the mandatory information in the coversheet Proposed BA or Country Policies should have a consultation with the related Group Policy owners before they are approved or rejected by the authorised approver The draft is aligned to secure compliance with the rules of the Policy Framework document Involve representative from Communication for review The Policy owner obtains proper feedback from representatives of the intended audience to confirm that it is understandable 16

17 Implement Communication activities Training activities Handling of exceptions Local implementation Clean-up activities 17

18 Monitor & enforce 5 Perform self assessments Provide compliance statement Validate through assurance 18

19 Tack! Christer Johnsson Björn Persson 2017 PricewaterhouseCoopers i Sverige AB. All rights reserved. In this document, refers to PricewaterhouseCoopers i Sverige AB which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity.