How to Create Efficient Desktop Procedures that Boost Risk Protection

Desktop procedures. Everyone has them — and I share the key to keep you compliant and give you samples of how to create/maintain them properly.

Desktop procedures, while not scintillating, are the heart of all operational activity. Procedures ensure consistency and confirm that what you say you do and what you actually do match. Procedures are the secret to compliance, customer satisfaction and employee understanding.

Would you try to build a house without blueprints? Or, would you try to prove to a homebuyer what’s behind the walls without schematics of the plumbing and electric? It would be chaos. And it’d be impossible to build the house to exact specifications.

Think of procedures as the blueprints into an organization’s inner workings. Yet, because procedures don’t drive income or prevent losses, they tend to get the least amount of attention until it’s too late.

Proper Desktop Procedures Reduce Operational and Compliance Risk

There are four key reasons to invest time to ensure your organization has properly documented procedures.

1. Consistency
My son recently purchased a soccer net online. A narrow box arrived, and he disappeared with it for an hour. When I checked on him, he had assembled the entire goal by following the instructions. The instructions that came with the goal listed tools he needed and how each piece connected. In fact, it’s how every person who purchased the exact same goal assembled it—when followed properly they were successful. Procedures are the instructions for all your employees. Employees complete activities as expected using reference documents known as procedures.

2. Identification of Risk Areas
Bridgeforce typically starts client engagements with a Request for Information. We always ask for procedures because they show business activities from end-to-end and give us the ability to identify areas of risk.

If a procedure involves a handoff from one department to another, we’ll ask “How does the first department know they handed everything off?” And “How does the receiving department know they received everything they were supposed to?” Answers to these questions lead to discussions about existing preventative and detective controls to reduce the risk of missing something.

“Think of procedures as the blueprints into an organization’s inner workings.”

3. Seamless Execution During Personnel Changes
There is a growing trend of employees changing jobs. In April 2022, 4.4 million Americans voluntarily left their jobs. As people move on, new people move in, and mostly, they will also be new to the job requirements.

Employees need to get up to speed on details of their new role. One way to learn a role is through procedures. Learning from procedures accomplishes two things right away: (1) Identifies the critical steps that employees must know, and (2) Shows how to perform each step until an employee can complete the procedure on their own.

4. Demonstrating Compliance
Sharing your suite of procedures is a typical requirement for any compliance review or audit. When up-to-date and constructed properly, procedures can help an auditor understand each action and its associated controls. Having a proper procedure can help show that operations are performed in an effective, efficient and controlled manner. Your challenge is making sure that procedures accurately represent the production environment (more to come on this topic).

How to Create Consistent and Executable Procedures

There are plenty of good ways to maintain procedures. Yet the burning question is what makes up a really good procedure? And what are the critical elements of a really good procedure?

First, we need to differentiate between the two “must have” procedures: Operational and Desktop.

Operational Procedures – The ‘What’
High-level summary and not intended to be step-by-step instructions on how to complete each element that the procedure recaps. Auditors receive operational procedures as an overview of critical business activities.

Desktop Procedures – The ‘How’
Very detailed instructions show how to perform various tasks. Don’t underestimate the word detailed. Desktop procedures are intended to be at the keystroke level. Anyone can follow desktop procedures to successfully perform steps without additional support.

In addition to defining Operational and Desktop procedures, you must format both types the same way. Each should have the same look and feel. All Operational procedures must have the same information. Each Desktop procedure should show the same information. This provides employees, auditors and regulators with a standard way-finding guide to navigate all procedures.

Standard Elements of Procedures

Proper Procedures List


How to Keep Desktop Procedures Current and Relevant

You know the benefits of proper procedures, the difference between operational and desktop procedures and the components of each. All of this means nothing if the procedures are not maintained to accurately reflect the production environment.

Nothing creates more doubt than a disconnect between what is happening versus what procedures show.

Take these 5 steps to ensure a disconnect doesn’t happen to you.

1. Implement a review and approve cycle
All procedures should have a scheduled review and approval date, typically once a year. Someone should review the procedure against what is happening in production and make updates, document changes and route through a defined approval process.

2. Define governance routines for making changes
Anybody can recommend changes to procedures but there should be a limited number of people who can make changes to procedures. Making any changes should only happen after a fully vetted review and approval.

“Nothing creates more doubt than a disconnect between what is happening versus what procedures show.”

3. Incorporate procedure updates in all projects
Procedures should be a standing part of all change management plans and included with any project launch. This will ensure that procedure documentation will properly capture all changes.

4. Let controls inform if changes are needed
Preventative and detective controls make sure that an organization adheres to approved procedures. Like the example I used earlier, if there are many hand-offs between departments, it’s important that all items are sent and received. Controls will identify if errors occur.

When errors happen, procedures may need to be updated. Revised procedures will provide greater clarity on expectations, incorporate additional controls or completely redefine the procedure to reduce the likelihood of errors.

5. Incorporate procedure reviews in all complaint analysis
Finally, never underestimate the value of complaints and the analysis of volumes and trends. Not all complaints indicate a problem but when they do, a key step in the root cause analysis should be to identify and review any applicable procedures and make any necessary updates.

CLIENT SUCCESS STORYA large US-based bank was able to remediate regulatory findings of the operating model and risk management framework

Audit, Update or Create Proper Procedures that Protect

If your organization needs to find out the state of your procedures, Bridgeforce can help. We will implement a tailored, quick assessment to identify gaps, provide prioritized enhancements and assist in determining next steps. If needed, we can write proper procedures that are employee- and regulator-friendly to position you for success.

Contact us today to discuss how we can best help you.


Have a question about this article?

ASK Shawn Murray ,