Do This, Not That: 5 Essential Risk Policy Drafting Tips

By Melanie Lockwood Herman

This week I’ve been busy helping consulting clients and Affiliate Members make sense of (and hopefully improve!) an array of longstanding risk-themed policies, from employee handbooks to vendor contracts and risk-scoring frameworks. In between writing and re-writing, I was able to finish an insightful book that I mentioned last week, Essentialism: The Disciplined Pursuit of Less. Several of my takeaways from the book came to mind as I pondered the perennial problems that plague organizational policies, standard operating procedures, and risk pronouncements. Below are my 5 tips to fix what’s wrong with these vital—but often problematic—policies and practices!

1. Less is More.

In Essentialism, Greg McKeown explains that an “Essentialist” believes that “making things better means subtracting something” and also “eliminates the distracting words, images and details.” This is powerful advice for risk leaders asked to craft messages, directions, risk management plans, evacuation procedures, business continuity strategies… you name it!

How many times do we hear “too long; didn’t read” (TL;DR)? Pare back policies so that team members don’t have to wade through excess words to get to the important parts! Below are two versions of an employee handbook objective statement. The first is excessively wordy, leaving new employees feeling cold. The second is more succinct, and reads more friendly!

Handbook Objective Statement 1: Whew!

Welcome to ABC Nonprofit! This Handbook contains overviews and details about some of the terms and conditions of employment as well as policies that you need to be aware of while working here. Please read through all of the content in this Handbook and make sure you understand it. It is your responsibility to understand these policies. Failing to follow these policies could lead to discipline, up to and including termination. If you don’t understand anything in this handbook you should ask your supervisor right away. If your supervisor is not available, please make an appointment to speak to your supervisor’s manager but let your supervisor know you are doing so to respect our chain of command.

Handbook Objective Statement 2: Better!!

Welcome to ABC Nonprofit! We know that life is short, so it should be fulfilling and fun. Your work is a big part of your life! It should be fulfilling and fun. We want you to enjoy your time here, feel connected to our mission, and feel supported, valued, and comfortable from day one. If at any time you’re unsure or uncomfortable about anything related to your position, work policies or workplace practices, or the mission or work of ABC, please speak to your supervisor or any member of the management team!

Here is some wonderful advice from HubSpot’s Employee Culture Code:

“Complexity quietly creeps in. Its toll lies below the surface. Why does complexity creep in? It is often the quick, seductive answer to short-time issues.  Fighting for simplicity and looking to the long-term takes courage and commitment. You cannot add simplicity in. You must take complexity out.”

2. Clarity Wins.

Confounding is out; clarity is in. As you draft, review, and update any policies for which human understanding and compliance is the goal, resolve to choose clear—over convoluted—language. If policy drafting is your responsibility, but clarity is not your strong suit, pair up with a capable editor! On that subject, I love the advice from Alan D. Williams, the author of “What is an Editor?” who shares the two questions than an editor should ask any writer:

  • Are you saying what you want to say?
  • Are you saying it as clearly and concisely as possible?

These questions are a perfect checklist for any risk policy, operating procedure, or safety message. Use these questions as a simple checklist before hitting “send,” whether you’re sending an email, composing a press release, or responding to a request for information from a colleague or other stakeholder.

3. Clean Up Your Mess: Strip Out Mixed Messages.

A friend recently told me about visiting the home of a relative who urged her to “Make yourself at home; help yourself to anything you want to eat or drink while you’re staying with us.” After hearing this, my friend felt very welcomed until she opened a kitchen cupboard door to take a cookie from the tin on the shelf. Before her hand reached the cookie, the host said, “What are you doing? Do you need something? Can I get you something?”

Some of the most unfortunate risk policies we’ve ever read are guilty of this terrible sin: sending mixed messages. Examples abound in the non-harassment, complaint filing, and whistleblower sections of employee handbooks.

For example, here’s a relatively chill, friendly statement reminding employees that the culture is welcoming, informal, and has a wonderful “Open Door” policy.

“We value your input and feedback on our working environment and want you to feel comfortable raising questions and concerns during your period of service. Per the Open-Door policy above, all staff has free access to their immediate managers or to other managers of their choice to express their work-related concerns informally.”

Here’s the mixed message appearing later in the document (how it actually works):

“Written complaints should be directed to the Director of Human Resources as soon as possible after the date of the event that gave rise to the work-related concern, but no later than ten (10) days following such event. The Director of Human Resources will set up one or more meetings to discuss and investigate the complaint further within a reasonable time following the receipt of the written complaint. Within ten (10) working days of the last of these meetings, the Director of Human Resources will provide the staff member with a written response to the complaint. (This period may be changed by management, without notice, and according to any relevant circumstances.) If the complaint is resolved to the staff member’s satisfaction, the terms of the resolution will be recorded and signed by the staff member and the Director of Human Resources.”

4. Mind the Current (Undercurrent).

Oxford Languages and Google offer two meanings for the term undercurrent. First, it refers to “an underlying feeling or influence, especially one that is contrary to the prevailing atmosphere and is not expressed openly.” It also refers to “a current of water below the surface and moving in a different direction from any surface current.”

Are there undercurrents at your nonprofit? Does the experience of working at your agency live up to professed values in your annual report, funder promo videos, and recruiting materials? If “yes,” your agency is a unicorn! For most nonprofits, matching the lived experience to bold ideals is a continuous challenge and sometimes a strenuous struggle. Sincere and determined leadership teams conduct pulse checks and employee engagement surveys and bravely publish the results as soon as they are available. Faint-hearted leaders keep damning and disappointing survey results under wraps, hoping that either team members will forget about the process or that quick, superficial fixes can be announced alongside the results.

To reveal the undercurrent working against the surface of your workplace, ask:

  • In what ways is the lived experience for employees and volunteers different from what we promised? From our ideals?
  • Do any of our practices or protocols foster hidden, negative feelings in teams or groups in our organization?
  • Are there certain topics that are off-limits or “taboo” during team meetings?
  • How does our team handle disagreements? Is there productive, constructive criticism or do issues explode into petty emotional immaturity?
  • Do leaders in our organization stay confined to their silo or look at how their function helps and contributes to the greater good of the whole mission?

5. Be Truly Transparent: Explain Why.

Like other revered ideals such as accountability and integrity, transparency is often exalted as a value that leaders hold dear. Yet time and time again, the NRMC team hears from nonprofit colleagues who are frustrated that they don’t understand:

  • How decisions are made, including who was involved and whether countervailing views were sought and considered
  • What decisions are ‘good bets’ or ‘bad bets’ – how their organization defines risk appetite in various areas
  • Information they need to do their jobs effectively

True transparency—sharing information willingly and openly with people who ‘want’ (versus need) to know—is rare. HubSpot reminds their team that everyone is a “designated insider.” And by that, they mean transparency is a pillar of their organization. Their culture code affirms, “Power is gained by sharing knowledge, not hoarding it. Everyone has open access to anyone in the company. It’s not an open door policy. It’s a no door policy.

There will always be pieces of information that must be carefully guarded (such as PII, PHI, and information related to ongoing litigation); however, these represent a small percentage of the total information available at your organization. To check whether you’re being transparent—versus pretending to be—ask:

  • What questions are readers of this policy likely to have?
  • Have I answered those?
  • If not, what is the real risk of sharing more about the “how” behind this decision, requirement, or new expectation I’m describing?

Make a List, Check it Twice

Here’s a summary of our tips to trounce unforgivable policy drafting mistakes. Before sending your new risk pronouncement to ANYONE, ask:

  • Are you saying what you want to say?
  • Are you saying it as clearly and concisely as possible?
  • Is this policy true to how our organization operates or does it simple spout professed ideals? What changes can I make to this document so that it reflects what we really expect to happen and expect of our team?
  • What might readers of this document want to know that I’m not revealing? (e.g., why this policy is being developed, who was involved in critical decisions related to this policy, etc.) Is there a truly compelling reason not to be transparent? What’s the risk of erring on the side of being transparent?
  • What questions are readers of this policy likely to have? Have I answered those?
  • If not, what is the real risk of sharing more about the “how” behind this decision, requirement, or new expectation?

In Essentialism, author Greg McKeown uses the term “counterfeit agility” to describe an environment where “people don’t know what they are really responsible for and how they will be judged on their performance, when decisions either are or appear to be capricious, and when roles are ill-defined…” He warns that in an environment where leaders allow “ambiguity over who is doing what… “ under the guise of promoting flexibility or agility, “it isn’t long before people either give up or, worse, become obsessed with trying to look busy and therefore important instead of actually getting any real work done.”

Agility and flexibility are worthwhile—if not fundamental and essential—aspirations for risk leaders. Yet these aspirations must be bolstered and supported with policies and written communications that are concise, clear, explain ‘why,’ and are devoid of dangerous mixed messages. Taking time to run your messaging through a gauntlet of communication musts and must nots is a crucial investment to ensure that every risk-themed message is memorable and meaningful.

Melanie Lockwood Herman is Executive Director of the Nonprofit Risk Management Center. She welcomes your feedback on this article and your tried-and-true tips for policy drafting and implementation, as well as your lighthearted stories and examples of policy trip-ups. Melanie can be reached at or 703.777.3504.