Constitution Day’s lessons for corporate governance
The acronym, GRC, stands for governance, risk management, and compliance. Of the three, the one that gets the short shrift is governance. In the day-to-day business of managing risk and complying with regulations and standards, it’s easy to overlook the role of corporate governance.
It’s fitting we tackle this subject today. Tomorrow is Constitution Day. Two hundred and thirty-two years ago, America’s Founding Fathers signed the document that they created at the Constitutional Convention in Philadelphia on September 17, 1787.
The Constitution established America’s national government and fundamental laws, as well as guaranteed certain basic rights for its citizens. The Constitution’s enduring value is that it offers guidance that is specific but is also open to interpretation with an amendment process for changing. A lot has changed since 1787, but the Constitution—a living, breathing document—remains.
What can the Constitution teach your organization about corporate governance?
Active, ongoing governance
Courts, lawyers, lawmakers, scholars, and more continually refer to the Constitution for guidance. Case in point: the census. In early spring, there was a controversy about adding a citizenship question to the 2020 census and if it violated the “Enumeration Clause” of Article 1, Section 2 of the Constitution. The Supreme Court blocked the question from the 2020 Census but left the door open to a Constitution challenge.
What documents inside your organization can provide this type of active, ongoing governance? The corporate charter makes the company legal and legitimate, but papers are filed and forgotten. Mission and value statements can be visionary and inspiring. Still, how often are they referenced for guidance?
It’s standards, controls and policies that provide organizations with active, ongoing guidance. Standards like ISO 31000 provide principles, frameworks, and processes for managing risk. Entity-level controls that apply to the board and senior leadership make tone from the top more actionable. Policies articulate acceptable behavior and help lower the risk of incidents occurring.
Standards, controls, and policies become your governance toolbox and provide organizations with the active, ongoing governance typified by the Constitution.
Open to interpretation
The Constitution divides the government into three branches: legislative, executive, and judicial. This separation of powers provides checks and balances so that no single branch can overpower the other two.
For example, the legislative makes laws, but the executive branch, the President, has veto power. The judicial branch can declare a legislative or executive act in violation of the Constitution. It’s the Supreme Court that interprets the Constitution against the issues of the day. The 2020 Census is an example of this.
Similarly, your organization’s leadership can manage its issues of the day while relying on the guidance of the company’s governance documents. A leader, like the executive branch, can make decisions but is checked and balanced by a cadre that represents the judicial—the board, shareholders, activist customers, and public opinion. The cadre can influence decisions, just like the judicial branch. In essence they have veto power, compelling a leader to revisit decisions.
Regardless who does what, it’s the corporate governance that keeps the organization moving forward as it pursues strategic goals, and objectives.
Ability to change direction
The Founding Fathers offered a way to change the Constitution through an amendment process but made it difficult to change. Congress and 38 of 50 states must ratify the amendment for it to become part of the Constitution. The difficulty of amending the constitution preserves its governance framework, and the ability to change it ensures its continued relevance.
Organizations have an easier time changing direction by relying on their governance toolbox: standards, controls, and policies. You can adopt a new standard and adapt processes to meet new requirements. You can also update or create new controls and policies, especially after incidents, or due to management initiatives and regulatory changes. By taking a more active approach to how your organization manages controls and policies, you can navigate change and govern in a True North way. And since policies govern people’s behavior, it’s imperative to publish and promote new, updated, or frequently used policies. Policy adherence thrives on communication, training, and testing.
As we celebrate Constitution Day, not only recall the governance lessons provided by the Constitution, also consider the role of corporate governance in guiding your organization forward in the next decade and beyond. You have the tools to govern, to question, and to change direction, but it’s up to you.
“The Constitution doesn’t guarantee happiness, only the pursuit of it.” – Founding Father Ben Franklin
NSCC members face a new compliance requirement: cybersecurity confirmation. It sounds easy, complete a form, but risk is high. Here’s guidance.
Compliance departments are seriously challenged these days. As business swirls in response to COVID-19, compliance has taken a back seat. That can lead to trouble—violations, fines or both—due to missing deadlines. Management, in a questionable move, may ask compliance to do something taboo. Instead of reading a half empty glass post designed to help compliance deal with these challenges, they instead get a half full glass post that is brimming with optimism for compliance’s role during COVID-19.
COVID-19 has pushed several risk disciplines into the spotlight, including business continuity, third party risk, cybersecurity, and data privacy. We’ll explore each one and deliver advice and guidance.