GovernWith Blog

GovernWith blog for Boards, Directors and Executives who want to develop their governance capabilities, achieve their strategic goals and mitigate risk.

Having conversations about Cyber and IT in the Boardroom

Having conversations about Cyber and IT in the Boardroom

With the ever-changing landscape of technology, it brings with it a lot of new language to the table, which makes it seem complicated and one of those technically detailed conversations. It doesn’t have to be. 

It doesn’t have to be. 

The frequency we are hearing terms such as cyber and cyber-security reported in the news is growing – even as recently as last week with the NSW Education department being hit by a cyber-attack. The Australian Institute of Criminology has released a report putting the total economic cost of cyber-crime across Australia at $3.5 billion in 2019, including $1.9 billion lost by individual victims. 

With the depth and breadth of technology needed to run and work within an organisation increasing and the ongoing maintenance of the technology that this entails, the risk the IT infrastructure poses to the organisation is also escalating. 

As a Board director, you’re empowered to question the risks of any aspect of an organisation and with that comes the need to educate yourself to understand those risks and your organisation's preparedness to respond to those risks. It’s also worth noting that the Federal Government is working on new cyber-security standards that include corporate governance, first floated in the 2020 Cyber Security Strategy, which may hold directors personally responsible for cyber-attacks.  Addressing cyber and IT infrastructure risk should be no different to addressing finance or stakeholder engagement risk for example. 

It’s important that Board directors identify these risks as organisational risks and not just an IT problem, as taking this approach will encourage your peers, stakeholders and employees to take the same approach. 

In our research into cyber-security, Techradar recently reported that up to 99 per cent of cyber-attacks require human interaction to execute.  This is why it is so important to bring all levels of the organisation along on the cyber and IT infrastructure conversation. 

So, how do you have the conversation? 

The CEO is a lynchpin in the conversation, bringing information to the board and acting as a leader for the organisation's attitude to this topic. A great place to start is to have a strategic plan for cyber and IT Infrastructure for the organisation in place and that plan should be a regular part of the Board’s agenda and papers. 

What questions should be raised at a Board meeting?

The Australian Cyber Security Centre has published a prioritised list of mitigation strategies to assist organisations in protecting their systems, called the Essential Eight. A great question off the back of those strategies is “how do we stack up?” 

It doesn’t have to be that detailed though, as suggested in the book The Secure Board, some great questions are: 

  • Do we know who has access to our critical information assets and how is this monitored and managed? 
  • What happens in the event a key supplier is compromised? 
  • In our security team, how many people are focussed on the security of technology, and how many are focussed on the behaviours of our people? 
  • Are we doing everything we can for our customers to protect their data that we hold? 

The most important thing though, is that the cyber and IT infrastructure conversation at the Board room level starts straight away before an incident occurs. The acceptance of these risks as organisational risks needs to be guided from the top, to then filter down through the whole organisation. 

If you’d like to hear more from experts in the field, watch our recent webinar Cyber Security for Boards where Fi Mercer chats with Anna Leibel and Claire Pales about how it’s no longer a question of if you need to know about cyber-security but when you’re going to learn. 

This article takes inspiration from Anna and Claire’s book, The Secure Board, which is a fantastic starting point for assuring your board is addressing and understanding the cyber risk in your organisation.

Read More
Cyber Security and Boards

Cyber Security and Boards

Last year cybercrime increased 600% globally. In 2021, cyber is expected to be a $6 trillion business which will make it more profitable than the illicit drug trade. 

Blog by Claire Pales and Anna Leibel, co-authors of The Secure Board and Directors of The Secure Board Advisory 

“In our book "The Secure Board", which was released in March 2021, and at the May Governance Evaluator webinar we explain cyber risk in non-technical terms so you will have confidence next time your IT or security leader attends your Board meeting.” 
- Claire Pales and Anna Leibel, authors of The Secure Board and Directors of The Secure Board Advisory 

Written for current and aspiring Board members, "The Secure Board" provides the insights you need to ask the right questions, to give you the confidence your organisation is cyber-safe. Designed to be read either in its entirety or as a reference for a specific cyber security topic on your upcoming board agenda, "The Secure Board" sets aside the jargon in a practical, informative guide for Directors. 

"The Secure Board", is the second book from Claire Pales and the first for her co-author Anna Leibel. Claire and Anna are the founders of the boutique advisory firm The Secure Board and leading experts in cyber security and technology. They are independent advisors who have worked with many with boards and committees in both Australia and Asia. Anna is also a current director on the board of Ambulance Victoria. Based on their work with boards and executives, their local research and global trends in cyber, the book covers the 5 key elements of cyber knowledge that Directors expressed concerns about when it came to managing cyber risk. 

“I recommend The Secure Board as essential reading for all leaders. It will equip you with the knowledge and foresight to protect your information and your people.” 
– David Thodey AO, Chair of CSIRO 

“[This book] will challenge you to stop, to reflect and then re-set some of your governance thinking. Anna and Claire, you have made a great contribution to the development of all Directors who choose to pick up this book” 
– Ken D. Lay AO APM FAICD, Lieutenant-Governor of Victoria 

 

Read More
Compliance Governance and the Need for a Fourth Line of Defence Model

Compliance Governance and the Need for a Fourth Line of Defence Model

Blog by Brendan Moore, General Manager Member Services, Leading Age Services Australia. 

Aged care governing bodies need independent audits to reassure them of operational compliance. 

All organisations engage independent, external auditors for their financial reports. However, there is a strong case for governing bodies to engage independent, external auditors for their operational performance. 

While internal audit plays a key role in the corporate governance structure to provide ongoing assurance on the effective management of risk within an organisation, there are many organisations that do not have a formalised, structurally independent role of internal audit within their business. 

For those organisations that do have such a role, there is a case to be made for a fourth line of defence in the form of an external auditor of operational compliance. 

According to the Chartered Institute of Internal Auditors (CIIA), ‘internal audit is a cornerstone of an organisation’s corporate governance’. 

Many aged care providers will be limited in their ability to resource such a function and governing bodies will be reliant on the first and second lines to provide reports via senior management. 

There have been notable instances in the Aged Care Royal Commission where such an approach has been found wanting for a variety of reasons (e.g. management withholding information, inadequate systems for documenting and interpreting risk information, processes not identifying key risks). 

For these reasons, boards need to be aware of potential conflicts of interest and ensure they take measures to safeguard the objectivity of internal audit. 

The CIIA lists four key issues for Directors to ask about and be reassured upon in regards to any internal audit function: 

  1. It must be structurally independent and report directly to the governing body. (Noting that any internal audit also needs to have access to management information and have a good relationship with management.) 
  2. The function must be properly resourced and staffed by a person with appropriate knowledge, skills and experience. 
  3. It should focus on the greatest risks to the organisation and have a plan executed to respond to these. 
  4. The scope of activity is the whole business and it should be unrestricted in pursuing its role purpose. 

Leading Age Services Australia (LASA) is engaged by many operators to conduct ad hoc gap analysis/mock audit services. These engagements are invariably by management, who sometimes may be a contributing factor in operational compliance—for better or worse. 

As the diagram indicates, using LASA to substitute for internal audit in compliance risk/audit can be appropriate to circumstances where resourcing capability to fill such a role internally is not possible. 

While ad hoc, it is fair to say ‘at least it is happening’. For organisations that do not engage a substitute, or employ their own internal audit function, or an external audit service reporting to the governing body, only the first, second and fifth lines are active. With the fifth line being the regulator, this represents a risk retention setting that has left some aged care providers exposed to adverse compliance findings. Often stated responses such as ‘we didn’t know’ or ‘this result has completely surprised us’ do not invoke confidence in the regulator about the organisation’s audit and governance processes. 

Research conducted in 2019 with attendees at LASA’s Governance in Aged Care workshops indicated that governing bodies could increase their focus and time on ensuring statutory and regulatory compliance, particularly with the heightened focus on organisational governance in Standard 8 of the Aged Care Quality Standards. 

Reliance on management by governing bodies may expose them to liabilities and risks that independent audit of varying areas of operational performance may identify, mitigate and possibly eliminate. 

If you are a Director of an age services provider, the following questions are worth reflecting on: 

  1. Do you have a compliance plan that considers the regulatory framework and a stand-alone compliance/clinical governance committee supplemented by independent auditing? 
  2. Are you confident you are fully informed of the areas you are ultimately accountable for under Standard 8 of the Aged Care Quality Standards? 
  3. Is there sufficient focus on quality, safety and clinical governance within your governing body’s activities?  
Read More
Data Driven Governance Insights - Continuity is the Key to Remaining Resilient

Data Driven Governance Insights - Continuity is the Key to Remaining Resilient

As we touched on in last month’s webinar (which you can watch here) resilience and governance go hand in hand. Kerri Rivett, CEO of Royal Freemasons and Board member of LASA, spoke about the need for directors and boards to have the ability to have dual skills, both monitoring risk on a daily basis whilst ensuring they take time for blue sky thinking and strategic planning. She went on to describe this as the ability to pivot, adapt and thrive, something that she and her executives and board believe in. In Kerri’s view this is a key element of resilient governance. 

Building on from this, resilience and director development also go hand in hand. They are both integral to good governance and an overall positive experience on the board. Resilience isn’t built in a day, it takes time and commitment, it’s about fostering skills so that you have the capacity to learn, cope, adapt, and transform in the face of everyday events as well as shocks and stresses. 

Through our governance data insights this month we’re showing how director development is so important for resilience. We have identified that there are crucial elements that need to be taken into account. These are both the director’s professional and sector relevant skills. We have also identified the importance of directors understanding their culture and contribution requirements. Our infographic highlights the average results from the Director Development and Skills Matrix evaluations.  This data is as a result of over 700 director contributions over the last three years.  

What we are seeing is that there is 11% lower sector specific skills and experience in directors when compared to their professional, culture and contribution skills and experience. Therefore, highlighting the importance of ongoing review, training and development in relation to the sector that the director is in. 

Through Governance Evaluator's convening role with many boards, we have discovered that organisations who engage in ongoing individual director review and development, in particular for areas relating to their sector knowledge and experience, describe an improvement by year two. They find improvement in their ability to be more discerning, more strategic and more aware of their top organisational risks. This therefore is a crucial piece for the evolution of a resilient board.  

Below is an example of how in the health and aged care sectors over the last three years when directors did target sector skills as their area of training there is an improvement in their results.  

Our findings in relation to this also align with a recent article by the Governance Institute of Australia, in which they state - “By 2025, governance professionals will need to be keeping pace with rapid changes and a broader set of issues affecting their organisations. That means they will have to continually maintain and improve their knowledge base and skill set.” They conclude the article with the summation that - “Overall, participants believed that a combination of experience and ongoing education was needed to build the level of awareness needed for the governance professional role.” You can read the full article here.  

If you are interested in getting involved in engaging with a program of continuous development and review, click here to find out more or contact our governance expert below to see how we can help you. 

Read More
Data Driven Governance Insights - Governance Resilience

Data Driven Governance Insights - Governance Resilience

As we started to touch on in last month’s blog post, year three is a magic number in the evaluation journey. The third year is when we see surface level issues, such as risk management, board meetings and agendas, and governance systems and processes, resolving or resolved and the real work beginning for deeper level improvements. This resulted in ongoing increases in the average board evaluation results in years four and five. Boards often describe themselves at this time as being more discerning, strategic, able to have the tough conversations and knowing what they don’t know at this point in their journey. 

Our last webinar touched on this as well, our panel of chairs and CEO’s spoke about how they are using governance data to inform their decisions and what their journeys have been like over the last three years. The big take away was that it isn’t about turning every answer of the evaluation into a green, it was about becoming more discerning in their answers and self-evaluations and finding the areas that still needed to be worked on and improved. They didn’t see it as bad thing to have areas to work on, rather a positive that they were mature enough to identify these areas. By taking this approach, the boards are building their own resilience. 

Developing governance capabilities and governance resilience seems to go hand in hand, however, you’ve got to be in it for the long haul to see this occur. It’s not just about evaluating once – you’ve got to work on the actions from your results, you’ve got to keep coming back and most of all, you’ve got to surround yourself with the best people to help you grow and succeed. 

In this month’s data driven governance insights we wanted to showcase examples of resilience that we’ve seen in our Governance Evaluator Crowd data. For each of the eight key corporate governance modules in our governance evaluation we’ve mapped out the average board answers over five evaluation years and separated these by sector. 

Our eight key corporate governance modules are Strategic Direction, Risk Management and Compliance, Finance, Governance Relations, Board Composition, Board Processes, Stakeholder Engagement and Continuous Review and Development. We have data from 10 of our sectors with 5 years of data for Health and Community, 4 years for Water Boards, 3 years for Aged Care, 2 years for Local Government and Waste and Resource Recovery Groups, and for interest, we have also included the following sectors who currently have one year of data so far to show their starting point for Education, Associations, Finance and Sport. Totalling over 480 evaluations with over 5,000 directors results contributing to our Governance Evaluator Crowd. 

As we can see from the above graph, for all except the last two modules, the 10 sectors all follow a similar path in their results, starting low but over the 5 years increasing. Sometimes this increase is drastic, like in Risk Management and Compliance where we see an average 23% increase in the answers given. In terms of our evaluation scale this would increase the average answers from a yellow to a solid green. Though sometimes the increase isn’t as drastic, like in Finance, where we only see an average increase of 12%, but an increase none the less. 

The results are showing for the first 6 modules that the answers are low in the first year, a small increase in the second and subsequent increases in the  fourth and fifth year and overall, the answers are clustered closely together. 

The interesting part of these results is the great variance in year three, all of the sectors see increases in some modules and decreases in others which would account for why in last month’s data insights we saw a plateau in the overall results for the third year. This is where we see growth in resilience, the boards are becoming more discerning in their answers, they’re having those difficult discussions that our webinar panellists spoke about. The great thing that we see though is after every dip in the average answers across those first six modules, we see a subsequent increase. What this is showing to us is that boards are taking the results from the last evaluation and acting on them. They are working to create an action plan to address the areas that need attention and then over the course of the year completing the areas that they set out for themselves. 

The last two modules are completely different, Stakeholder Engagement and Continuous Review and Development do not look similar to any of the other graphs, the sectors are not clustered together – there is a definite spread in the way that these sectors are answering these questions no two sectors were similar in their journey with these modules. 

Stakeholder Engagement and Continuous Review and Development were both identified as part of our analysis of 2019’s Benchmark data as two of the top five areas of risk. If you want to see where you’re sitting compared to our 2019 Benchmark data, take our 2-minute survey on Risk Management and Stakeholder Engagement for an instant comparison below. 

Read More
The importance of data led governance – The 3-year effect

The importance of data led governance – The 3-year effect

Join Fi Mercer, Alex Aeschlimann (Chair, Gippsland Southern Health Service), Maryanne Puli Vogels (Chair, Timboon and District Healthcare Service) & Ben Maw (CEO, Cohuna District Hospital) as they discuss how they have been leading a culture of continuous governance review and development. Listen as they discuss their experience of using governance evaluation data for decisions about what to focus on, that has helped improve their identified risks. Our panellists can speak to the magic that starts to occur after doing so for three years. 

 

Read More
Data Driven Governance Insights - Why is three the magic number?

Data Driven Governance Insights – Why is three the magic number?

Our Governance Evaluator Crowd Governance Data is a wonderful resource for evaluating, trending, and benchmarking data that delivers powerful insights into governance. 

What we are seeing is that ongoing evaluation produces consistently improving results, more specifically that year three is where the magic happens. Three being the magic number is of no surprise when you consider that in science one must do three experiments to validate results and prove they are replicable for them to be considered true and accurate. 

This month we’re excited to share with you our Governance Evaluator Crowd Governance Data to support our claim that three is the magic number in evaluation. 

Change in overall average answers to evaluation, over 5 years. 

Figure. 1 - Change in overall average answers to evaluation, over 5 years. 

This chart shows the change in average answers to the Governance Evaluator Board governance evaluations across five years, totalling over 480 individual Board governance evaluations by over 5,000 directors, councillors and executives. 

As shown above, those first few years really are about fixing surface level issues that are illustrated by the initial evaluation data. The turning point in the data is the third year, that is the year where the average answers start to increase. This is suggesting to us that those surface level issues are now resolved and the real work is beginning for deeper level improvement, resulting in average increases in years four and five. Boards often describe themselves as being more discerning and knowing what they don’t know at this point in their journey. 

Change in average answers to evaluation over evaluation years, over 5 years. 

Figure. 2 – Change in average answers to evaluation over evaluation years, over 5 years. 

This graph shows the change in average answers to the Governance Evaluator Board governance evaluations core governance modules across five years, totalling over 480 individual Board governance evaluations by over 5,000 directors, councillors and executives. 

In the above diagram, we have left out the sector specific modules to focus on the corporate governance areas that effect all boards from any sector. It is clear from our data the real magic appears to be delivered when boards have been engaged in evaluating, trending, and benchmarking their governance data for three years or more. 

We would describe the three-year journey of governance evaluation and resulting capability building as the following: 

Year 1: Often the lowest results, the evaluation creates a great starting point to identify what boards do not know. Interestingly we had always believed that the first year was one of the higher-ranking years as the directors didn’t know what they didn’t know and thought that they were doing quite well. This again highlights the power of consistently analysed data proving that an initial insight, based on anecdotal and individual evidence, was not necessarily correct for all Boards. 

Year 2: A higher result from the Board’s first evaluation as they have become more aware, knowing what they don’t know and have addressed the immediate opportunities that were identified. They describe this as a period of raised anxiety and have a real focus on their governance risk priorities, and the support and resources required. 

Year 3: More realistic results which are reflective of the true ‘state of affairs” as the board appears more discerning and developing a stronger focus on what’s required. The results show a plateau as we see no significant increase in ‘Yes’ answers but instead the results are largely consistent with the previous years. This would suggest that they are in the stage where they know what they don’t know and are now working on improving the deeper level issues. Boards often describe this as a true indication of having a culture of review and development and they understand governance is a journey. 

However, we can still see that even after five years there are still areas that need improvement and development – no one is perfect and we can see there is opportunity to improve, particularly their stakeholder engagement, induction process, succession planning, strategic oversight and insight, and lastly, their risk and tolerance appetite statement. 

Change in average answers to evaluation over evaluation years, over 5 years. 

Figure. 3 - Answer change to evaluation over evaluation years, over 5 years. 

This chart shows the movement in answers provided to the Governance Evaluator Board governance evaluations across five years, totalling over 480 individual Board governance evaluations by over 5,000 directors, councillors, and executives. 

Our graph above breaks down the aggerate answers to the overall evaluation based on our four answers: Yes, Yes but qualified, No and Unsure, across five years. What is interesting to observe over time with these graphs is in year one 40% of the overall answers are made up of Yes, but qualified, No’s and Unsure’ s. However, by the fifth year that is reduced to less than 20%. Evaluation highlights areas that need addressing and that consistent evaluation leads to meaningful and long-lasting positive change, with directors feeling assured that they can answer a full yes in areas that were previously an issue. 

What is making an even bigger impact on this three-year journey of awareness is the inclusion of the Individual Director Development and Skills Matrix evaluation. This is enabling boards to have an even broader view of their strengths and weaknesses at an individual and group level. Our data shows that evaluating the individual’s development and skills, as well as the whole board, provides an added dimension in identifying areas for concern and required education, which when acted on, contributes to the overall improvement of the board. 

Change in overall average answers to evaluation: 

Comparing Boards who complete the Skills Matrix and those who don’t 

Figure. 4 - Change in overall average answers to evaluation, comparing Board who complete the Skills Matrix and those who don’t 

This chart shows the change in average answers to the Governance Evaluator Board governance evaluations across five years comparing the boards answers based on whether they completed the Individual Director Development and Skills Matrix or not. Our results total over 480 individual Board governance evaluations by over 5,000 directors, councillors, and executives. 

At three years we see a clear separation in the results in boards who do and do not undertake the individual Director Development and Skills Matrix evaluation, with those who do having better overall results after 5 years. 

To talk about starting your evaluation journey and to see the impact of consistent evaluation on your Board contact our governance expert, Fi Mercer. 

Read More
Demystifying data driven decisions

Demystifying data driven decisions

Are you proactive when it comes to dealing with your governance issues and concerns? 

Join Fi Mercer, Dr Tegan Smith (CEO, OPAL Rheumatology), Adrian Wagner (IT Operations Manager, Governance Evaluator) & Ashley Blackburn (Data Analyst, Governance Evaluator) as they discuss why is data the crucial “other piece” for peace of mind, achieving the balance between intuitive and factual decision making and getting the right data. 

Read More
The Importance of Evaluation

The Importance of Evaluation

How to use evaluation to assure Board excellence 

Join Fi Mercer & Brendan Moore (General Manager, Member Services, Leading Age Services Australia) as they discuss how to use evaluation to assure Board excellence. 

No longer a question of whether to evaluate, but how will you evaluate – Fi & Brendan explore the many elements required for a strong and engaging governance evaluation process for your whole Board and individual Directors. 

Read More
The Importance of Induction

The Importance of Induction

Join Fi Mercer & Jo-Anne Moorfoot (Executive Director, Australian Centre for Healthcare Governance) as they discuss how to using induction to drive a culture of contribution. 

An effective induction program sets directors up for success – Fi & Jo-Anne explore the many elements required to support new directors to feel engaged and confident to contribute faster to minimise your governance risks. 

 

Read More
The Importance of Induction in Local Government

The Importance of Induction in Local Government

Driving a culture of contribution in Local Government 

Join Fi Mercer & Lisa Mahood (Director, Reltuc Consulting) as they discuss how to using induction to drive a culture of contribution in Local Government. 

An effective induction program sets directors up for success – Fi & Lisa explore the many elements required to support new councillors to feel engaged and confident to contribute faster to minimise your governance risks. 

 

Read More
Risk Management and Compliance identified as top five risk by boards in 2019

Risk Management and Compliance identified as top five risk by boards in 2019

The Governance Evaluator 2019 Benchmark Report analysed evaluations from 92 boards comprising of 777 members across a range of sectors, with Risk Management and Compliance being identified as one of the top five risks for boards. 

Boards noted their areas for capability building related to the following: 

  • understanding what the organisation’s top risks were and noted the need for being assured about these risks through insightful data-driven, trended and benchmarked reports 
  • the setting of a clear risk appetite statement relating to their strategy 
  • desire by all directors to know how to lead a culture of continuous review and development 

Directors stated that more training about Risk Management and gaining sector-specific knowledge and discussing the relevant associated risks were of high importance to them. 

There has never been a more important time to focus on having the right systems, processes and behaviours in place for assuring boards and directors of their governance risks. The revised ASX Corporate Governance Principles and Recommendations state that boards are to monitor the adequacy of their organisation’s risk management strategy, for both financial and non–financial risks. 

This includes ensuring risk strategies deal adequately with contemporary, emerging or unforeseen risks such as conduct risk, digital disruption, cybersecurity, privacy and data breaches, sustainability and climate change. 

One of the key roles of the board is to monitor the adequacy of the entity's risk management framework and satisfy itself that the entity is operating with due regard to the risk appetite set by the board. This is to instil and continually reinforce a culture across the organisation of acting lawfully, ethically and responsibly. 

Following are some effective strategies that Governance Evaluator has observed boards using to maintain their assurance for their governance risks: 

Leading a culture of continuous review and development from the top 

Following the recent Royal Commissions and Prudential enquiries, ASX revised their Corporate Governance Principles Guidelines and have increased focus on the following aimed at supporting a strong culture and governance: 

  • annual whole board and individual director governance capability assessments 
  • implementation and ongoing review of resulting board action plans and individual director development requirements 

 

Governance Evaluator has seen high growth in board and director evaluation and development programs and through this role modelling they are strengthening their culture for quality improvement across the organisation. This has been even more successful in the board’s that then utilised both group and individual director development action plans.  

Directors skills and capabilities for their governance risk oversight role: 

1. Understanding directors skills and experience before building governance risk oversight capabilities 

Over 50% of Governance Evaluator clients who undertake annual Board Evaluation also commenced a Director Development and Skills Matrix review culminating in Individual Director Induction and Development Plans. This resulted in:  

  • assisting directors to understand their attributes and gaps, therefore focusing on developing skills for having a high-level knowledge of the nuances and risks relating to the organisation they govern 
  • organisations developing relevant education plans 
  • quarterly development plan reporting in board papers generating important discussion and accountability 

2. Becoming an expert on the organisation’s top risks, not just a subject expert 

It is not possible as a director to simply become a subject expert in order to have the right capabilities for oversight of sector and organisation specific risks. Rather, Governance Evaluator clients who have developed these capabilities specifically in the organisation’s top risks have:  

  • included education about the organisation’s top risks as part of their director induction 
  • invited their executives/managers to explain to them what are the top issues that keep them awake at night and what have they done to address such risks 

Directors receiving the right information to be assured of their Governance Risks 

1. Building the capabilities of Board Sub Committees: 

As over 60% of directors reported not feeling assured for their governance risks it is also important to discuss how organisations have improved their risk reporting to the boards. Focus on building the capabilities of Board Sub Committees for providing governance risk assurance has been successfully achieved through the following:  

  • ensuring the structure, number and Terms of Reference of the committees reflect what’s required to support risk management and achievement of the organisation’s strategy 
  • ensuring the right directors are on the relevant committees based on their skills with the executives and other experts on the committees 
  • Sub Committees are reviewed annually and not afraid to discontinue if not required or serving purpose, and their structure is reviewed tri-annually in line with strategy 
  • organisational accreditation and legislative requirements, for example responding to Standard 8 in Single Aged Care Quality Framework, are addressed by committee/s 
  • all other organisational risks are divided across the committees 
  • Terms of Reference containing:  
    1. Clear purpose 
    2. Skills for leadership and membership 
    3. Identified risks to monitor 
    4. Reporting to the board via dashboards and recommendations 

2. Reducing the volume and increasing sophistication of board papers and agendas through investing in governance risk reporting dashboard

Boards have significantly improved their Board Agendas and Papers through reducing the volume of their reports and increasing the sophistication of their papers. A key element of this has been:  

  • creating risk reporting dashboards that come from the Board Sub Committees in relation to the risks they are tasked to have oversight for. This is more helpful for directors being assured than receiving just the minutes from the Board Sub Committees 
  • ensuring that reports are insightful, data-driven, trended, benchmarked and contain relevant commentary. 
  • ensuring the dashboards and reports are high level, reflecting the top risks and allow the directors to drill down into the detail if they wish or there is a red flag 

If you would like to talk to an expert for building your governance risk capabilities please book in for a free consultation with our governance expert, Fi Mercer.

Read More