an agile model for whole of organisation governance
1. An Agile view of the ‘Whole - of – Organisation’ Governance Framework
A two-stage /three level/ two-way representation
Grahame Flynn Dip.BA, FAICD, CGEIT (ISACA)
Whole-of-organisation governance is founded in the establishment of accountabilities, optimisation of resources toward objectives and in
assurance against risk. Risk management features in organisational processes across three levels: enterprise, change and operational. The
triangular overlay below is also indicative of the levels of roles and controls within the requisite organisation. The circle is representative of
workflow and of active decision making. An agile governance model requires consideration of change and of planned benefits return while
applying due diligence to the future …not just the past. Governance should always be dynamic …not static. Assurance from an agile perspective
should be a match for uncertainty …not just compliance.
1. Planning Model
Uncertainty
Plans/Budgets/Metrics Values/Beliefs
Responsibility Objectives
Authority
Processes
Corporate governance involves a set of relationships between a company’s management, its board, its shareholders and other stakeholders. It
also provides the structure through which the objectives of the company are set and the means of attaining those objectives and monitoring
performance are determined (OECD).
& Reporting Model
strategy
change
operations Resources
2. An Agile view of the ‘Whole - of – Organisation’ Governance Framework
A two-stage /three level/ two-way representation
Grahame Flynn Dip.BA, FAICD, CGEIT (ISACA)
2. Performance Management & Reporting Model
Regulations/Policies
Enterprise (or whole-of-organisation) governance is defined as the set of responsibilities and practices exercised by the board and the
executive management team with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are
managed appropriately and verifying that the organisation’s resources are used responsibly (IFAC & CIMA (UK)/COSO (US). The latter being a
subset of the first (corporate governance) and being more about ‘how’ rather than ‘what’ it does. The diagrammatic models highlight the need
for inclusion of external factors in the model as well as recognising the dynamic pull of ‘change’. Measuring of historical results is a model not
suited for the agile planning environment; nor an all-too-common lack of visibility of benefit delivery processes. Assurance is in keeping as a
monitor/hedge against uncertainty (good/bad). The models portrayed are inspired by a systems theory/cybernetics approach. Management of
compliance as an end in itself is seen as more suited to the industrial age …not for times where discontinuous change is the new norm.
Opportunities/Threats
Business Results/Environment/Behaviour/Resilience
Portfolio
& Benefit
Management
Compliance Assurance
Review
Reporting
Update &
Optimisation