Strategies vs Practices
Introduction
I want to share something that I find myself repeating to clients almost every day. Your practices must align with your strategies. By strategy, I mean your policies and procedures. By practices, I mean what you are actually doing day to day. This idea has appeared in other articles, but it is so important that it warrants its own focused discussion.
Over the last few years, the national regulator has shifted its attention in a very noticeable way. There is now a much stronger focus on what your policies say, and whether your organisation is actually operating in accordance with them. At first glance, this may sound obvious. In principle, it is. In practice, it represents a significant change from how regulation has operated for much of the past decade.
For a long time, VET regulation was primarily outcomes focused. The emphasis was on what learners achieved and whether training delivery produced acceptable results, etc. Policy settings existed, but they were often secondary to what was happening on the ground. What mattered most was the practice itself and the outcomes it produced. That began to change around 2019 or 2020, when auditors increasingly started requesting specific policy documents and, more importantly, asking for evidence that those policies were actually being implemented. During applicant interviews and management interviews, organisations were no longer just asked what they did. They were asked how their documented strategies were being carried through in practice.
Personally, I think this shift is entirely reasonable. It reflects a more mature regulatory approach and has shaped the way we provide consulting support. With the introduction of the current standards and the explicit expectation that organisations must “demonstrate” how they comply, the relationship between strategy and practice has moved to a new level of scrutiny. I welcome that. It encourages a systems based approach to managing training organisations and reduces the risk of policies becoming shelf documents that look good but do not reflect reality. In this article, I want to unpack what alignment between strategy and practice actually looks like, why it matters, and the kinds of evidence that demonstrate an organisation is genuinely in control of its arrangements.
When policy starts wagging the dog
At a practical level, alignment between strategy and practice can be achieved in two legitimate ways. An organisation can change its practice to meet the expectations set out in its strategies, policies, and procedures. Or it can change its strategies and policies so they accurately describe the practice that already exists. Both approaches are valid. What is not valid is allowing the two to drift apart, because once that happens the organisation stops operating with coherence or control.
However, there is an important qualification that must sit above this discussion. Alignment between policy and practice only has value if both align with the relevant Outcome Standards and Compliance Standards for RTOs. Those standards are the non-negotiable baseline. Policy and practice can move toward each other, but they cannot move away from the standards. If they do, the organisation simply formalises non-compliance.
This is where the “tail wagging the dog” problem often emerges. Some organisations allow policy documents to dictate behaviour without stopping to ask whether either the policy or the practice aligns with the standards. Others take the opposite approach. They assume that because their existing practice works for them, the safest option is to rewrite policy to match it. If that practice does not meet the standards, the organisation has now locked in the problem. The policy may be perfectly aligned with practice, but both are misaligned with regulatory requirements.
This is why context matters. If an organisation has established practices that are fit for purpose, effective, and compliant with the standards, and a policy document does not accurately reflect those practices, then the policy is the problem and should be adjusted. In that situation, revising the policy improves clarity and reduces risk. But if a policy sets out expectations that reflect the standards and those expectations have never been implemented, then practice is the problem. Changing the policy to suit non-compliant practice does not solve anything. It simply makes the non-compliance harder to unwind later.
Audits expose this distinction very quickly. Auditors move between standards, policy, and practice evidence to test whether the organisation’s internal logic holds together. When policy and practice align but both sit outside the standards, the organisation appears deliberate but non-compliant. When policy aligns with the standards but practice does not, the organisation appears to have poor management. In both cases, the problem is not effort. It is that the organisation has failed to decide whether practice must change to meet the standards, or whether policy must be rewritten to accurately reflect compliant practice.
Policy is intent, not evidence
Policies are often treated by RTOs as evidence in their own right. In reality, they are not. A policy simply describes what an organisation says it will do. It sets out intent, expectations, and agreed ways of working. That intent matters, but it does not demonstrate that anything is actually happening. Evidence comes from practice, not from documentation that describes practice.
This distinction becomes critical during audit because auditors start with what the organisation says it should be doing, through its policies and procedures, and then test whether that intent is reflected in practice. The focus is not on policy or practice in isolation, but on whether the two align. When a policy states that a particular activity occurs, such as staff performance reviews, assessment validation, or internal monitoring, the natural next question is whether that activity can be seen in action. That is why auditors move quickly from policy to records, systems, calendars, registers, and artefacts. They are looking for proof that intent has been translated into behaviour.
When practice does not reflect policy, the policy itself becomes a source of risk. It creates an expectation that the organisation cannot meet and invites scrutiny into why that expectation has not been fulfilled. This is where many organisations come unstuck. They assume that having a strong policy demonstrates compliance, when in fact it does the opposite if there is no supporting evidence. A policy that is not implemented does not sit harmlessly on a shelf. It quietly establishes a standard against which the organisation can be found non-compliant.
This risk exists regardless of how the policy was created. Whether a policy is written internally or sourced externally makes no difference once it is adopted. The moment the organisation endorses it, the policy becomes a formal statement of how it operates. From that point on, the organisation has only two valid options. It can implement the policy in practice, or it can revise the policy so that it accurately reflects what is actually happening. Any other approach leaves the organisation exposed, not because the policy is poor, but because intent and reality are misaligned.
Interconnection is how organisations demonstrate control
Well run RTOs leave a trail of interconnected evidence. That trail is not created for the benefit of auditors. It is a natural by-product of an organisation that understands its obligations and manages them deliberately. Policy obligations trigger activities, activities generate outputs, outputs lead to decisions, decisions result in action, and action improve systems and records. When those elements connect, the organisation can demonstrate control over how it operates.
This is where interconnection matters. Individual documents, taken on their own, rarely prove much. A validation report by itself does not demonstrate governance. A set of meeting minutes by itself does not demonstrate decision making. A continuous improvement register by itself does not demonstrate follow through. Control is demonstrated when those elements link together in a way that makes organisational sense.
Assessment validation is a useful example because it touches many parts of an organisation. If a policy states that validation will occur on a defined schedule, that expectation should be visible in a compliance or governance calendar or assessment validation schedule. When validation is conducted, there should be a validation report that records findings and recommendations. Those findings should result in a continuous improvement recommendation and then appear in management meeting discussions, this will be reflected in meeting minutes that show consideration and decision making. If action is required, it should be recorded in a continuous improvement register, with responsibility clearly allocated. Where changes are implemented, revised assessment tools or processes should exist, and it should be possible to compare what existed before with what exists now. At each step, the organisation is not creating paperwork for its own sake. It is simply following its own logic through to completion. This demonstrates a systematic and interconnected approch to management.
This is what traceability looks like in practice. Anyone reviewing the organisation, whether internally or externally, can follow the story from policy intent through to operational change. Nothing feels artificial because each step leads naturally to the next. The organisation appears coherent because it is coherent.
When these elements do not connect, the problem is rarely missing paperwork. It is a breakdown in governance. Obligations are not flowing through systems. Decisions are not being carried into action. Accountability is unclear. In those circumstances, even well intentioned organisations can appear unmanaged. Interconnection is therefore not an administrative nicety. It is how organisations demonstrate that they are in control of themselves.
Governance calendars bridge intent and reality
Many of the obligations set out in an organisation’s policies are not day to day activities. They are cyclical. Performance reviews, assessment validation, internal monitoring, and mandatory reporting occur at defined intervals, not continuously. Because of this, it is entirely possible for an organisation to be compliant with its intent even though a particular activity has not yet occurred within a given period.
The failure, in most cases, is not that an activity has not happened yet. The failure is that the organisation does not appear to know that it needs to happen at all. When an obligation exists in policy but is not visible anywhere in planning or scheduling, it suggests a lack of awareness rather than a simple timing issue. That distinction matters because awareness is a governance issue, not an administrative one.
A governance or compliance calendar provides the bridge between written intent and operational reality. It translates policy commitments into planned activity across the year. When used properly, it demonstrates that the organisation understands its obligations, has deliberately scheduled when they will occur, and has sequenced those activities in a way that makes sense for the business. It also shows that compliance is being managed proactively, rather than reactively in response to external pressure.
This is why a compliance or governance calendar can be powerful during audit. It allows an organisation to say, with credibility, “we have not done this yet, and this is when we will.” That statement carries weight when it is supported by evidence of planning, ownership, and intent. It is very different from being caught unaware of an obligation that exists in policy. In one case, the organisation demonstrates control. In the other, it appears surprised by its own arrangements.
This distinction is critical because auditors read planned activity very differently from unmanaged activity. An obligation that has not yet occurred but is clearly planned presents as controlled. An obligation that exists in policy but is unknown and unscheduled presents as a governance failure. At that point, the issue is no longer a single instance of non-compliance. It becomes a question of leadership and organisational control.
This is why unmanaged obligations attract scrutiny. They signal that policies are not functioning as governance tools, but as disconnected documents. Compliance problems in these situations are rarely caused by bad intent or lack of effort. They arise when organisations lose sight of their own commitments and fail to manage them deliberately. An organisation that can demonstrate awareness of its obligations, even where some activities are still pending, presents as credible and in control.
Over reliance on policy is a structural risk
Buying good policies is not the problem. Failing to implement them is. This distinction matters, particularly in a sector where many organisations quite reasonably rely on externally developed policy frameworks. Strong policies can save time, lift quality, and provide clarity. But policy has no intrinsic value on its own. Its value only emerges once it is read, understood, contextualised, embedded into systems, and reflected in behaviour.
This is where outcomes begin to diverge between organisations. Some take the time to work through their policies carefully. Senior managers and compliance staff read them together, unpack what they mean in practice, decide how they apply to their specific context, and adjust processes accordingly. That work builds shared understanding. It aligns expectations across the organisation and gives people confidence in how things are meant to operate.
Other organisations stop at possession. Policies are purchased, filed, and largely forgotten. Staff remain unaware of the obligations those policies contain. Systems are not adjusted to support them. Practices continue unchanged. In those circumstances, the organisation has not improved its governance, it has simply increased its risk exposure. The policy exists as a formal statement of intent that cannot be supported by evidence.
This explains why some audits feel unfair to those involved. Organisations believe they have done the right thing by investing in quality policies, yet they are still found wanting. The reality is that the risk was always there. The audit did not create the risk; the audit revealed it. Over reliance on policy without implementation creates a structural weakness that remains hidden until someone starts asking questions.
Policies are not safety nets. They are commitments. When those commitments are not understood or enacted, they do not protect the organisation. They highlight the gap between what the organisation says it does and what it actually does. If you acquire a policy and procedure framework, take the time to unpack it, customise it to your local requirements and implement it.
Conclusion
The message of this article is not that organisations need more documents or more complex systems. It is that these systems (strategies) must be in alignment with what is happening on the ground (practices). I know in my work when I am working with a client 6-12 months out from their renewal of registration, we focus on the evidence that we need to demonstrate compliance with standards and this always exposes gaps in the client’s operation in terms of what their policies say and what they can demonstrate.
Over months of regular meetings, we work through this together to the point where the lightbulb flicks on and they get it. They can see what has not been working. They can see how they need to get organised with a planned schedule using the governance calendar concept. They can see how either their policy needs to be adjusted to align with their practices or their practices need to change to align with the policy and the standards. They can also see how policy can result in actions and findings, these findings should flow back through the regular management meeting where they are captured in the minutes and the CEO gets to exercise informed decision making. These decision flow into continuous improvement and the improvements flow back out into practices. It is a connected management system with leadership at its centre.
For those who have worked with the quality management system ISO-9001 you will know that this is all about the organisation demonstrating that it is doing what it says it is doing. That is basically where we are at in the current regulatory model except that we also need to align our practices with some fairly complex standards and legislative requirements.
As I said at the beginning of this article, practices must align with your strategies. For many organisations, this work is best done well before renewal of registration, when there is time to think, plan, and implement deliberately. If you need some support in achieving this or preparing for your next renewal of registration, get in contact and I would be glad to assist.
Good training,
Joe Newbery
Published: 29th January 2026
Copyright © Newbery Consulting 2026. All rights reserved.