Free trial

Better governance

The principles of corporate governance are straightforward. The challenge is putting them into practice.

These are the principles set out in ISO 37000 Governance of organizations:

  1. Purpose
  2. Value generation
  3. Strategy
  4. Oversight
  5. Accountability
  6. Stakeholder engagement
  7. Leadership
  8. Data and decisions
  9. Risk governance
  10. Social responsibility
  11. Viability and performance over time

The challenges for a real-world organization are a) how to implement these principles as physical activities that the organization’s personnel are aware of and carry out automatically as part of the routine of their work, and b) how to do this without burdening the organization with bureaucracy that serves only to tick the boxes of compliance with a standard.

The following notes are some suggested approaches to this task.

Define your governance objectives

Articulate what you want for your organization. Don’t start with ISO 37000 or any other standard. Compliance with a standard is only a means to an end. It’s up to you to define that ‘end’. What has to be in place for you to be confident that your organization is functioning as intended?

A simple approach is to produce a set of statements that define what it means to say that your organization is well governed. A short list of simple statements like

  • Our activities are legal.
  • Our activities are safe.
  • We are aware of and comply with all our obligations.
  • We have a competent and enduring workforce.
  • ...

The fundamental purpose of your governance system is to ensure that the statements are true.

Review the current situation

Review of the current state of your organization’s governance framework:

  • What are your compliance obligations?
  • What are the risks of governance failure, and the potential worst-case penalties for the organization and for its directors and executives personally?
  • What governance system elements are in place, and what’s missing?

Use our governance self-assessment questionnaire as a starting point. These questions might help you identify weaknesses and gaps in your current governance systems. You can download the questionnaire as a report, which might be useful for internal purposes to support a governance improvement project. Click here to use the questionnaire.

Create a register of compliance obligations

A compliance requirement is any formal statement that affects how the organization operates and how its personnel behave.

Your set of requirements will typically include:

  • Statutes and regulations applicable to your industry and jurisdiction
  • Commercial requirements that you must meet to continue trading, such as professional standards or listing rules
  • Standards such as ISO 14001 or ISO 9001, that you choose to comply with as a matter of principle or as a marketing necessity
  • Any other formal standards or requirements that the Board chooses to impose

There’s no need to include every conceivable obligation. The concern is only with those that specifically constrain the organization’s activities, or with which your personnel should be familiar.


Get the policies under control

Your organization’s policies are the foundation of your corporate governance system. If you need to prove that your organization is effectively governed, you need to be able to demonstrate that your policies are under control:

  • There should be no doubt about which policies are currently in effect, nor about which policies were in effect at any time in the past. (In the event of an accident or incident, the organization may be called upon to produce them.)
  • You have records to prove that employees are familiar with the policies relevant to their work.
  • There is an assigned accountability for each policy, and a documented procedure defining that accountability, to ensure that each policy is communicated and implemented effectively, and that non-compliance is detected and actioned.
  • You have a formal method to ensure that the organization has all — and only — the policies it needs.


Standardize the compliance process

Having a standard process for managing compliance requirements improves the effectiveness and reliability of the organization’s governance system, reduces the total workload, and creates greater opportunity for system integration.

Each compliance requirement should be assigned to a manager with accountability for these tasks:

  1. Understand the requirement. This means not only familiarity with the original statement of the requirement, but also awareness of foreshadowed changes.
  2. Interpret the requirement. Determine what the requirement actually means for the organization: what does it have to do that it otherwise might not do, and what must it not do that it otherwise might do?
  3. Monitor the affected activities. Identify the procedures that include steps and controls relevant to the requirement. Be aware of changes to those procedures, and the introduction of new procedures, to ensure continued compliance.
  4. Provide training and awareness. Most requirements entail some level of awareness on the part of employees.
  5. Detect and respond to non-compliance.
  6. Manage external compliance tasks. Some requirements call for third-party audits or external reports and filings.
  7. Internal reporting: report to management and Board on the state of the organization’s compliance with the requirement.

Next steps…

If you think Phrontex might be of value to your organization...

  • Call or email us now.
  • Click here for our calendar, to schedule an online discussion and presentation.
  • Click here for a free trial, to see it for yourself. No card required.
  • Click here for the user guide, to read about the features and functionality of Phrontex, and how to use it to build your governance system.

© Copyright Phrontex Pty Limited, 2023