Alex is Sprintlaw's co-founder and principal lawyer. Alex previously worked at a top-tier firm as a lawyer specialising in technology and media contracts, and founded a digital agency which he sold in 2015.
As a small business owner, you’re juggling a lot: customers, suppliers, cash flow, marketing, and (if you’re growing) hiring staff.
One of the most practical ways to reduce risk and make day-to-day operations smoother is to put clear procedures and policies in place. They help your team do things consistently, they set expectations with customers, and they give you a defensible framework if something goes wrong.
But there’s a catch: writing procedures and policies “from scratch” can feel overwhelming, and copying generic templates can create legal gaps (or introduce rules you can’t realistically follow).
Below, we’ll walk you through how to build procedures and policies that actually fit your business in Australia - with a focus on being practical, legally sensible, and easy to implement.
What’s The Difference Between Procedures And Policies (And Why It Matters)?
People often use “procedures and policies” interchangeably, but they’re not the same thing.
Policies: Your Rules And Standards
A policy is the “what” and “why”. It sets a standard and explains your position on an issue.
For example:
- Refunds and returns policy
- Workplace bullying and harassment policy
- Privacy policy (how you handle personal information)
- Workplace surveillance or CCTV policy
Policies are especially important when you need to show you’ve set clear expectations - for example, to manage employee conduct, handle customer complaints consistently, or demonstrate compliance.
Procedures: Your Step-By-Step Process
A procedure is the “how”. It’s the step-by-step workflow your team follows to implement the policy.
For example:
- How your team processes refunds and records reasons for returns
- How managers respond to a safety incident (who is notified, what gets documented, timeframes)
- How your business collects consent for marketing emails
In practice, procedures are what make policies “real”. If you only have policy statements without a workable procedure behind them, your team will likely improvise (and that’s when mistakes happen).
Why Procedures And Policies Are A Legal And Commercial Asset
Procedures and policies aren’t just “admin”. They are a risk-management tool that supports your business legally and commercially.
They Help You Meet Your Legal Obligations
Different areas of law expect businesses to have systems in place, particularly when you employ staff, collect personal information, or interact with consumers.
Depending on what you do, your policies may help you show:
- you’re meeting employment law and Fair Work obligations
- you’re responding appropriately to workplace complaints or investigations
- you’re complying with privacy and surveillance requirements
- you’re handling customer issues in a way that aligns with the Australian Consumer Law (ACL)
They Create Consistency (Which Protects Your Reputation)
Consistency is what customers and staff experience as “professionalism”. If one staff member offers a refund and another refuses, or one manager responds to complaints properly and another ignores them, it can quickly become a reputation problem.
Clear procedures and policies help you scale without losing control of how your business runs.
They Reduce Disputes (Or Put You In A Better Position If One Happens)
If a dispute arises - with a customer, employee, supplier, or contractor - one of the first questions will be: what did your business say it would do, and what did it actually do?
When you can point to a written policy and show you followed your documented procedure, you’re generally in a stronger position.
Step-By-Step: How To Create Procedures And Policies That Fit Your Business
There’s no single “perfect set” of procedures and policies. The right approach is to build the ones that match your business model, your risks, and your team size.
Here’s a practical way to do it.
1. Map Your Business Risks And Pressure Points
Start with the areas where things tend to go wrong or where compliance matters most.
For many Australian small businesses, common pressure points include:
- Customer refunds, complaints, and chargebacks
- Late payments and invoicing disputes
- Staff conduct and performance issues
- Rostering, shift changes, and cancellations
- Workplace safety incidents and near-misses
- Collecting and using customer data (especially online)
- Use of business equipment, vehicles, and devices
Tip: If you’re unsure where to start, look at the last 6–12 months. Where have you spent the most time “putting out fires”?
2. Decide What Must Be A Policy Versus A Procedure
A good rule of thumb:
- If it’s a standard you expect everyone to follow, write a policy.
- If it’s a repeatable workflow with steps, write a procedure.
You’ll often need both. For example, you might have a “Refunds and Returns Policy” (policy) and a “Refund Processing Procedure” (procedure).
3. Write For The People Who Will Use It
The best procedures and policies are written in plain English for your team - not as legal essays.
Keep them:
- specific (avoid vague statements like “act reasonably” without explaining what that means in your context)
- workable (don’t promise processes you can’t resource)
- consistent with your contracts and real-world operations
If you have staff, your policies should align with your employment documentation - for example, your Employment Contract and any handbook or workplace rules you’ve already implemented.
4. Check Your Policies Against Your Legal Obligations
This is the part many businesses miss: your procedures and policies should be consistent with what the law requires - and they should not contradict your contracts, website terms, or representations you make to customers.
Some areas to pay close attention to:
- Refunds and returns: your policy must not undermine consumer guarantees under the ACL (for example, you generally can’t say “no refunds ever” if the product has a major failure).
- Privacy and marketing: if you collect personal information (names, emails, phone numbers, address details, IP addresses via your website), you may need a clear Privacy Policy and an internal procedure for handling access requests, complaints, and data retention (depending on your business, turnover, and what data you handle).
- Workplace surveillance and recording: if you use CCTV, or record calls/conversations, you need to consider state-based rules and clear communication to staff and customers. This is particularly relevant if your business operates in multiple states.
As an example, businesses often ask whether they can record calls “for training”. The answer depends on where you operate and how you do it, so it’s worth having a clear process for notice/consent (where required), storage and access - especially if your team is handling customer disputes or sensitive information.
5. Build A Simple System For Version Control And Updates
Policies often fail because they get written once and never updated.
Set up a basic system:
- Put a date and version number on each policy/procedure
- Assign an “owner” (someone responsible for updates)
- Review annually, and also after any major incident or legal change
- Record when staff were trained on key updates
This helps you show you’re not just creating paperwork - you’re maintaining a living compliance system.
Which Procedures And Policies Do Most Australian Small Businesses Need?
Every business is different, but there are some common procedures and policies that many Australian small businesses benefit from (especially once you hire staff or sell online).
Customer-Facing Procedures And Policies
- Refunds and Returns Policy: sets out how you handle returns, exchanges, timeframes, proof of purchase requirements, and how ACL consumer guarantees apply in your business.
- Complaints Handling Procedure: a step-by-step process for staff to escalate complaints, record outcomes, and meet response time targets.
- Terms and Conditions / Customer Contract: clearly sets out scope, pricing, payment timing, cancellations, warranties, and limitations (where allowed). This is particularly helpful in service businesses or project-based work.
- Privacy Policy: explains what information you collect and how you use, store and disclose it, including any overseas providers (common for online tools).
- Website Terms of Use: sets rules for using your website and helps manage IP and misuse risks (especially if you have downloadable content or user accounts).
Employment Procedures And Policies
If you employ staff (or plan to), this is where procedures and policies become especially important.
- Code of Conduct: sets standards around behaviour, conflicts of interest, communications, confidentiality, and professionalism.
- Leave and Absence Procedure: covers how staff request leave, what evidence is required, and who approves it.
- Workplace Health and Safety (WHS) Procedures: practical reporting steps for incidents, hazards, and near-misses.
- Performance Management / Disciplinary Procedure: a clear process for warnings, improvement plans, and escalation. This can be critical if a termination is later challenged.
- Bullying, Harassment and Discrimination Policy: sets expectations and reporting channels, and reduces the risk of mishandled complaints.
Even small teams benefit from clarity early - it’s often much easier to roll out policies when you’re hiring your first few team members than when you’ve grown to 15–20 staff and everyone has their own way of doing things.
Operational Procedures (The Ones That Save You The Most Time)
- Sales and quoting procedure: how quotes are prepared, approved, and converted into signed work (and when deposits are taken).
- Invoicing and collections procedure: when invoices are issued, follow-up cadence, and escalation steps if payment isn’t made.
- Supplier onboarding procedure: due diligence steps, record-keeping, and who can approve spend or sign agreements.
- IT and security procedure: password standards, device security, and processes when someone leaves the business.
How To Make Your Procedures And Policies Enforceable (Not Just A Document Folder)
Writing procedures and policies is a great start, but they only protect you if they’re implemented properly.
Make Sure Your Contracts And Policies Match
A common issue is inconsistency - for example, your website says one thing, your staff say another thing, and your invoices say something else again.
Try to align your policies and procedures with:
- your customer contract or terms
- your employment documentation
- your internal templates (quotes, invoices, onboarding emails)
If you’re a company (or plan to become one), it’s also worth ensuring your internal governance documents support how decisions get made - for example, your Company Constitution and (where relevant) a shareholders agreement.
Train Your Team (And Keep A Record)
If you have employees, it’s not enough to “email the policy”. Build training into onboarding and run refreshers for higher-risk areas (like customer complaints, safety, and privacy).
Keep a simple record of:
- what training happened
- when it happened
- who attended
This can be extremely helpful if you need to show you took reasonable steps to manage risk.
Use Checklists And Templates Inside Your Procedures
Procedures stick when they’re easy to follow.
Instead of only writing paragraphs, include:
- checklists (e.g., “before issuing a refund, confirm these 5 things”)
- templates (e.g., complaint response email wording)
- decision trees (e.g., “if the customer is claiming a major fault, escalate to manager”)
This is where procedures become truly operational - and where you’ll feel the benefit day-to-day.
Be Careful With Recording And Surveillance Policies
Many businesses use CCTV for security and record calls for quality and dispute resolution. If that’s you, be careful about how you implement it.
Recording and surveillance rules can vary by state, and your risk increases if you operate across jurisdictions or store recordings without clear access controls. Depending on where you operate, these resources can help you think through compliance and what to document:
From a practical point of view, your internal procedure should spell out who can access recordings, how long you keep them, and what happens if someone requests a copy or makes a complaint.
Key Takeaways
- Procedures and policies are different: policies set the rule/standard, and procedures explain the steps your team follows to apply that rule.
- The right procedures and policies help you run consistently, reduce disputes, and show you’ve taken reasonable compliance steps as your business grows.
- Start by mapping where risk and confusion happen in your business, then build policies and procedures around those pressure points.
- Your documents should be workable in real life, aligned with your contracts, and updated as your business changes.
- If you have staff, clear policies supported by training and records can be critical for managing conduct, safety, and performance fairly.
- If you collect customer data or use CCTV/recording, document what you do and why, and build safe handling procedures that reflect your legal obligations.
Note: This article is general information only and doesn’t constitute legal advice. If you’d like advice about your specific situation, you can contact Sprintlaw.
If you’d like help putting the right procedures and policies in place for your small business, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.
