Company policies guide decision-making and are an important governance tool. Importantly for government suppliers, there are some policies you need in place to be considered government-ready.

Over the years at Sedo, we’ve supported many organisations to develop company policies as part of getting ‘government ready’. We also often get asked whether a company has enough policies, or if we can identify any gaps. 

These are very good questions!

Businesses grow organically, and often the hardest phase is growing to 20 employees. At this stage policies are the last thing you want to think about. However, there are some industry sectors where it pays to think about company policies early, particularly when there are compliance requirements you need to meet, such as OH&S, HR or industrial relations.

If you’re interested in government work, there’s an additional layer of government policy requirements around social, environmental and economic requirements. 

Establishing company policies takes investment – whether that is time, money and/or people. It is therefore important to understand what your business drivers are before you make that policy leap. 

What is policy?

People generally associate policies as something governments do. This is a fair association to make: governments do develop and set policies all the time. Procurement examples are the social procurement framework in Victoria, and the Indigenous procurement policies in Federal and NSW governments. We also hear a lot about policies in the context of agenda setting for politics, especially around elections. 

However, government policies are very different to the types of policies you would implement in an organisation. 

The purest definition of a policy is: 

a set of guidelines to guide decisions and achieve rational outcomes.

An organisational policy in your company is a statement of intent that is implemented, usually as a procedure or protocol. (Depending on how complex the issue is, you may have separate procedures or protocols from a policy.)

Policies usually govern a company and, most importantly, should assist in decision-making. 

For example, a financial delegation policy would state which staff are authorised to spend money or make purchases in an organisation, and potentially what level of spending they are allowed to make (i.e. a project manager has authority to spend up to $10,000 under the purposes of delivering a project). It may also stipulate the process you need to follow, if for example, you needed to make purchases above your limit. You may have a separate document that details the approval/authorisation process, depending on how complex it is! 

For a policy to work, an organisation also needs to understand the resourcing requirements for the policy to be properly implemented and reported against, which includes identifying the role responsible for policy support, implementation, reporting and governance. 

Do you really need company policies?

Business growth can be organic, particularly in the first few years of operation. This means that conscious activities, such as policy development, can be unconsciously disregarded. After all, if your business is operating and growing, there doesn’t seem to be a need for company policies. 

So, why do it? 

Company policies are an important governance tool. As a business grows, particularly in the number of people it employs, the risks and compliance requirements also grow. There’s probably only a finite window of time when staff can get away with making decisions based on undocumented rules and processes or hearsay. 

Policies can also have the additional function of setting overarching business principles, as well as organisation culture (ethics and beliefs). As your company grows, it becomes more important that everyone in your organisation (old and new) understands their roles and responsibilities, and how they can participate and shape the organisation into a workplace they want to work in. 

So, although some businesses won’t have mandatory policy requirements, there is often an expectation from stakeholders (such as investors or buyers) that they do – particularly for larger businesses. Governments especially expect their suppliers to have company policies in place; whether they are part of good corporate governance, for compliance with law/regulation, or simply as part of good business practice. 

Determining what policies you need (the right balance)

So, what are the bare minimum policies your organisation needs? 

The short answer is, it depends! That’s probably not the answer you were hoping for. But once you pull on one thread of the Big Ball of Policy, sometimes the whole ball unravels. 

It can be overwhelming to realise how many policies you could create (or feel you need to create). And one policy often begets another. For example, you might have a policy on anti-discrimination that refers to reporting of discriminatory practices – do you then have a policy on reporting of grievances?

Companies need to find the right balance between ensuring there are enough policies in place to meet expectations and support internal governance, while not overburdening the organisation with too much red tape. It’s not always straightforward.

Your business drivers are the key to determining how many (or how few) policies you need in your business. Organisational policies can be divided into three broad categories: 

• People: e.g. HR, recruitment, culture (diversity, inclusion, equal opportunity, gender equality)…
• Operations: e.g. OH&S/WHS, Finance, Procurement, Risk, data protection…
• Environment, Social, Governance (ESG) or Corporate Social Responsibility: e.g. social procurement, sustainability/environment, ethics, modern slavery, anti-bribery, social media…

We note there can be crossover between these categories. For example, there are likely to be ESG policies that may also fit in with people-related policies. 

The size of your organisation and the industry sector you operate in will also help you determine the set of policies you need in your business. In thinking about what set of policies you need, consider these key questions: 

• Decision-making: What decisions need to be made in your organisation? Who makes them? (Financial delegation and authorisation are a good example of this.)
• Legislation/Compliance: What regulations, laws and/or rules do you need to comply with to operate your business? (i.e. OH&S/WHS, labour laws like the recent labour hire license in Victoria, and revenue-based requirements such as Modern Slavery and Workplace Gender Equality)
• Risks: What is the risk of not having a policy? Can you mitigate a risk by putting a policy in place? 
• Clients: Who are you servicing and what are their policy requirements? (Think about government, financial services or construction industries, they all have different policy requirements.)

These questions should help you to decide what is important for your business now, and as your business grows. 

Most businesses will have policies in place that largely fit under the first two categories (people and operations), because there are legislation/regulations in place that require compliance to some effect (i.e. OH&S/WHS) or because it’s expected in the sector. We often call these core policies.

For example, if you were an IT services company, it is expected that you would have a set of policies around data and privacy, and potentially cybersecurity. Some of these policies will demonstrate you comply with legislation (data protection and privacy), while others demonstrate that you are a safe, trusted and effective organisation to work with.

The government context…

If you want to become government-ready, you need to have core policies in place that govern workplace health and safety, inclusion and equality, and the environment. In most tenders you will find questions on one or more of these policy aspects. Code of conduct and ethics is also becoming important, as government looks to address probity and conflicts of interest in procurement.

Increasingly, government is also asking questions that relate to your social procurement activities. There may also be industry specific requirements, such as designing for climate change or quality management approaches for engineering services. 

Just like any government engagement, it’s important to do your homework. If you want to work with government, research that department or local government area. Understand their policy priorities and match that to your policy environment. 

If government wants you to have a policy requirement that your business can’t readily support at present, think about how you can plan to achieve that over time. Having a plan will stand you in good stead when you engage with government.

Establishing a suite of company policies from scratch is not an insignificant task (and by now you might be wondering how to go about it… But that’s a whole other topic). However, investing resources in this activity will increase your chances of working with government, while providing good governance of your organisation.

Jade Leong