From corruption to negligence, fraud to lack of accountability, there are a handful examples of scandals in every industry as a result of poor corporate governance.
However, it’s not just scandals that point to governance failures. Stunted business growth, repetitive complaints, and high levels of waste also highlight lack of control and strategic alignment.
The question is why are so many businesses just so bad at corporate governance?
Kate Armitage, Product Quality Assurance Manager at Qualsys shares 3 reasons businesses get governance wrong and what you, as a GRC leader, can do.
1) Assuming awareness
Leadership and governance go hand-in-hand in a successful company.
It sounds crazy but most of the issues with corporate governance comes down to leadership not being aware of what they need to do. You cannot assume leadership know. These are really busy people, so they hire GRC managers to make their role easier. However, they cannot delegate everything. Our role is not to pass everything back to them, but to provide them with a summary of key action points so they can direct and influence the rest of the business.
- Use ISO 9001:2015 as a framework
- Tell leadership their roles and responsibilities, they are ultimately accountable for good governance
- Actions from board meetings need to be active and comprehensive
- Make it as simple as possible, avoid complexity, make long text / meetings digestible in under 30 seconds
2) Leaving it to the board agenda
Many businesses think that if there is a line on the board's agenda about governance, then that is all they need to do. But we need to go beyond this. Good governance practices need to be cascaded throughout the rest of the business.
Businesses need systems and processes to effectively communicate. Good governance won’t just happen on its own and you can't leave it down to chance. Governance, risk and compliance software such as our integrated modules provide a rigid framework for recording risk, communicating, auditing, training, supplier, issue management etc. All this data is then fed through to a live dashboard which provides a picture of how the business is performing.
- Define KPIs and have a system to measure
- Establish strategic direction and ensure this is communicated
- Implement a system which ensures governance can be recorded and reported on
- Store procedures and processes centrally
Many businesses see governance as a separate activity or the role of a certain department. You need to make good governance by design and default, and not a bolt-on activity. However, it’s not scalable or sustainable to have the GRC manager present for every business decision. That will just slow your business down. It means providing training and systems which encourage employees to assess risk, take responsibility and ownership, and properly document their approach.