Why Corporate Governance is broken and how to fix it

  • by gcarroll@fasttrackaust.com (Greg Carroll)
  • 28 May, 2015
Why, with the number of fertile minds that exist in our field, is it still a case of an irresistible force meeting an immovable object.  The paradox I believe, like our would-be entrepreneurs, is one of approach.

Last night I made the mistake of attending a local IT Forum meeting.  In addition to the usual cliché ridden talk of establishing a “silicon valley” locally, perceptions and strategies were 20 year out of date and based on requiring government lead.  Bureaucracy driven innovation, now that’ll work! Needless to say I left early. 

That got me thinking about the problem with our field of Governance, Risk and Compliance. Why, with the number of fertile minds that exist in our field, is it still a case of an irresistible force meeting an immovable object.  The paradox I believe, like our would-be entrepreneurs above, is one of approach.

 

The current approach to Governance

The current approach to Governance is to systemize, control and regulate as a method of ensure things can’t go wrong.  Suffering fraud & corruption is wrong, poor performance is wrong, and not meeting customer expectations is wrong.  So we have quality management systems to protect customers, safety management systems to protect workers and enterprise risk management to protect the business. All entail setting rules to be followed, surveillance systems to monitor compliance, and documenting everything under the sun in the false hope it will all work out as planned. 

We have CRM systems to tell us customers' previous trends, ERP to communicate between departments, and portals (SharePoint) to tell workers everything they need to know.  All sorted then.  But how empowered do you feel?  We, by which I mean senior management, have fallen into the old public official’s quicksand of believing good management is a guarantee of good results.  It isn’t.  Introducing more rules & controls is the business equivalent of thrashing around in the quicksand. With its disruptive trends, the complex and volatile business world we face in the 21st century, (as we hear ad-nauseam) requires a different approach from the predictable past, but how?

 

Let’s start by taking a step back and look at what we are trying to achieve and how we are going about it.  Why do we want Governance, Risk & Compliance within an organisation? 

 

Out of Date concepts of Governance

The key principle in Governance is Leadership which, as the pundits ruminate, is about motivating people to follow, not herding or controlling.  Almost to a tee, ask anyone in business about Governance, and they’ll tell you it’s the process of ensuring (euphemism for controlling) people to do the right thing.  But the principles of modern democracy are founded on the premise that the collective knowledge and abilities of the body politic is more capable than any individual or oligarchy.  Doesn’t this principle also hold true for business.  It is the basis of Game Theory and collective intentionality, which are the main drivers of modern market behaviour (hence the overuse of social media marketing), and represents far better strategic planning and decision making models than top-down gut-feel.  Being wedded to 18th century concepts of Governance, is looking more and more like the boy with his finger in the dyke.

 

The Solution is…

It’s no newy, empower staff.  This is done by creating a Collaborative Organization with a collaborative culture, motivated workforce and supportive infrastructure.  In his great article on this whole subject by Jay Cross available from CitrixOnline titled “Why-Corporate-Training-is-Broken-and-How-to-Fix-It”  (yes but imitation is the sincerest form of flattery) it states that knowledge workers are motivated by a sense of autonomy, mastery, and a purpose that is greater than themselves.

  •         Autonomy, the desire to direct our own lives.
  •         Mastery, the urge to get better and better at something that matters.
  •         Purpose, the yearning to do what we do in the service of something larger than ourselves

 

If we approach our business from the perspective that our role as managers is to remove the obstacles from the way of our workforce and provide the resources for them to be successful, then GRC needs to be a resource not an obstacle.  Governance needs to foster a collaborative environment (the best protection against rogue behaviour), Risk be an informative decision making tool and compliance as a process of mentoring i.e. useful.

 

Integrate Governance at the coalface

CRM is NOT about relationships, it’s about tracking salespeople. ERP doesn’t foster interdepartmental communication it silos it. And portals are just a dumping ground for unstructured data, great for analytics but not empowering workers.  To drive Governance forward, it needs to integrate intelligence (knowledge not statistics) engendered in GRC systems, with the operational points of decision making, not a separate reference source or review function.  

 

Ditch the OHS concept of Risk

Comparing Corporate Risk Management and OHS Risk Management is like comparing Social Engineering to Mechanical Engineering.  Although they contain the same word, they are totally different fish.  OHS risk is a defensive control discipline based on rigidity while corporate risk management (ERM) is its antithesis, an expansive opportunity oriented discipline aimed at flexibility.  To be beneficial to operational management as a decision making tool, risk management has to interactive and provide options (e.g. scenario analysis) not registers & restrictions.

 

Compliance must Add Value

Compliance needs to be proactive mentoring advice by connecting people with a source of expertise (a person) or historical lessons learnt.  Risk based Auditing becomes threat & vulnerability reviews if conducted by someone with subject expertise. The compliance framework give a systematically approach to analysis.  Findings and observations, instead of being judgemental, should be useful operational recommendations for Realisation, Optimisation and Innovation (see PDCA is NOT Best Practice).

 

The result: Qualitative not Prescriptive Governance

Moving to a more qualitative rather than prescriptive form of Governance will allow an organisation to be more resilient, adaptive and release far greater potential from your workforce.  

 

by gcarroll@fasttrackaust.com (Greg Carroll) 5 April 2017
The benefits of SharePoint as a content management system and information portal tool are indisputable.  With great search functionality and user definable portal pages SharePoint is now the leading Content Management solution chosen by most IT departments. But what if your business demands strict document controls protocols, not just because it’s good practice but life depends on it?  Unfortunately there is generally a poor appreciation by IT departments of the importance of document control in mission critical business. 
by gcarroll@fasttrackaust.com (Greg Carroll) 15 September 2016
Senior management have to come to grips with the fact that Digital Transformation is not an Event but rather the operating environment of 21st century business. 
by gcarroll@fasttrackaust.com (Greg Carroll) 22 August 2016
Last week saw the latest in misguided innovation talkfests, the AFR Innovation Summit #Innovation16.  For several days academics, public servants, journalists, and corporate employees put forward their insights into how Australia can develop an Innovation culture. 
by gcarroll@fasttrackaust.com (Greg Carroll) 25 July 2016
Effectiveness is the holy grail of Compliance Management.  Whether regulatory or ERM, ensuring business is conducted as intended is the base requirement to optimising your organization’s performance.
by gcarroll@fasttrackaust.com (Greg Carroll) 17 June 2016
2016 has seen a virtual tsunami of compliance failures involving some of our largest companies. From Mitsubishi to VW, from ANZ to Target, almost weekly there have been media reports about some company employees having run amok – unbeknownst to their executives and boards. People are asking: “What happened to the compliance management systems that are supposed to monitor and prevent such abuses?” Executives and boards are naturally starting to question the entire compliance management function. 
by gcarroll@fasttrackaust.com (Greg Carroll) 7 September 2015
The Compliance Manager’s role in the modern organization is to enable/empower decision makers to take action and leave the building defensive walls to the Risk Manager with his heat maps. So how can compliance managers start realising their value adding role?
by gcarroll@fasttrackaust.com (Greg Carroll) 18 July 2015
With the release of the Final Draft of ISO9001:2015 this week and its focus on risk-based Compliance Management, I thought I would share our approach to Risk-Based Auditing from our experience with the likes of Defence Aviation and the Australian Quarantine Inspection Service, both leaders in the field.
by gcarroll@fasttrackaust.com (Greg Carroll) 3 July 2015
Mere compliance with a Framework is an insufficient audit approach; it is critical to assess whether it is current, timely, communicated broadly, and meets the needs of the business. The 4 biggest mistakes are:       Not being Outcome focused      Not using Risk base targeting      Not Value Adding      Not being timely
by gcarroll@fasttrackaust.com (Greg Carroll) 28 May 2015
Why, with the number of fertile minds that exist in our field, is it still a case of an irresistible force meeting an immovable object.  The paradox I believe, like our would-be entrepreneurs, is one of approach.
by gcarroll@fasttrackaust.com (Greg Carroll) 22 April 2015
Return of Investment (ROI) does not come for automating a process but from using it to add value.  Value adding comes from targeting time and resources, risk based thinking, and Business Intelligence where they can deliver the greatest benefit to achieving the organisation’s strategic goals. 
Show More
Share by: