To make a decision you need information and you can only make a decision about the present or the future. Making a decision about how to handle a past event is still a decision about the future.

Information  has six attributes. It  must  be relevant, accurate, timely, supported, accessible, and complete.

64 edit

Different personality types will make a  decision based on  different percentages of information. A good decision-maker will make a decision when the time is right, even if they have incomplete information, as long as the information they do have is relevant, accurate, and accessible. These  types of  people  are  rare. More  frequently, organisations get bogged down as the business waits for decisions to be made and the decision-makers request an ever-increasing amount of information.

Getting the decision right is important because bad decision-making is the most expensive activity in a business. Not making a decision is equally expensive.

The    question    therefore   becomes:   “How    do    you    accelerate decision-making whilst devolving it to the lower levels of management yet still maintaining the quality of the decisions made?” One  way to do this is to provide the manager with pre-vetted decisions. This way they only need to use their judgement about which decision best fits a specific set of circumstances. This could substantially reduce expenses in a business, but for most businesses this is wishful thinking.

The concept of judgement support was first introduced to me by Russell Swanborough. He  explained that  decision support  is the  process of providing information to assist in decision-making. Judgement support is the process of providing a selection of suitable decisions for a manager to choose from in order to find the best one for the specific business circumstances.

Industries that get judgement support right are those that use statistics as a core competency, for example, insurance companies. If you call up an insurance company and ask for cover they will vet your profile against the “bell curve” and offer you cover accordingly. They take almost zero interest in you as an individual and the call centre operator cannot make a decision on your personal circumstances. All they can do is guide you through the screening process and then offer you predefined choices of cover. They can use their judgement  as to which cover is best for you.

To implement judgement support into the lower levels of the business requires the business to know what decisions are being made in the first place.

There are two types of decisions that  get made in a business where judgement support can be applied. The first is before a process starts and the second is at each decision point within the process.

Consider the following process.

22 (2)

The process has three decisions in it. Each decision creates a different path and each path has a different cost to serve. Consider the following table.

Cost to Serve

Following path 1 is the most cost-effective processing sequence. It also carries the highest volume.

Path 1 is shown.

Process sequence2

Every time the sales clerk transacts the process they are faced with the same decision. Depending on the decision they make, the cost of the process either remains at $100 or increases to $200 or $300 or, worse, the process is not completed at all.

A bad  decision is therefore an  expensive decision. To  mitigate bad decisions the sale clerk could be given a set of parameters to which they would have to adhere. They can make any decision they like as long as it is within these parameters. The assumption is that the suite of decisions that make up the parameters is known and accepted and would always ensure path 1 is followed, irrespective of the particular decision made.

If they wished to move the sale down path 2, then they would require approval, or they may have to ensure the sales process meets a more rigorous set of sales parameters.

The idea is to recognise that the decision is a key point in the process in that it directly impacts gross margin. Making the wrong decision could result in the sale losing money.

The other point in the process where judgement support can be applied is at the start. Before the process is triggered, the supervisor can use their judgement to commence work or not. If the process cannot be completed on path 1, then it may be preferable not to start work at all. The supervisor should be provided with clear criteria about when to commence work and when to pause the process. They then use their judgement to evaluate if the incoming work meets either criterion. What they can’t do is to decide that they will commence work anyway, knowing that it cannot complete for whatever reason.

Technology can also be used to implement judgement support. Solution sets such as Business Process Management can be configured to ensure the process follows the “bouncing ball.” This means that  the process worker has to deal with the screens in the order that they are presented. Any decision they will need to make should have already been configured into the process and it is predetermined when those decisions will present themselves. Only at these times can the process worker use their own judgement  as to the best way to proceed.


One of the greatest challenges for any company is the execution of strategy or the realisation of benefits from the implementation of large change programs. Frequently, the reason isn’t organisational resistance to change, a difficulty that is commonly referred to. Rather it is for a more serious reason: managers and management teams focusing dogmatically on what they are doing rather than what they want to achieve. This causes managers to narrow their thinking and, in effect, operate at a more junior level. They “can’t see the wood for the trees” and the return on investment from their time is diminished.

The more senior a manager, the more they  need  to  work  within  a team to achieve the business objectives. Irrespective of how siloed the organisation is, the silos have to come together eventually. The lower in the organisation that this cross-departmental engagement occurs, the better.

A major inhibitor to  cross-departmental  engagement  is  the  absence of common purpose. Frequently managers believe they are working cooperatively but when pushed they have difficulty explaining the interdependencies between the initiatives they are all working on. This is because they are working towards completing initiatives, rather than delivering outcomes.


Initiatives are the activities managers and staff are engaged in. Outcomes are the result of one or more initiatives.

Consider the technology salesperson. Their role is to approach prospective customers and convince them that their technology solution will improve the prospects’ business operations.

For example, a CRM (customer relationship management) salesperson will state, “Buy my CRM software and you will have happier customers and improved revenues.”


Anyone who has implemented a major piece  of  software  will  know how flawed this scenario is. The truth is that once you implement a technology solution, all you have is a database of names and files.


To achieve the benefits promised by the CRM salesperson, the company must implement a range of complementary initiatives. The collective output of these initiatives will deliver the desired outcome.

BOM 44

The approach of interlinking initiatives and outcomes is known as Business Outcome Management. It is fundamentally different from traditional approaches to project planning in that the emphasis is almost entirely on the outcomes required.

The principle is the same as it is for ball sport players in the sense that it is better to be where the ball is going to be rather than where it is.

Business outcome management is a methodology that assists management teams to establish a common purpose. It  produces  two  deliverables. The first is a two-dimensional mind map that graphically displays the outcomes and initiatives and the second is a document that transposes the map into a business plan.

The importance of having a two-dimensional mind map cannot be overestimated. When discussing the importance of business outcome management with my clients they generally point to a range of documents or a single thick document and say they have it covered. At this time I ask them what the relationship is between their various documents, or how page x relates to  page  y  in  a  single  document. The point is that documents are “three-dimensional,” making it exceptionally difficult to know or visualise the multiple many-to-many interrelationships that exist in a single document, and between documents.

A two-dimensional mind map surfaces the interrelationships  and explicitly reveals how a single business outcome is dependent on multiple initiatives. It highlights relationships that are not immediately obvious in a document. The following is a simple example of the concept. Initiatives are represented as a square and outcomes as a circle. Risks can be included as a different shape.

300 (3) small 4

The graphic details the basics of implementing a change program. The entire “island” is labelled change management.

For larger projects and programs of work, the map will comprise of multiple “islands,” each representing initiatives and outcomes of similar intent and strategic focus. They provide  an  additional  dimension  to the map and assist the process of aggregating the relationships found in traditional documents into an easier-to-read format. Each “island” is labelled to provide context for the outcomes within the island, and collectively these labels are the executive summary of the program of work. Each island will have its own owner, a manager who is responsible for ensuring all the outcomes in the island are achieved.

800 (3)

Initiatives are written in the format: verb/noun. For example: “document the business process” or “administer  a  customer  survey.”  Outcomes are written in the past tense. “Staff morale has improved” or “customer requirements are understood” or “shareholder value has increased.” Using the past tense is important as it assists managers to clearly articulate the desired outcome.

Focusing on achieving the outcome encourages the manager to avoid tackling a project with a checklist mentality, as it is almost impossible to document all the initiatives required to achieve an outcome.

If you were focusing on initiatives you would work on “review and agree upon the business plan” and once completed you would consider that the business plan was reviewed and agreed.

3 copy

However, if you take a broader view, then you could only consider the business plan to be “reviewed and agreed upon” once all the indirect contributing initiatives were taken into account.

The indirect initiatives that contribute to “business plan reviewed and agreed” are:

  • Induct work package resources in project approach
  • Agree activities in scope and document approach to each
  • Establish change management program to mitigate risk
  • Review and agree risks to project
  • Agree approach to business planning
  • Socialise business planning approach
  • Prepare business plan
  • Review and agree business plan

These initiatives are part of two different strategic groupings (islands) but they all still contribute to the outcome and the manager who is signing off the business plan will expect to see contribution from all of those initiatives.

700 (3)

An important insight is that if a decision is made to delete or not complete an initiative, the impact of its absence can now be traced to those outcomes that relied on the initiative being successfully completed.

To prepare a business outcomes roadmap requires a workshop of four parts.

Part one is to agree the “endgame”—the flag on the hill. This is the medium-to-long term objective for the company or, if it is for a major project, then it is a statement of what the project will achieve. It should be a “big statement” but equally one that is achievable.

Example: “A culture of delivering excellence is implemented and a collaborative unified management team that is the envy of the industry is established.”

The second part of the workshop is to discuss the current issues facing the business. This is because managers and staff frequently cannot discuss the future without first explaining the problems they face in doing their job. You have to give them the chance to “put their baggage down.”

Part three of the workshop is to capture intermediate outcomes, those outcomes that must be realised in order to achieve the end game.

Part four is to capture the initiatives collectively required to deliver the sub-outcomes.

The methodology for collecting the data is important and it starts with the room selected for the workshop. The room should be set up without a table and the chairs should be arranged in a semicircle or similar. This assists people to “open up” in the workshop.

Each person is given a felt-tip pen with a broad point and a pack of post-it notes. Part one of the workshop can be completed on a white board through normal facilitation techniques.

Parts two to four will follow the same approach. The facilitator requests that the participants write one issue, outcome, or initiative (depending on the session) on a post-it note and to keep producing post-it notes until they have exhausted everything they have to say on the topic.

While the participants are writing down their thoughts, the facilitator should walk between them collecting the completed post-it notes and placing them randomly on a wall or window. As the notes are placed, the facilitator should read aloud a selection of the notes. This will stimulate the thinking of the participants.

When everyone has written down everything they have to say, and the facilitator has stuck all the notes on the wall, then the participants will be asked to sort the notes into groups. The rule for this part of the workshop is that the participants must work in silence. They cannot discuss their thoughts on the grouping. Once everyone is happy, the participants take their seats. At this time the facilitator will review each group and agree on a title for the group. These groups will later influence the “islands” in the mind map.

When all three mini workshops are complete, the workshop is over.The facilitator types up the workshop and prepares the business outcomes mind map. This will include de-duping the lists. The issues list does not make the map. Rather it is used to validate that everything that is included in the map will address the issues. Microsoft Visio is a good application for preparing the mindmap.

An important feature of this approach is that the outcomes are collected independently of the initiatives. This means there is no direct link between the outcomes and initiatives. When the map is prepared, the author must draw their own conclusions on which initiatives are related to which outcomes.

Once the map is prepared, it is critiqued by all or a subset of the participants from the original workshop. It may take two or three iterations until the map is agreed upon by all.

Viewing the map for the first time can be quite confronting for the participants. The best personal example of this was when I presented a map to a group of executives in the aviation industry. When they first saw the map, the room descended into chaos as each manager tried to find their department or function in the  map.  When  they  couldn’t, they turned on me. I explained that each of their functions was spread out through the map and that they had to work as a team to deliver the endgame. It was a significant moment and once the emotion died down, they really embraced the concept. Later the managing director wrote to me to say that they were 27% up on the budget as a direct result of the workshop. He was ecstatic.

Once the map is agreed upon, it needs to be turned into a document. This document has two parts.

Part 1 focuses on outcomes and part 2 on initiatives. The layout is as follows.

For outcomes:



The idea is to list all the initiatives that contribute directly or indirectly to each outcome. The “person accountable” refers to the outcome, not the initiatives.

For initiatives:

600 (2)

This table relates all outcomes to a single initiative. This is important as it informs the owner of the initiative about which outcomes are dependent on their activity being successfully completed. The R.A.C.I. table describes who will own the initiative (accountable), who will deliver the initiative (responsible), who will contribute to the delivery, and who should be informed of progress.

This is a powerful methodology and the results will improve with practice.


One of the great projects I had the opportunity to work on was the IBM consultancy to Mercedes-Benz South Africa. The project managers did everything right. At the start of the project they took the time to properly establish a  project team  comprising of  MBSA and  IBM  staff. This included classroom training for the team to ensure a common approach, team-building activities and engaging with the client. This foundation ensured that the project was enjoyable and rewarding. The hours were long as is normal on a consultancy but nobody seemed to mind.

The  end of my involvement on  the project correlated well with my move to Australia. I made the final recommendations presentation to the MBSA executive team and two days later I moved to Australia. The presentation had gone very well and I was on a high.

Once I found my feet in Australia, I reapplied to IBM to join the local consulting practice. My application was accepted and I was soon on the projects. The problem was that the projects were not MBSA. The teams were new, the  objectives were different, and  the  project culture was different. In short I was unhappy and I quit. On the MBSA project I had been part of a high-performing team, established over months of focused project work. I mourned for what I had left behind.

As a consultant you are expected to move from project to project without difficulty, and I do it today without thought. What made the MBSA experience different is that I left it at the high point. I had delivered a successful final presentation and walked out of the boardroom, out of IBM and out of the country. I took no time to celebrate success with my colleagues. No time to debrief from the project and no time to bring closure to my role.

 My experience provided me with firsthand practical insight into  Dr. Bruce Tuckman’s model on teaming. Dr. Bruce  Tuckman   published  his  “Forming  Storming  Norming Performing” model in 1965. He added a fifth stage, “Adjourning,” in the 1970s. Tuckman’s model explains that as a team develops maturity and ability, relationships establish, and the leader changes leadership style to further the team’s evolution. He or she begins with a directing style, moves through  coaching, then  participating, then  finishes delegating and ends with a style that is almost detached. At this point the team may produce a successor leader and the previous leader can move on to develop a new team.


The adjourning stage is also referred to as the mourning stage, when team members mourn for the high performance  “hellfire” days of the project and the camaraderie of the project team.

This final phase is frequently not recognised as important or, at best, is poorly managed. As professionals, managers are expected to “just deal with it” and keep their problems to themselves. As I found, this is not that easy.

Once I had lived the experience, I began to see it all around me. I met many senior executives who were put in charge of large business improvement projects within  their  company,  and  who  resigned after  the  project completed. Not immediately after the project, but within a reasonably short time of the project end. For the company, this is a problem, as frequently these projects are part of the manager’s succession plan.

The more I saw it, the more I took an active interest in the problem and, through discussion and observation, concluded that the primary cause was one of exposure.

Prior to commencing the project, a manager will have been working in their normal role, dealing with the daily routine expected from that role. They would have known where the role started and ended and what the limits of their authority were. They would be diplomatic with their colleagues, preferring to worry about their own role and allowing others to do the same in theirs. 

When  the  manager is  taken  out  of  their  routine  and  placed in  a senior project role, the rules change. No  longer are they confined to the boundaries of their position. No  longer do the rules of business diplomacy prevent them from enquiring about why their colleagues are doing what they are doing; in fact, they are now expected to investigate the way their colleagues work.

Driving a large business improvement project gives them licence to ask questions of the company and to review material they would not typically see in their daily role. Through the project they are exposed to the “soul” of the company. They are exposed to  the inadequacies of the senior managers. When you look into the soul of a company, you cannot forget, you cannot “un-see” what you have seen. You cannot go back. The firm assumption that  senior managers know what they are doing becomes less firm.

As a project lead, they are expected to think strategically and consider the big picture. This can be vastly different from their previous role as a silo manager.

When the project is over, it is almost impossible for the manager to return to their old position. They have just spent six months or more working harder, longer, and  with more freedom than  they ever had before. They have had almost unlimited access to the executive team.

In short, they are no longer the same employee as they were when they started the project and it is foolhardy to expect them to forget and return to the comparatively bland existence of their previous routine. If they are asked to, they quit.

There is an equally dark flip side to this issue. As the manager grows in confidence through the project and develops their insights into the company, they become a threat to more senior management who don’t want their “dirty washing” exposed and don’t want the manager getting ahead of themselves. The end result is that the manager is forced out of the company.

To address the issue and to save the skills within the company, senior executives  need to create a new role for the manager coming off the project. Invariably this requires that the company find or create a suitably senior role that allows the manager to come “back into” the company whilst respecting the journey of discovery  the manager went through over the course of the project. It  is important  to  recognise that  the manager who led the project is not a professional project manager and frequently they wish to keep their line management career intact.

The same issues exist for more junior staff members seconded to projects to work with consultants, either as subject matter experts or as a general project resource. These employees are also exposed to company details they would not normally see and witness or participate in conversations with the consultants that discuss the failings of the company. Under the influence of this often negative messaging, they start to see their managers in a different light. They will also start to work longer hours than their colleagues. As an individual, they will grow in confidence and as part of a team, they start to “perform.”

Project staff do not expect to get promoted when a project ends, but they do expect to be recognised for their contribution and to this end it is important to hold structured celebratory events to recognise the project and individual efforts. Failure to recognise an individual’s  contribution will almost certainly cause the staff member to  become disillusioned with the company. They will feel as if they have become an expendable commodity and not a valuable contributor to the company.

It is unlikely that they will resign, but it reasonable to expect that they will be less engaged with the company. This feeling of isolation can be amplified if the project has caused them to drift apart from their colleagues. Before they could gossip and share information. Now that they have had  access to  confidential information, they cannot  share information and invariably this creates distance between themselves and their colleagues.

There is no easy remedy for this problem. The most successful mitigation strategy is to agree the post-project role description for the employee before the  project starts. The  new role should stretch the  employee more than the project did. In this way they will rely on skills they learnt through the project and will not have time to mourn the end of the project. Done well, the employee will hardly notice the change.

An equally viable strategy and similar to  the above, is to  ensure the employee has a structured succession or  career development plan in place. This plan should supersede the project enabling the employee to contextualise the project as part of their greater development program. In this case, it is expected that the employee will come off the project requiring  less structured  support  for  their  re-assimilation into  the business-as-usual routine. Their period of mourning should be reduced but it is unlikely to be removed altogether.

Both of these strategies will be of immense benefit if the company works with the consultancy from the beginning to agree how the consultants should  develop the employee. This  will includes activities such  as allowing the employee to deliver important presentations through the course of the project.

In closing, I note that the above observations and strategies are general in their nature and will assist executives  and managers to retain staff, but when it comes to human nature, each person is different and has different needs. Those staff who are in “deep mourning” will require a re-assimilation strategy personalised to their specific needs.


Last year I published an article on Governance and a number of people wrote to me, critiquing the article over its failure to adequately include risk as a separate item in the frameworks I was using. Their point was that while risk management is an integral and mandatory discipline for executive management and company directors, it is sufficiently important for it to be addressed as an item in its own right.

I agree with this point of view but am not convinced that risk management is something separate from the day to day running of the business. To be fair I don’t think the people critiquing my article intended that risk be separated from the business; rather their view was that it is a specific discipline and it requires special emphasis in the business. This is particularly true as the operational time horizon shifts from tactical to strategic for the more senior levels of management in the organisation. This includes directors.

At the senior levels, the strength of the focus on risk is so strong that risk is frequently governed through a stand-alone committee (risk or risk and audit committee) or through a specialised role such as chief/senior/global risk manager.

The problem is that best practice (of any sort) embraced at senior levels, frequently does not filter down to the operational level. And when it comes to risk management this schism remains unchecked by the advisory community (consultants etc) and tactical risk plans seldom, if ever, adequately reference the strategic risk frameworks that are used at the senior levels in the organisation.

The majority of the tactical risk management plans comprise of the same elements; Identify and Assess, Evaluate, Manage and Measure.

Risk methodology

While the verbs may change from model to model and author to author, the intent remains consistent between the various models.

The standard approach at the tactical level is to hold workshops to identify and assess and evaluate the risks facing the business or project. Comprehensive lists of risks are produced.

My view is that these workshops fall foul of the principle that – you don’t know what you don’t know – and it should be expected that important risks will be missed. This is the risk of risk management.

It is impossible to remove the problem of, you don’t know what you don’t know, but it is possible to mitigate it if you change where you start, and you don’t start with Identify.

My recommendation is that the preparation of a tactical risk management plan should start with an articulation of company culture and a reaffirmation of the risk appetite of the business. Risk appetite can be defined, as the nature and extent of risk a company is willing to take in order to meet its medium to long-term strategic objectives. To have clarity on risk appetite, demands that the business understand exactly what business it is in and whether the business strategy is aligned to the business itself. For example, the major food retailers are not really in the business of selling food. Rather they are in the treasury business. Every day they collect millions in cash deposits and therefore have no problems with accounts receivable. On the other ‘side’ they pay suppliers slowly. Their true business is to invest and grow the funds in between.

Confirming there is a common understanding of the company culture is important. The simple definition of culture is – the way we do things around here and the risk appetite should be aligned to the culture. Obviously a high risk appetite will not fit a company with a highly conservative culture.

Risk appetite is different to risk tolerance in that risk tolerance defines how much of each risk type the business will accept. It is the risk parameter for each risk type. Risk tolerance allows the risk appetite to be broken down into measurable components.

Risk appetite

I am not suggesting that the team preparing a tactical risk management plan should start with redefining the culture in the company. Rather they should make sure that everyone agrees what the culture is and make sure they fully understand the risk appetite and associated tolerances for the business.

At the tactical level, the ‘Identify’ activity then becomes an exercise in aligning identified tactical risks to the short-term tolerance levels. This will ensure the tactical risk management plan is aligned to types and areas of risk the company is willing to embrace as risk tolerance is informed by risk appetite. It also encourages the completeness of thought around tactical risks. A quick review for ‘widows and orphans’, between the tolerances and the tactical risk plan, should quickly identify missed or non-aligned risks.

Using risk tolerance means that you already have the parameters for your risk model. This does not mean that the parameters at the tactical mirror those of the strategic level, but there should be some obvious alignment.

From a risk management point of view you are now in a strong position to identify and assess, evaluate and manage risks.

The manage step can be complex and the title is misleading. A more fitting title would be ‘Protect’ as in how does the company protect itself against risk. There are three primary defences:

  1. Self-insure
  2. Transfer risk – external insurance
  3. Reduce it. Operational response


These three choices should be used concurrently. The weighting between each ‘protection’ option is determined by the risk appetite, the specific risk under consideration and the time horizon associated with that risk.

By way of example, consider reputational risk. There is little point taking internal or external insurance against reputational risk as once it manifests you can’t undo it. You can’t un-sink a cruise liner or un-crash a crashed IT server. Insurance money will help pay for the PR campaign required to rebuild the reputation and other associated costs such as liability payouts or consequential legal fees. But these are different risks, not reputational risk. When it comes to reputational risk, prevention is the preferred option. The same applies for employee safety.

The concept of risk prevention is also a misnomer. You do not want to prevent risk as to achieve anything in business requires a certain amount of risk. To prevent a cruise liner sinking you would not go to sea. Rather the intent of risk management is to reduce risk in terms of frequency, likelihood, and consequence. That is, reduce the frequency of having to face the risk, the likelihood of the risk materialising and the impact to the business should it materialise.

Self-insure and risk transfer are predominately financial decisions and will not discussed further.

Effective risk reduction comes from using an appropriate risk framework and relating it to the business processes and to the control points within the processes.

Linking risk to process

This model extends to reference the process manager and the process owner should these roles be different.

The importance of relating risk to process cannot be overstated. The definition of risk appetite is ‘the nature and extent of risk a company is willing to take in order to meet its medium to long-term strategic objectives’. You have to take risks to be in business and the products and services of the business are delivered through the business processes. Therefore risk and business process can never be separated.


Recently I was asked what I considered to be the difference between rules and policy.  I gave my stock answer – rules cannot be changed, policy can. There was a group of people listening and they almost unanimously said – “what, of course you can change a “Business rule”.

I went on to defend my position by stating – you can repeal a rule and issue a new one. The original rule has not changed; rather it is no longer in force. A new rule has been issued and it is separate from the previous rule. Conceivably the original rule can still be reissued and both rules will be in force at the same time.

Policies by contrast can be changed and the ‘edges’ of policy are not as defined as a rule.

Policy and rules are similar in that they both set out to guide behaviour. They differ to the extent that they allow the individual to make the final decision as to how they will behave.

The key attribute of a rule is that is must be precise. You are either complying with it or not.  Consider the rule – you must stop at a red traffic light. There is nothing ambiguous about this rule. You either stopped or you didn’t. You are not allowed to interpret the rule. When the fire alarm sounds above your desk, you do not get to decide whether you leave or not; you get up and go. (I admit that when it comes to fire drills, I frequently break this rule).

Policy is often written up in an equally prescriptive manner. Most companies have a policy on bribes along the lines of; no employee will accept or offer a bribe. This statement is as prescriptive as a rule. In fact I would call it a rule that is frequently called policy.

Policy sets the parameters that define how you will behave in a given situation.  An example; staff are permitted to dress in business casual on Fridays. This policy does not explicitly define what business casual is leaving it up to the individual to decide what is appropriate.  A further example is – sales managers may spend $XX a month on business expenses. The policy does not define how the allowance should be spent, or on what.

In both examples, it is assumed that the individual will – do the right thing- and will behave in accordance with the values and objectives of the company. With rules, this freedom is removed and the individuals’ behaviour is prescribed.

This distinction is important when establishing organisational procedures. A procedure tells you how to do something. Typically a policy covers the entire procedure and provides the parameters of permissible decisions on what’s appropriate behaviour when executing the procedure.  Rules generally apply to specific tasks within the procedure and cannot be interpreted.

Despite the implication of the oft used phrase – policies and procedures – both policy and rules exist separately from procedures and have a one to many relationship with procedures. This means that individual policies and rules can be associated with multiple procedures and procedural steps respectively.

Establishing rules is reasonably straightforward as the language of rules is ‘native’ to managers. We are all comfortable expressing constraints on behaviour in terms of single statements. “You will….”, “You must…”, “You cannot….”. Even when we intend to establish policy statements we typically express them as a rule.

There is no easy methodology for establishing policy.  As a guideline, the role of policy is to:

  • translate values into operations
  • reinforce compliance with legal and statutory responsibilities
  • set standards, and
  • improve the management of risk.

A good place to start is with rules. Write down the rules that will apply to the area you wish to establish policy for. Then bundle similar rules into groups. These rules become the parameters of the policy statement. Read each rule in a group and write a business statement that covers all the rules in that group. This is your policy statement. Given that the statement is trying to cover all the rules in the group, it will by necessity, be appropriately vague.

Another method is to take a specific problem area in the business that you wish to manage with improved policy and establish a table that aligns policy with procedures and rules. Having these three items in one table quickly surfaces issues where policy is written as a rule and rules as policy.

By way of example.

The business issue is to reduce the risk of poor decision making on tender submissions.

Policies and Rules table (3)


The first policy statement uses the word ‘accurate’. This is a relative term. The rules define how accuracy should be interpreted.

The second policy statement uses the word ‘complete’. This is also a relative term. The rules define how completeness should be interpreted.

Completing the table should deliver relevant and useful policy statements.

In closing I will say; the real difficulty is managing the policies and rules once they are published. The last column in the table is ‘consequence’ … when it comes to rules and policy, if you are not prepared to manage them, do not bother establishing them.