One of your most important activities as an executive, especially at a startup, is to set policies: Sets of guardrails or rules for how company systems work, such as vacation policies, expense policies, WFH policies, or rules for how to get promoted.

Companies are just groups of people with money on the line, and they need rules to avoid descending into chaos. Startups are born without any rules, so as you scale someone ultimately needs to set up everything from scratch. As a result, setting policies is one of the most important roles that one plays as an executive.

But as common as policy setting is, there are few guides that actually describe how to do it effectively. So here are some rules and heuristics to keep in mind. We’ll use something really simple as an example – how to set a travel expense policy for your growing startup.

Policies Need to Make Sense

This may seem trite, but policies that will impact many people simply must be high-quality. Even the simplest policy can get surprisingly complex, and you want to catch second-order and third-order consequences to make sure that they make sense in all circumstances.

For an example of how this can get complicated, let’s take the case of your startup’s travel expense policy:

• If you set your policy to be too generous, people will max out their travel allotment and waste money.

• If you set your policy to be too stingy, people will make excuses to avoid unpleasant travel.

• If your policy is too complicated, people will forget details and cause rework, or you’ll waste tons of time answering questions about different edge-cases.

• If your policy is too inflexible, you’ll have all sorts of problems when people need to book last minute flights or hotels.

The best way to ensure that your policies make sense from top to bottom is to treat them like products. When you release a new product, you:

• Use off-the-shelf open source solutions to solve tricky problems. If your policy can be copied from a more successful company in your situation, use that as a starting point.

• Review the implementation to ensure that it makes sense. Make sure that you get many eyes on a draft policy before you roll it out. Your job as a leader is to set the right policy, not to be some Moses-like figure that presents definitive Commandments to your rapturous audience all at once.

• Release it to progressively wider audiences to ensure that you don’t accidentally break something on the way. Treat policy rollouts like the launch of a major infrastructure change, and be prepared to roll back if you break something badly.

Does this take time? Yes. Do you know what else takes a lot of time? Negotiating with angry people who are rightfully pointing out that your policy sucks, and then revising it with your tail between your legs.

As a completely unrelated side-benefit, reviewing policies is a really good way to identify talent on your team. People who have good feedback on policies that they didn’t generate are often good at creating new ones themselves. Using your team as a sounding board is a free and easy way to identify strong managers.

Policies Must Be Transparent

The worst way that policies generate distrust is via secret exceptions. Secret exceptions occur when there’s some loophole that is allowed to remain for a long period of time – typically in a fashion where enough people know about it that it gets utilized regularly.

For example, let’s say that:

• Your travel policy doesn’t allow mid-level employees to book business class.

• But if you’re on a particularly heinous red-eye (say, London to Mumbai before a big meeting), and you double check with your department’s finance representative, we’ll let you book it within 2 weeks of end-of-quarter if we have the cash.

• This policy is not documented anywhere – you need to know to ask.

This sort of exception can dramatically erode trust. Not just because of the secrecy of the exception, but because knowledge of the secret trick will inevitably get distributed unevenly. Worse yet, loopholes are typically exploited most by the teams that are most aware of them: i.e., the policy setting team themselves. Suddenly, you realize that Finance is constantly booking offsites during the last two weeks of the quarter and flying business class, and nobody else is, and it feels like the system was an inside job.

Consider whether your policy passes the all hands test: If you were asked to explain this policy – the whole policy, including loopholes and past examples – would you be nonchalant or nervous? If the latter, you need to rethink how you’re operating.

You Can’t Punish Adherence

The absolute worst form of policy exception occurs when you have a policy that breaks down in ways that punish you for being a good team player.

For example, perhaps every team is given a hiring budget at the start of the year. However, if the hiring budget needs to be shrunk (maybe sales are slow, or there’s a global pandemic), then the company goes into an immediate hiring freeze. As a result, maintaining a high hiring bar is punished, and you’ve rewarded burning through your budget as fast as possible to “win” the game of Budget Musical Chairs.

Or imagine that you follow a use-it-or-lose-it budget process. In these situations, you can be actively punished for responsible policy adherence if you cut costs and subsequently have your budget shrunk. This is very common at large organizations.

If you want your policies to work, it needs to be as easy as possible to conform to them. You never want to be in a situation where process adherence is punished, because this causes cascading distrust and erosion of every policy going forward.

Policies Need to Evolve For The Most Impacted

One of the worst situations is a policy that benefits one group but harms another, which the first group refuses to re-evaluate. For example:

• Inflation is making your travel expense policy increasingly out of date, but Finance doesn’t care because that’s helping you to hit your budget.

• Your engineering teams are fielding more and more support escalations over time, but the support team isn’t incentivized to change their escalation criteria – the engineers are providing “free” help!

It’s crucial that the people who are the most impacted by a given policy have the ability to push back and drive change; without this, inertia can cause significant damage over time. This is largely a cultural issue, and your culture needs to celebrate people revisiting their assumptions, rather than misconstruing an unwillingness to compromise as confidence or strength.

A heuristic – for every concrete dimension of your policy that people grumble about, you need to be able to articulate at least one very strong reason that your policy must be the way that it is. Extra sacrifice requires extra benefit.

Policies Need to be Used Sparingly

The final rule of setting policies is that the more rules you set up, the less any one rule will be followed. If you’re at a successful company, people are extremely busy and won’t have much time to follow your processes. If you’re at a less successful company, people are frankly probably not as sharp, and likely don’t have the capacity to handle a lot of policies. Either way, it behooves you to dictate less.

Many teams confuse creating policies with adding value – one of the most toxic mistakes that an organization can allow. Creating a new rule is something concrete that you can put on your performance review. It feels like building, but in reality it tends to add friction and slow down all of your real builders. As a leader you must constrain the urge to indulge the false productivity of setting non-essential new policies. A new policy itself should never be a win unless it comes with metrics on what it’s helped you to solve, and consideration of whether it’s wasting time.

Our industry encourages this sense of false productivity. People go on podcasts and get asked what they do for, say, OKRs at a high-growth company (I have fielded this exact line of questioning). Everyone wants to have an answer showing that they have a thorough framework for world domination; nobody wants to respond “well we just kinda set a bookings target and a few check-ins for big projects, and make sure everyone is working real hard.”

Healthy organizations should seek to prune or automate policies that are no longer needed. We had a laborious check-in on every release after a number of incidents, but our testing expectations and launch process has reduced the risk of release-related issues. We used to have strict central budgeting rules for team events, but now every team just gets a budget and we trust that you’ll spend it like an adult. These are signs of a healthy organizational dynamic, and will allow you to stay nimble even after you’ve left your startup days behind.

Share to Twitter , Hacker News , LinkedIn