Rules That Rock: Making Procurement Policy Work

Are procurement policies helping—or just getting in the way?

In this episode of Proc and Roll, Zach, Natasha, and Conrad tackle one of procurement’s most misunderstood tools: the policy. Too often, policies are bloated, unread, and completely out of sync with how people actually get work done.

But what if the policy itself isn’t the problem? What if it’s how we design, communicate, and enforce it?

Natasha shares how a two-page policy helped streamline procurement at a $52B company. Conrad makes the case for designing intuitive systems first—and letting policy follow. Together, they unpack how culture, common sense, and smart tooling can transform policy from a blocker into a true business enabler.

🔎 What we dive into:

• Why most policies fail—and how to make them usable
• Strategy first, policy second: a new design mindset
• The role of trust, culture, and leadership in driving compliance
• How to embed guidance into tools instead of relying on PDFs
• What rules are non-negotiable—and which ones to drop

If your stakeholders are ignoring policy, this episode will show you why—and what to do about it.

Watch now or read the transcript below.

Transcript: Proc-N-Roll 15 | Rules That Rock: Making Procurement Policy Work

Zach Bachir: Procurement policy might not be exciting, but it’s important. It shapes how procurement is done, how money is spent, how suppliers are engaged. Most policies are too long, too complex, and disconnected from how people actually buy.

Natasha Gurevich: A good policy is a great enabler—it increases speed to market. People think policies are barriers, but a clear policy actually saves time and reduces involvement in minutiae.

Zach Bachir: Have you seen good policies in practice?

Natasha Gurevich: For 22 years, I saw bad policies. Then we created a two-page policy at a $52B company. It had links to other policies, but only two pages people had to read. That felt like liberation. Now I stick to the idea that shorter is better.

Conrad Smith: We’re mixing different ideas—mandates, policies, operating procedures. I don’t think anyone starts with, “Let me go read the procurement policy.” Policy should be an output of your strategy and vision. A roadmap in the background. But your tools and processes need to guide people to the right way.

Zach Bachir: So we’re talking about creating the policy, but also embedding it. Conrad, are you saying embedding is more important than creating?

Conrad Smith: Yes. A lot of companies say “we need a policy” without knowing why. If it’s about documenting how procurement should work, fine. But often it becomes a control mechanism. I’d rather start with, “How do we want procurement to work?” and design from there. Then if we need a policy, we write it last.

Natasha Gurevich: The problem is that most companies don’t mandate policy. And for good reason—too many rules lead to more rule-breaking. The procurement policy isn’t for procurement to punish people. It’s for the company to know how to buy, when to engage legal or risk, what tools to use, and when procurement needs to be involved.

Conrad Smith: But how often do people actually read that?

Natasha Gurevich: That’s where HR and legal come in. Include procurement policy in onboarding, do refreshers, make it accessible. And use dashboards to identify repeat issues.

Zach Bachir: Are we documenting the whole process, or just principles? A high-level policy won’t be enough if people need detailed guidance.

Conrad Smith: Some things need to be in writing—like who can sign contracts, who has spend authority. But things like how to buy should live in your tools. A great intake process should handle that.

Natasha Gurevich:
AI and procurement tech will help. Modern tools embed policy into the workflow. That’s how compliance will improve—by making it seamless.

Zach Bachir: So we trust people to do the right thing if we make the right information accessible?

Natasha Gurevich: Yes. People don’t wake up thinking, “Which policies can I break today?” Most non-compliance is due to lack of awareness, not bad intent.

Zach Bachir: Should policies include consequences for non-compliance?

Natasha Gurevich: Yes, especially for major breaches—signing contracts without authority, misusing corporate cards, etc. That can be grounds for termination. But most of the time, people just don’t know the rules.

Conrad Smith: Some things are obvious fraud. You don’t need a policy to know that paying your mortgage on the company card is wrong. But for everything else, we need to give people enough flexibility to act with common sense.

Natasha Gurevich: You say “common sense,” but not everyone entering the workforce has experience. What’s intuitive to us isn’t always obvious to new employees. Policies help bridge that gap.

Zach Bachir: What role does culture play in all this?

Natasha Gurevich: Culture plays a huge role. It will eat strategy—and policy—for lunch.

Conrad Smith: Totally agree. In some cultures, managers have the final say, and that overrides policy. In others, compliance is baked into how people operate. That’s rare, but powerful.

Zach Bachir: So to wrap up: trust your people, design policies that reflect how procurement actually works, make them simple, embed them into systems, and focus on culture over control.

Conrad Smith: One last thing—read No Rules Rules by Reed Hastings. It’s a great example of how to build trust and reduce the need for rigid rules.

This transcript has been edited for clarity while maintaining all substantive content