If you want to do the right thing, if you want to reduce your legal exposures, and if you want to instil trust and confidence in your client and customer base, then you need to think about governance.

It may not be a sexy topic, but rest assured it can be interesting, it is important, and it will add value to your business.

Governance is a broader concept than simply compliance. Here, I take a quick look at why governance is important, what it looks like and how you can implement it.

Why?

Behaviour: Having good policies, procedures and contracts promotes good behaviour.

Policies are a way of setting your organisation’s expectations for standards of behaviour and professionalism. Accompanying procedures should explain how to meet those standards. You should cascade these standards through your workforce, suppliers and business associates.

Defence: Good governance provides a defensive shield against lawsuits, criminal prosecutions and regulatory investigations.

If you implement the right governance in the right way, it ensures your compliance with legal requirements, protecting you from lawsuits and prosecutions that could otherwise place your organisation in jeopardy.

Sales: Good governance opens the door to opportunities you might not otherwise be able to access.

Clients and customers choose you because of your capability and price. But they also choose you for the way you do business. Good governance safeguards your reputation. This is not just about your business personality, but your ethics and compliance. In some cases, governance is a gateway issue; if you cannot show that you have good structures in place, you may not even get through the door.

What?

Policies etc.: You need policies, contracts and compliance statements that are appropriate to your organisation’s type and size.

Examples may include anti-bribery and anti-corruption policies and procedures, Modern Slavery Act statements, gender pay gap reporting obligations, a data protection policy and a privacy notice for your website, information security standards (maybe even ISO 27001), etc. You should also think about appropriate templates for your standard terms and conditions, ensuring your employment contracts meet basic statutory requirements, maintenance of your IP portfolio and protecting confidentiality.

Some of these are only relevant to organisations of a certain scale; some can be tailored for your current state of development; and some are ‘must-haves’.

Procedures: These should underpin your policies by telling people what they must do and how they must do it.

Acting in line with the procedures will represent compliance with the policy. There is a hierarchy, with the policy setting the goals for compliance and the procedures acting as the route map for what ‘good’ looks like.

Controls: There are two obvious forms of control that an organisation can put in place. One is contractual and one is operational.

A simple example of a contractual control is a provision in an employment or supplier agreement that requires them to abide by your policies and to have their compliance verified.

Another form of control is an operational one within an organisation. A basic example would be an approval processes for expenses that sets sign off authority at a certain level of seniority.

How?

Proportionality: Each organisation should implement a governance framework that is tailored to its own needs.

Relevant factors will include the size and shape of the business, its geographical reach (its own offices and those of its suppliers and customers), its maturity (start-up or well established?) and budgetary constraints.

Escalation: Policies and procedures are sometimes written without a sense of context. There needs to be a mechanism for resolving unforeseen or tricky situations.

How do you answer the questions, “Is this OK”, “What does the policy mean by …”, “Can an exception be made for …”? You need a process for escalation through the line management structure, and consultation with appropriate experts. This will help you to avoid paralysis through rigid adherence to a policy or procedure that does not reflect reality on the ground. It also reduces the risk of ad hoc deviations and outright ‘policy rebellion’.

Getting Started: You need to start from first principles: identify your organisation’s values, objectives and priorities.

Once you understand your organisation’s overarching purpose and what is important to you, your customers, clients and staff, then you can implement a governance structure that is fit for purpose and scalable as your business evolves. Regardless of how far down the line you are or how sophisticated you are, it is worth revisiting these principles to ensure the framework meets your needs.

This is merely a brief indication of how to establish appropriate governance structures for your organisation. It need not be over thought but nor should it be overlooked.