Corporate Governance

The first step in our journey was to define governance, which is summarized by the process below, where a direction for the issue governed is created, as well as a strategy, and then oversight, operations and measurement and reporting follow, and the second step is to define corporate governance, as well as program governance. In this image, as with the ones that follow, the black lines represent a process pushing down through the governance structure, and the dashed green line represents reporting up to the oversight function.

Since governance is an empty process until it is keyed to a particular issue, it raises the question of what corporate governance is, and perhaps what it is not.?To address the second issue first, corporate governance isn’t exclusively tied to an examination of SEC issues or Delaware law—not all companies are subject to SEC requirements or Delaware law--though those issues can become important for many companies in a programmatic governance sense.?What corporate governance is relates back to the core of why corporation exist.

Corporations exist to provide benefit to its shareholders, and for most corporations, at least for-profit corporations, that means providing a return on the shareholder’s investment. Corporate governance is therefore directly informed by this singular purpose.?Much has been written about how corporations can and should provide benefit to shareholders, but ultimately what a corporation must focus on to do this can be summarized in four points that corporations should focus on:

While this may seem like an oversimplification, the truth is that a focus on business strategy (as opposed to a strategy to implement governance), operational resiliency, legal compliance, and financial performance will significantly help a company provide benefit to its shareholders.?So what does that really mean??It means that one can now define corporate governance using these four points, as well as the governance process, and that combined process is represented below, again with the black lines representing a process pushing down, and the dashed green line representing reporting up to oversight:

This is corporate governance.?In most companies, oversight is provided by the Board, and the company is operated by the Senior Leadership Team and management, which means that the SLT and management are responsible for much of the activity in corporate governance, though the Board plays an important role as it oversees corporate governance.

The impact of SEC and other corporate legal issues is worth noting now. While legal compliance is one of the four points, it is only one of the four points. Said differently, a legally compliant corporation with no business strategy, operational resiliency, or financial performance wouldn't seem to be a company one would want to be a shareholder in. ?

Now that we have defined the governance process, as well as corporate governance, the distinction between corporate governance and governance of a program becomes clearer.

Corporate governance sits above program governance, and when implemented in a “nested” way, program governance inherently aligns with, and is informed by, corporate governance, and while both layers set direction and strategy, the direction and strategy at the program governance layer should be, as relevant, informed by the company’s business strategy, operational resilience, legal compliance, and financial performance, which is pushed down by the corporate governance process.?The advantages of this model will be discussed in future posts, but the critical point is that by nesting governance in this way, companies can horizontally integrate business issues and risks in a much better way.

One final note regarding the programs selected for governance in the nested model.?Any program can be nested in this model, but these topics are important for many companies, which is why they were chosen as examples. It is also important to note that I did not choose "privacy" quite intentionally.?As will be discussed in future articles, privacy, while important for many companies, as well as for the data subjects themselves, shouldn’t be the exclusive focus in a program involving data that governed by corporate governance principles.?Instead, privacy is a component (and a quite important one) of governance of the use of data by the company, which can be personally identifiable data, or data that in no way relates to an individual.