Governance maturity self‑assessment

Use this assessment to review the maturity of your organization’s corporate governance. This assessment is based on the international standards ISO 37000 Governance of organizations — Guidance and ISO 37004 Governance of organizations — Governance maturity model.

Overview

For purposes of this assessment, “governance system” means the organization’s arrangements, practices, and capabilities intended to provide a reasonable expectation that its objectives will be met.

These arrangements vary by organization, but common characteristics include well-defined objectives, competent directors, intelligible policies, effective and controlled procedures, and good communications.

ISO 37000 provides a schedule of recommended elements for an organization’s governance system:

  1. Governance conditions: elements to ensure the organization is capable of meeting its objectives.
  2. Governance principles: elements to ensure the organization is doing everything it should to meet its objectives.

ISO 37004 provides a standard way to assess an organization’s governance maturity:

  • Each governance element is rated on whether appropriate measures exist to achieve the element intent, and on the effectiveness and efficiency of those measures.
  • The element ratings are aggregated to determine the governance maturity rating for the organization as a whole.

Note

These ISO standards provide guidance only. They are not intended for compliance certification.

System elements: governance conditions

These elements, from ISO 37000 clause 4, establish the organization’s capability to meet its governance objectives.

Element
Requirement
Governance framework
The organization has an integrated system to coordinate governance activities.
Delegation
Governance responsibilities are delegated consistently, in a way that increases trust and transparency.
Management
Personnel can distinguish between their governance and management activities.
Sustainability
Sustainability is considered in the design and application of the organization’s system.
Stakeholders
Stakeholders are treated fairly, and their expectations are considered.
Suitably equipped
The governing body is equipped to meet obligations.
Competent
The governing body is competent, and continually improves its competence.

System elements: governance principles

Primary principle
Element
Requirement
Purpose
There is a statement of organizational purpose, values, and intentions.
Foundational principles
Element
Requirement
Value generation
There is a statement of value generation objectives.
Strategy
The governing body directs and engages with strategy, consistent with purpose and values.
Oversight
The governing body ensures ethical behaviour and statutory compliance.
Accountability
The governing body demonstrates accountability and holds delegated personnel accountable.
Enabling principles
Element
Requirement
Stakeholder engagement
Stakeholders are engaged appropriately, and their expectations are considered.
Leadership
Leadership is ethical and effective.
Data and decisions
Decision-making is based on reliable data.
Risk governance
The effects of uncertainty are considered.
Social responsibility
Decisions are consistent with social expectations.
Viability and performance over time
The governing body works to ensure that the organization remains viable and sustainable.

Assessment criteria

Each element is assigned three ratings, for behaviour, effectiveness, and efficiency.

Behaviour

The behaviour rating considers the governing body’s intentions and actions.

Rating
Meaning
0: Undefined
Nothing in place
1: Limited
There is commitment to the element
2: Emerging
There is a statement of why the element is important to the organization
3: Formalized
There are practices (such as policies, procedures, delegations) in place to implement the element
4: Measured
The effectiveness of the practices is assessed
5: Optimizing
There is continual improvement, including feedback abd corrective actions when required.
Effectiveness

The effectiveness rating considers practices in place to achieve outcomes.

Rating
Meaning
0: Undefined
Nothing in place
1: Limited
Some practices in place, but few or incomplete
2: Emerging
Practices are in place, sufficient to meet the objective
3: Formalized
Practices are fully communicated and implemented
4: Measured
Outcomes are assessed and reported
5: Optimizing
There is continual improvement of the practices.
Efficiency

The effectiveness rating considers the extent and consistency of practice implementation.

Rating
Meaning
0: Undefined
Nothing in place, or existing only in draft and not formally adopted
1: Limited
Some components in place
2: Emerging
All components in place
3: Formalized
All components adopted and communicated
4: Measured
Governance reviews are performed, with corrective actions where necessary
5: Optimizing
Innovations applied to deliver continual improvement

Aggregations and improvement targets

Aggregated ratings

The aggregated rating for each element is the mean of the behaviour, effectiveness, and efficiency ratings for that element, rounded down. The ratings for the conditions and principles element categories, and for the organization as a whole, are the means of the respective component elements, rounded down.

Improvement targets

For each governance system element, a higher maturity rating indicates a higher level of governance; but it does not follow that the organization should aim for a maximum rating for every element. Governance is risk management. The level of effort appropriate for an element should be determined by the risk managed by that element.

ISO 37004 suggests setting a target rating level for each element, and, if the current rating is lower than the target, short and long-term improvement goals. These values and dates will determine priorities and help develop an improvement plan.

How to use this self-assessment tool

To prepare your maturity self-assessment:

  1. For each governance condition and governance principle: enter the ratings and improvement targets, and provide comments.
  2. Review the summary ratings for the organization. These are shown on the Current state and Future state tabs.
  3. Download the assessment as a PDF. You can download at any time, and as often as you like.

You don’t need to complete the assessment in one go. As long as you remember the email address you used when you created it, you can leave and come back to it. It will remain available for four weeks from when you last access it.

Need help?

If you’d like a hand or you want to talk through your results, the Phrontex team is here to help. We can guide you through using the self-assessment or we can prepare the assessment for you. And we can work with you to address any gaps or challenges it reveals.

Enter your name and email address to get started or to resume an existing assessment. We will email you the activation code.