3 reasons businesses are bad at corporate governance

From corruption to negligence, fraud to lack of accountability, there are examples of scandals in every industry.

Why? Poor corporate governance. 

However, it’s not just scandals that point to governance failures. Stunted business growth, repetitive complaints, and high levels of waste also highlight lack of control and strategic alignment. 


The question is why are so many businesses just so bad at corporate governance?

Kate Armitage, Product Quality Assurance Manager at Qualsys shares 3 reasons businesses get governance wrong and what you, as a GRC leader, can do.

Kate armitage - quality manager

1) Assuming awareness 

Leadership and governance go hand-in-hand in a successful company.

It sounds crazy but most of the issues with corporate governance comes down to leadership not being aware of what they need to do. You cannot assume leadership know. These are really busy people, so they hire GRC managers to make their role easier. However, they cannot delegate everything. Our role is not to pass everything back to them, but to provide them with a summary of key action points so they can direct and influence the rest of the business.  


  • Use ISO 9001:2015 as a framework
  • Tell leadership their roles and responsibilities, they are ultimately accountable for good governance
  • Actions from board meetings need to be active and comprehensive
  • Make it as simple as possible, avoid complexity, make long text / meetings digestible in under 30 seconds 


BI Dashboard GRC software

2) Leaving it to the board agenda

Many businesses think that if there is a line on the board's agenda about governance, then that is all they need to do. But we need to go beyond this. Good governance practices need to be cascaded throughout the rest of the business. 

Businesses need systems and processes to effectively communicate. Good governance won’t just happen on its own and you can't leave it down to chance. Governance, risk and compliance software such as our integrated modules provide a rigid framework for recording risk, communicating, auditing, training, supplier, issue management etc. All this data is then fed through to a live dashboard which provides a picture of how the business is performing.

  • Define KPIs and have a system to measure
  • Establish strategic direction and ensure this is communicated
  • Implement a system which ensures governance can be recorded and reported on
  • Store procedures and processes centrally


 3) Change

Many businesses see governance as a separate activity or the role of a certain department. You need to make good governance by design and default, and not a bolt-on activity. However, it’s not scalable or sustainable to have the GRC manager present for every business decision. That will just slow your business down. It means providing training and systems which encourage employees to assess risk, take responsibility and ownership, and properly document their approach.


Culture of quality training

Topics: Engagement, Culture of Excellence

Share your thoughts on this article