Let's Talk About Governance

I have been blogging about GRC (in my personal blog), and it has been interesting to see how many views there are on what governance, risk management, and compliance (GRC) is all about. If you are on LinkedIn, you can see 65 comments on the topic (referencing my blog above) in the "Governance, Risk, and Compliance Management" discussion group.

Not only have there been many different views on what GRC is, but there are different views on what the "G" stands for.
The IIA developed a position paper, based on work by the IIA-UK, titled Organizational Governance: Guidance for Internal Auditors. In it, they said: “There is no single, comprehensive, universally accepted definition of organizational governance.” How can auditors assess governance processes and practices, with related controls, when the term governance is not defined?
If we look at some authoritative sources, we can work this out.
·         The Organisation for Economic Co-operation and Development (OECD) says Governance involves:
“A set of relationships between a company's management, its board, its shareholders, and other stakeholders. Corporate governance also provides the structure through which the objectives of the company are set, and the means of attaining those objectives and monitoring performance are determined.”
·         The Cadbury Committee (the governance source for UK-listed companies) has a simpler definition:
“The system by which companies are directed and controlled. Boards of directors are responsible for the governance of their companies.”
“The shareholders' role in governance is to appoint the directors and the auditors and to satisfy themselves that an appropriate governance structure is in place. The responsibilities of the board include setting the company's strategic aims, providing the leadership to put them into effect, supervising the management of the business, and reporting to the shareholders on their stewardship.”
·         The Corporate Governance Committee of Japan has this:
“Corporate governance is a scheme for ensuring that the executive managers, who have been placed in charge of the company, fulfill their duties.”
·         Forrester Research, an analyst firm, defines governance as:
“The culture, policies, processes, laws, and institutions that define the structure by which companies are directed and managed. Corporate governance includes the relationships among stakeholders and the goals for which the corporation is governed.”
·         I like the one from the Australian Stock Exchange (ASX):
“The system by which companies are directed and managed. It influences how the objectives of the company are set and achieved, how risk is monitored and assessed, and how performance is optimized.”
·         The IIA’s definition:
“The combination of processes and structures implemented by the board in order to inform, direct, manage, and monitor the activities of the organization toward the achievement of its objectives.”
·         The Open Compliance and Ethics Group (OCEG) says:
“Governance is the culture, values, mission, structure, and layers of policies, processes, and measures by which organizations are directed and controlled. Governance, in this context, includes but is not limited to the activities of the Board, for governance bodies at various levels of the organization also play a critical role. The tone that is set, followed, and communicated at the top is critical to success.”
What do we make of all these?
1.       Some limit governance to the activities of the board:
·         Cadbury
·         Japan
·         IIA
2.       Others include management as well as the board (by talking about directing (board) and managing or controlling (management):
·         Forrester Research
·         Australian Stock Exchange
·         OCEG
3.       That leaves OECD, which I find ambiguous and therefore not very useful.
4.       All pretty much talk about:
·         Setting the objectives (strategy) of the company
·         Appointing leadership
·         Ensuring appropriate tone at the top (culture and values)
·         Managing risks (implicit if not stated)
·         Monitoring and optimizing performance
Each of us can determine whether we define governance as including only board processes or also those of management. My view is that an audit of governance processes would include only board activities - and I would use the Cadbury definition (the IIA one is OK). But, if I am thinking of the GRC model, it has to include how management ensures the directives of the board are achieved - and I would use the ASX version.

In a later blog here, I will talk about what I believe is included in governance. In my personal blog, I will talk about the technology that enables those activities. But first, let’s get your comments.

Posted on Jan 6, 2010 by Norman Marks

Share This Article:    

  1. It seems to me that the classic distinction between governance - activities of the BoD - and management, from C-level down still applies. The board 1) sets strategies/objectives, 2) appoints management leadership, 3) sets tone at the top, 4) oversees and sets risk appetite and aversion policies for risk management, and 5) sets expectations for and monitors performance.

  1. There are a host of management and functional governance activities and processes, in addition to the "Governance" activities that you and Will have correctly pointed out.  Specific Board governance responsbilities similarly are called out in the Japan and Cadbury definitions - leaving other important unnamed governance roles to executive and functional management.  Even though you don't like the OECD definition, it builds on Japan and Cadbury definitions by emphasizing executive management and functional governance roles and while it is more descriptive about objective setting and performance monitoring and is silent about many other Board responsibilities, it seems to be consistent with all the other definitions, except for the IIA's. 

    Which brings me to my point - the only definition that seems a little out of synch to me is the IIA's, which is the only one that seemingly limits governance activities to the Board.  However, when we performed an IT Governance audit (as called for in the 2009 IIA standards), we had to disregard the IIA's formal governance definition and review the activities and processes in the functional IT and Project Management Offices rather than activities and processes at the Board level.

  1. Hello Norman:  Thanks for this helpful (and varying) list of definitions.  Some thoughts:

    "The board is responsible for the successful perpetuation of the corporation. That responsibility cannot be relegated to management."--John G. Smale, GM Corporation, circa 2000.

    This quote and many others are in "Harvard Business Review on Corporate Governance" which has a collection of articles on the topic with very practical advice from board members. It’s a great place to start for ideas on how to think about and improve governance.
     
    I also found Ram Charan's book "Boards that Deliver" to be helpful and concise.  He argues that there are five primary governance responsibilities: 1) Select the right CEO and remove the wrong one; 2) Determine CEO compensation; 3) Review and provide feedback on company strategy; 4) Ensure there is a solid leadership gene pool in the company / succession planning; and 5) Monitor financial health, operating performance and risks.
     
    Charan stated there are three key characteristics of effective boards: 1) They focus on the right issues; 2) They have effective group dynamics to get all the issues on the table; and 3) They have an effective information infrastructure that enables them to perform their role.  He argues for a scorecard of key operating metrics that are predictive of future results.
  1. Thank you in advance

    governance is refering to a leadership role can make a profound decion on the operational and fiancial and over all business activity. in this point the way presented is sound full and I fully agree on the Idea.

     

  1. Thank you

    governance is refering to a leadership role can make a profound decion on the operational and fiancial and over all business activity. in this point the way presented is sound full and I fully agree on the Idea.

    the bord od directors in the organiztion play a vital role

    -set a strategic directions

    -approve various policies

    -revew the fiancial and operational performances of the instituions

    -evaluate the annaual plan and submitted budget proposal to the general assembly for the approval and other releated task

    -hier and fire the Senior management team

    establish sub committee to perform specifc duties.like planing committee,audit committee etc.

    Governace also included the regulatory offices ,the Genral asembly ,the Bord fo directors ...

     

  1. Thank you

    governance is refering to a leadership role can make a profound decion on the operational and fiancial and over all business activity. in this point the way presented is sound full and I fully agree on the Idea.

    the bord od directors in the organiztion play a vital role

    -set a strategic directions

    -approve various policies

    -revew the fiancial and operational performances of the instituions

    -evaluate the annaual plan and submitted budget proposal to the general assembly for the approval and other releated task

    -hier and fire the Senior management team

    establish sub committee to perform specifc duties.like planing committee,audit committee etc.

    Governace also included the regulatory offices ,the Genral asembly ,the Bord fo directors ...

  1. I think referencing Cadbury is a little out of date. I would go to the UK Corporate Governance Code (formerly known as the Combined Code) for a UK reference. While Cadbury was the father (actually probably now Grandfather) of CG in the UK, we have moved on! In the current version of the Code (which will change before too long) the first para of the preamble reads as follows:

    Good corporate governance should contribute to better companyperformance by helping a board discharge its duties in the bestinterests of shareholders; if it is ignored, the consequence may well be vulnerability or poor performance. Good governance should facilitate efficient, effective and entrepreneurial management that can deliver shareholder value over the longer term. The Combined Code on Corporate Governance (‘the Code’) is published by the FRC to support these outcomes and promote confidence in corporate reporting and governance.

    I quite like the "output" orientation. In my view CG consists of three pillars:

    • Board activities
    • Board structure
    • Compliance

    We have lots and lots on the second, less on the first and virtually nothin on the third.

    Kind regards

    Richard

  1. Corporate Governance

    All stewardship actions enacted by an entities governing body, comprised of both, those at the highest echelons of authority i.e. the board of directors, which approve and influence a corporation’s high-level activities, as well as the actions of those in executive management; which have the authority and responsibility to actively ensure their implementation. These fiduciary responsibilities are then focused on attaining all corporate strategic objectives, within the constraints of acceptable ethical behavior, as expounded in the company’s mission statements and code of ethics.

Leave a Reply