Policy & Procedure Management by Design, NEW YORK CITY

Blueprint for an Effective, Efficient & Agile Policy Management Program

Workshop Abstract:

In today’s hyper-connected and rapidly evolving business environment, policies are the foundation of organizational integrity, culture, and control. But most organizations struggle with fragmented, inconsistent, and outdated policies that create exposure — not protection. Policy mismanagement is no longer a back-office nuisance; it’s a governance, risk, and compliance (GRC) failure waiting to happen.

Policy Management by Design delivers a structured, strategic, and scalable approach to policy governance. It defines how policies should be developed, maintained, communicated, and enforced in alignment with the organization’s values, risks, objectives, and regulatory obligations. This workshop equips attendees with the blueprint to design and implement a modern, enterprise-wide policy management architecture — one that is responsive to regulatory change, agile in times of disruption, and deeply embedded in business operations.

Policies must be in place so the organization can:

• Reliably achieve objectives
• Manage and control uncertainty
• Uphold ethical values and behavioral expectations
• Safeguard people, processes, and systems
• Comply with legal, regulatory, and contractual obligations
• Defend the organization in times of scrutiny or litigation
• Build and reinforce a culture of integrity and accountability

Yet policy management today is often ad hoc, uncoordinated, and misaligned with how the organization actually operates. Many organizations lack a clear inventory of current policies, operate with conflicting documents, and face the growing risk of rogue policies authored without oversight or legal review — all of which can create unintended legal duties and reputational harm.

The complexity of modern organizations — across jurisdictions, business units, and third-party relationships — demands an intelligent, integrated, and orchestrated approach. This includes policy standardization, clear governance, consistent voice, and digital traceability. It also includes tracking attestation, linking policies to risks, controls, and issues, and adapting policies dynamically in response to regulatory and operational change.

This hands-on, interactive workshop provides the methodology, tools, and peer collaboration needed to design and scale a robust policy management program — whether at the enterprise level or within specific departments.

---

Workshop Objectives

Attendees will take back to their organization practical approaches to:

• Define a complete lifecycle for managing policies
• Establish governance, ownership, and accountability for policy content
• Standardize policy format, language, and metadata
• Communicate and embed policies across business units and third-party relationships
• Track policy attestations and comprehension
• Deliver targeted training linked to policies and roles
• Monitor policy metrics and conformance
• Identify policy gaps, inconsistencies, and misalignment
• Map policies to objectives, risks, obligations, controls, and incidents
• Build an integrated policy information and technology architecture

---

Benefits to Attendees

• Understand how to build a policy management lifecycle that is sustainable and responsive
• Implement a governance framework that aligns policy authorship with business needs and compliance expectations
• Explore technology enablers that support automation, distribution, and tracking of policies
• Design a policy environment that reinforces culture, accountability, and operational performance
• Improve visibility and control over policy content, ownership, and effectiveness
• Build the business case to support investment in policy management improvements

---

Who Should Attend?

• Chief Compliance Officers
• Chief Risk Officers
• Ethics and Culture Leaders
• Legal and Corporate Counsel
• Policy Managers and Administrators
• Internal Audit, HR, and Operational Risk Professionals
• Anyone responsible for policy oversight, authorship, distribution, or accountability

---

Workshop Agenda

Part 1: Policy by Design – Why Policies Matter

• The real-world impact of policy failures
• The role of policy in governance, ethics, risk, and compliance
• Policy chaos: what happens when organizations lack control
• Case studies of successful policy governance

Part 2: Policy Governance – Blueprint for Oversight

• Building a policy committee and collaboration model
• Drafting a Policy Management Charter
• Writing a “Meta-Policy” – the policy on policies
• Creating a style and voice guide for consistency
• Interactive peer discussion and framework application

Part 3: Policy Management Lifecycle – From Creation to Retirement

• Determining when a policy is needed (or not)
• Authoring, reviewing, approving, and maintaining policies
• Communicating, training, and tracking comprehension
• Managing policy exceptions and monitoring compliance
• Measuring effectiveness and updating the policy portfolio
• Interactive exercises with sample policy scenarios

Part 4: Policy Management Architecture – Orchestrating Information & Technology

• Designing the information architecture to connect policies with risks, controls, and compliance
• Evaluating and selecting technology architecture to automate and scale policy workflows
• Building the business case for investment in policy GRC technology and process
• Final discussion and roadmap building

---

This workshop empowers you to create a policy management framework that is adaptive, defensible, and aligned — a blueprint for ensuring that your policies do what they are supposed to do: guide decisions, support integrity, reduce liability, and build organizational trust.

GRC 20/20 Presenter . . .

Michael Rasmussen is an internationally recognized authority, thought leader, and pioneer in the disciplines of governance, risk management, and compliance (GRC). With over 30 years of experience, he is globally known for defining and shaping GRC strategy, processes, and technology. In February 2002, while at Forrester Research, Michael developed the concept of GRC — establishing the foundation for how organizations approach strategy, process, and technology in today’s complex business environment. For this, he is widely acknowledged as the “Father of GRC.”

A trusted advisor to boards, executives, and professionals around the world, Michael has dedicated his career to helping organizations design and implement effective GRC strategies that are aligned with business objectives. His work empowers organizations to be more effective, efficient, resilient, and agile. He is a sought-after keynote speaker, author, and advisor, with his thought leadership influencing legislation, regulatory frameworks, and corporate best practices globally.

Michael is the host of the Risk is Our Business podcast, where he leads conversations with global experts exploring the evolving frontiers of risk, resilience, and corporate integrity.

Workshop Host . . .

At COMPLY, we pride ourselves on being the champion for compliance professionals. Through technology, consulting and education, we help clients navigate the ever-changing regulatory environment, end to end. Our deep industry expertise – which includes expansive knowledge in technology enablement and regulatory compliance protocols and processes (SEC, FINRA, FCA, State) – supports more than 5,000 clients in more than 60 countries, including investment banks, private funds (including private equity firms and hedge funds), broker-dealers, registered investment advisers, insurance, and other financial services firms.