This post is part of our GRC 101 series, providing an entry-level overview of the business of governance, risk, and compliance. Today we’ll explore the ‘G’ in GRC: governance.
In its most elemental sense, corporate governance refers to the set of rules, policies, and processes put in place to dictate corporate behavior. Taken together, it’s the system by which a company is directed and controlled.
Managers and employees use these guidelines to help them make decisions. It encompasses practically every sphere of management, from action plans and internal controls to performance measurement and corporate disclosure. These guidelines form a framework designed to ensure the company attains its objectives.
The definition and scope of governance may shift slightly in different contexts. For example, at the corporate level, governance has come to mean business ethics and truthful financial reporting in the wake of Sarbanes-Oxley Act (itself a result of Enron, Worldcom, and other scandals). In IT circles, it’s commonly understood to mean good management of software resources and investment.
Governance covers all the processes that coordinate and control an organization’s resources and actions. These include:
- Explicit and implicit contracts between the company and the stakeholders for distribution of responsibilities, rights, and rewards
- Procedures for reconciling the sometimes conflicting interests of stakeholders in accordance with their duties, privileges, and roles
- Procedures for proper supervision, control, and information-flows to serve as a system of checks-and-balances.
If governance sounds rather all-encompassing, that’s because it is — governance can be highly detailed or intentionally broad, depending on the company. Some companies have very explicit ways of doing things down to the letter, while some companies limit it to a few core principles intended to guide decision-making. As companies get larger and more corporate, more external expectations are placed on them. External scrutiny may come from government bodies like the Securities and Exchange Commission, or shareholders themselves.
Whose responsibility is governance?
The board of directors is the primary direct stakeholder influencing corporate governance. Directors are elected by shareholders or appointed by other board members, and they represent shareholders of the company. The board is tasked with making important decisions that fall under the governance umbrella, such as corporate officer appointments, executive compensation, and dividend policy. In a nonprofit setting or when a company has obligations that go beyond maximizing shareholder value, governance might also include prioritizing certain social or environmental concerns.
Boards are typically comprised of two types of members: inside and independent. Insiders are major shareholders, founders, and executives. Independent directors do not share the ties of the insiders, but they are chosen because of their experience managing or directing other large companies. Independents are considered helpful for governance because they dilute the concentration of power and help align shareholder interest with those of the insiders.
Why is governance important for organizations?
Corporate governance decisions affect many stakeholders—from employees to suppliers to investors. The board’s duty is to balance the interest of each of these constituents, and make sure each are treated fairly.
For their part, each of these stakeholders wants to know the company is in good hands and being run in accordance with a sound set of principles. In publicly traded companies, their right to be informed is mandated by law: companies whose stock is traded on public exchanges such as NYSE or NASDAQ have extremely rigorous guidelines for making business information available to investors.
What does good governance look like?
Good governance can be boiled down to two pillars: transparency and accountability.
Transparency: Communicating a firm's corporate governance is a key component of community and investor relations. Board members should create a transparent set of rules and controls in which shareholders, directors, and officers have aligned incentives. This can extend beyond simple financial performance: good governance also mandates things like ethical business practices and corporate citizenship, and makes them readily available.
Accountability: Once rules are made, they must be enforced. This depends on a good organizational structure, which defines jobs and lines of reporting so that expectations can be met. Structuring around lines of business establishes individual accountability for results. As with ethics, personal accountability can be reinforced through culture. An organization’s culture can define the behaviors of empowerment that manage people by results rather than by telling them what to do.
Other factors are important of course—such as competent executives, a good strategy, and sound execution. But it all means little if accountability and transparency aren’t in place.
What are the consequences of poor governance?
Corporate governance is directly tied to a company’s reputation, financial health, and attractiveness to investors. When governance goes awry it can lead to outcomes like the scandal that rocked Volkswagen in 2015, when it was revealed that the firm had rigged engine emissions inspections—an order that came from the top of the company. Other problems can involve insufficient cooperation with auditors, improper accounting practices, misalignment in executive compensation packages, or poor management structure—any of which can severely hamper the organization’s ability to meet its objectives.
Click here to read about Risk Management and Compliance.