hmarais's picture

Please give your opinion.

 My take on the topic is the following:

1. Policy describes the why; also accountabilities, business rules for any decisions to be taken and corrective action/ disciplinary actions should the policy not being adhered to. Similar to 'laws', it states what is allowed and what not and how to redress it. A policy should not contain processes or procedures, but refers to them.

2. Process derives from the value chain (what, who, where, when) and can be modelled in various tools, from manual 'brown paper' maps to MS Excel, MS Visio to various database tools (ARIS etc). It comprises activities/ functions, decisions, may span several systems, executed by several teams/ people (RACI) and may cross functional/ organisation boundaries

3. Procedures comprise the work instructions to execute a task/ activity (how). It normally is executed by one person/ team, does not cross organisational boundaries and is normally documented in a document. It does not normally split in the process logic (decisions) that goes outside the boundary of the activity, but may contain complex decisions/ decision trees to indicate the direction of the process logic after the activity.