United Airlines incident highlights need for policy reviews

Published on April 12, 2017

United’s friendly skies haven’t been so friendly this week. In case you missed it, on April 9, United flight 3411 from Chicago to Louisville was overbooked. When $800 vouchers couldn’t entice anyone off the plane, four passengers were selected for deplaning.

One passenger was yanked from his seat, dragged down the aisle and escorted off the plane. Shocked at the scene, fellow passengers reached for their cellphones and recorded the entire incident. You know what happened next — youtube, Jimmy Kimmel, and a tanking stock price. United CEO, Oscar Munoz, didn’t help matters with a media release where he apologized for having to re-accommodate some customers. Re-accommodate?

That leads us to wonder. Was there a policy in place to address a situation like this? There is at United. It’s called Contract of Carriage, a tome with 30 rules that anyone who flies United must agree to. Even so, there are a lot of unanswered questions. For example:

When was the policy last revised?
How is the policy shared with employees and customers?
What’s the process for updating or revising the policy?
How are any gaps between policies and regulations identified?
Are there exceptions to the policy and how are they handled?

To further complicate the situation, what would compel Joe Consumer to review the Contract of Carriage? Airlines struggle to get passengers to pay attention to the safety instructions, much less read the fine print. Policies intended for the general public must be stated clearly and succinctly. Achieving such clarity requires an ongoing process of writing, reviewing, and testing policies for audience comprehension.

Policy management within a GRC platform

A governance, risk management, and compliance (GRC) platform can help answer the questions stated above and more. Policy management in a GRC platform delivers three key benefits: centralization, collaboration, and automation. How these benefits interact opens the door to process improvements for simplifying and clarifying policies.

Policies, controls, procedures, obligations and more are centrally located and linked. This fuels what GRC platform users and contributors can accomplish with policy management.

Instead of an organization operating in silos, a GRC platform bridges the silos and allows for collaboration on policy management. Policies can be developed with more frontline input and perhaps head off issues with policy implementation. For example, when $800 won’t compel passengers off the plane, what’s the procedure to follow? Is it clear and concise? A GRC platform’s approach to policy management promotes collaboration, allows for revisions and is regularly reviewed for gaps and weaknesses.

When a GRC platform is aligned with business processes, automation can occur. Automating policy management tasks frees up compliance staff members’ time. This means they can work on other things, such as testing scenarios like United’s incident before they happen. Test results can lead to policy revisions and clearly stated, actionable procedures.

A GRC platform won’t prevent an incident like United’s debacle. It will, however, lower the risk of such an incident occurring by mandating regular policy reviews and creating a more collaborative process for developing policies that work.

Related Articles:

For GDPR, apply Yankee ingenuity

For GDPR, apply Yankee ingenuity

GDPR goes into effect on May 25, 2018. U.S. companies with customers or employees in the EU, the privacy regulation applies to you.