How Effective Policy Built
Sometimes we found that policy might contradict each other. For classic example is security vs complexity (comfort), the greater security is the more complex, which most of people does not like it. Company might build policy of security and policy of access speed which contradictive each other. To solve this security policy (as there is interaction with human) is no specific solution, some company use force (e.g mandatory use of password), some company use government regulation, some realistic just follow the trend. All the choice is realistic and can be done. But there is scientific method to choose which the most effective security control, from survey, develop biometric or campaign. There are a great practical knowledge of this issues.
Another example is policy of business growth vs regulatory compliances. Regulatory in this case can be internal company or government regulation. Internal company is the most complicated, since its build internally and subject to modification by internal. My experience as auditor, we usually in the position that contradict between the need of company to growth vs implement control which restricted growth. A lot of people does not like audit, just like they dont like HR. A function that main roles is to restrict something.
It goes the same with energy vs environment, thing is contradict. The same as auditor, environment see about future and risk that might be happened. So there is hypothesis that there will be a condition that contradict each other, a condition that ineffective policy might happened. This case can be found in several scenario, for example:
- CEO Level, growth policy (reach 30% growth with only 10% additional workforce, reach 30% growth with 100% level of compliance) the translation of this policy is difficult in the lower level implementation, sometimes it need an excuse, which debatable.
- Department Level, attendance policy (HR mention 9.00 AM should arrive at office, Marketing Manager mention that should be at client office which start at 10.00 AM). In that case, we need to build principles based on justice or equality (e.g KPI each dept is the most important not the time attendance, or sense of belonging is more important)