The three primary activities of management within the Policy Management process are to enact, enforce, and mediate/adjudicate policies and standards.
- Enact - Management creates new or updates old policies and standards based on the decisions of the leadership as a result of the Governance process. Creating a policy (standard or for government, a law) is more than documenting a policy description. To make the policy enforceable requires the association of organizational "business rules" that define and delimit metrics for when the policy has been violated. In government, these business rules may be known as "regulations". In IT architecture, these rules may be parametrized and instantiated in a rules repository. This work especially well in Enterprise SOA-based Composite Applications.
- Enforce - Once management has described, documented, and delimited a policy or standard and instantiated them with business rules, the management must enforce the rules; otherwise the policy or standard becomes a mere admonishment to virtue (something that looks nice a paper, but is never followed). While enforcement may seem fairly straightforward and simple, it turns out, that in detail, it's quite complex.
- Mediate/Adjudicate - Management must also either mediate or adjudicate penalties. While many people assume that judging is "yes or no" and that the penalties are imposed in a uniform manner. In fact, many cultural/social/political forces militate against uniform penalties including the "management protective association" (which ensures that any of its members receive light penalties, as long as there is no big stink, since management controls all facets of the Policy Management process, so it is easy for them to protect their own). This is the key reason that the creators of the US Constitution separated each of these activities into the three branches of government.