P&P Policies and Procedures Consulting
P&P Policies and Procedures Consulting

Subscribe to
The Policies & Procedures Authority Newsletter

The Policies & Procedures Authority – The newsletter about the art of transforming workplace learning and performance through Policies & Procedures Communication

Auditing and Enforcing Compliance with Policies & Procedures: Who Is Responsible?

– Raymond E. Urgo


To what extent should a policies and procedures (P&P) group or practitioner be involved in auditing and enforcing compliance with P&P information?

Advice in short

Auditing and enforcing compliance with P&P content should not be the responsibility of a P&P group or included in the job description of a P&P practitioner. However, the charter or job description may state that P&P practitioners are responsible for supporting compliance efforts.

Auditing to compliance

Auditing for compliance with P&P is the responsibility of the owner of the specific content. P&P practitioners may be responsible for supporting the needs, formulation, documentation, and training of P&P about auditing practices and enhancements of the P&P as a result of auditing requirements. Some organizations may train members throughout the organization to assume the part-time or temporary role of internal auditor in preparation for an outside audit, independent of their normal duties. In these instances, P&P practitioners can also assume the role of internal auditor, but independent of and in addition to their involvement in analyzing, communicating, and training the policies and procedures.

Responsibility for enforcing compliance

Enforcing compliance with policies and procedures is the responsibility of the owner(s) of the P&P content domain or business practices. For example, the treasurer may be responsible for enforcing compliance with P&P about finance practices, and the head of human resources may be responsible for enforcing P&P about human resources practices. In these instances, the documentation of the practices may have been prepared and continue to be maintained by the content owners from the individual departments—with the assistance of the P&P group. However, the P&P group could and perhaps should be involved in supporting compliance enforcement by assisting in the implementation, including training, of new and revised P&P. The group should also monitor (not audit) the emerging compliance needs to update and maintain P&P as the organization evolves.

Exception: Compliance with P&P for P&P

One exception is that the P&P group is responsible for enforcing compliance with the P&P about the organization’s P&P. The P&P group is the owner of the P&P for P&P—an often forgotten fact. As owners of such practices, such as the process, standards, and sign-offs for the development and maintenance of P&P information for the organization, the P&P group is responsible for enforcing the specific practices.


The P&P group’s role is to support audits and compliance efforts—not to do the audit and enforce compliance. The administrative owner (and sometimes author) of the P&P information is responsible for any audit, as well as compliance enforcement.

Contact Urgo & Associates today to explore how policies and procedures communication can transform your workplace learning and performance needs.