When reading about corporate governance, it is hard not to get frustrated. So-called “experts” in the field provide little practical advice but are filled with platitudes that apply to corporate boards, senior management and governance. Acronyms are bandied about as a special language is only understood by the great thinkers in the GRC discipline.
Everyone needs to take a step back, agree on some basic ideas and then start to develop meaningful and practical approaches to corporate governance. I admit it is hard to develop hard and fast rules that may apply across a variety of organizations but in the end we are talking about managing and overseeing a business.
As a start, I would define corporate governance functions in three categories: (1) formal board decisions; (2) informal board strategy and direction; and (3) oversight responsibilities and tasks. To make it simpler, a corporate board makes formal decisions, provides informal direction and strategy, and conducts ongoing monitoring and oversight functions.
Corporate boards operate based on information, most of which is provided by senior management. That is not unusual but it can lead to problems when senior management does not provide all the information it is required to provide or subtly (or no subtly) misleads the board. As a consequence, the board needs to ensure access to other sources of information to verify or supplement information provided by senior management.
In building a governance model or analytical system, the board mist start with a basic concept of risk – not just legal and compliance risk but organizational risk that extends into every aspect of the company’s operations. What forces outside the company can have an impact on the operations of the business? The company does not operate in a vacuum and its environment has to be assessed for risk at all times.
The mitigation of these risks depends on the company’s culture. Again, this concept is not limited to legal and compliance risks, but extends to every aspect of the business operations. Every company has a culture and that culture will dictate how the company responds to its operational risks.
For example, if the company faces significant risks of loss of market share from a specific competitor, the company’s culture will dictate how it responds to such a competitive threat, meaning the company will focus on “innovation” of new products and services to beat the competitor, or the company may take the company on directly through aggressive marketing and price competition. The company’s response will depend on the culture of the company as an innovator or an aggressive competitor on narrow factors of price.
The corporate board has to apply its operational framework of decision, direction and oversight to a number of important areas, including: Strategy; Planning; Resources; Talent; Compliance; Integrity; Operations and Reporting. These eight topics cover the full range of corporate governance issues that feed into a company’s culture and risks.
Corporate governance, as broken down into three categories of actions taken – decisions, direction and oversight/monitoring – is applied to these eight topics that reflect the overall risk environment and company culture.