Released in 2021, the ISO standard largely passed us by—perhaps because of the hefty price tag to purchase it. The standard was developed by ‘experts from 77 countries and 24 liaison bodies’ [1] over several years. The associated guidance commentary usefully notes that purpose is at the centre of all organisations and therefore governance. Certainly, we would agree with that.
The guidance frames the core role of governance:
The pursuit of purpose is at the centre of all organizations and is, therefore, of primary importance for the governance of organizations. Good governance of organizations lays the foundation for the fulfilment of the purpose of the organization in an ethical, effective and responsible manner in line with stakeholder expectations.
It goes on to outline eleven core principles:
- Purpose: the board should ensure the organisation’s purpose is clearly defined— (central to everything)
Then four foundation principles… - Value generation: the board should define the organisation’s value generation objectives to fulfil its purpose
- Strategy: directing and engaging strategies in accordance with the value-generation model
- Oversight: overseeing organisational performance and ensuring that the organisation fulfils all expectations
- Accountability: holding to account those to whom the board has delegated authority
Then six enabling principles… - Stakeholder engagement: the board should engage with its stakeholders and consider their expectations
- Leadership: ethical and effective leadership arrangements
- Data and decisions: the board has the data (information) it needs for decision making
- Risk governance: the effect of uncertainty on organisational purpose and strategic outcomes
- Social responsibility: transparent decision making aligned with broader societal expectations; and
- Viability and performance over time: remaining viable over time without compromising current and future generations.
A strong focus on ESG issues, culture, social responsibility, human rights, labour relations and anti-corruption—citing relevant United Nations frameworks—reflects current standards.
The standard usefully elevates risk management to risk governance, emphasising that the board sets the tone from the top and ensures all appropriate systems, competencies and responsibilities are in place.
We like the requirement for the board to define a clear and transparent value generation model along with specific objectives. This works for any type of organisation.
It also notes that the board should be accountable to the organisation as a whole and demonstrate its willingness to answer for the fulfilment of its responsibilities, basically, being clear about how the board adds value and able to show that is the case.
The final principle outlined, #11, is about viability and performance over time and notes:
Where an organization fails to understand and respond to the needs of the systems of which it is a part, it is unlikely that the organization will remain viable and perform over time.
This is consistent with the Law of Requisite Variety [2] first outlined by Jack Ashby and popularised by Jack Welch. Simply put, if the rate of change outside the organisation is greater than the change inside the organisation, then the end is near.
As with all governance frameworks and codes, a merely checkbox approach is not enough. A deep understanding of how it all fits together and the reasons each element is necessary should be seen as part of an ongoing development process. But the outline above is a good start.
A bit of web searching turned up no New Zealand organisations with the standard achieved nor anyone accredited to run the process. Maybe in time this will follow.
There are two associated standards. ISO 37002:2021 Whistleblowing management systems — Guidelines and ISO 37301:2021 Compliance management systems.
Notes