How to build a governance management system

The core purpose of an organization’s knowledge management — its system for creating, maintaining, and communicating the policies and procedures — is to provide employees with the information they need to do their work.

The objectives of the governance management system are:

  1. To ensure that the information provided is correct. If employees do their work according to the information, their actions will be consistent with applicable policies and compliance requirements.
  2. To ensure that the information is clear, simple, and short. There are always complexities in meeting a set of compliance requirements: ambiguities, contradictions, and duplications are common. The challenge is to identify and resolve these problems at management level so they are not passed down to end-user employees.

Governance system knowledge map

The steps set out below are one approach to building a governance management system to achieve these objectives. Each of these steps will be explained in more detail in a future newsletter.

Step 1. Define your governance objectives

Governance objectives are assertions that you want to be able to make about your organization, that define what you mean by ‘well-governed’. For example:

These objectives are the starting point and justification for your governance system: everything else within the system is there to achieve these objectives.

Step 2. Get the compliance requirements under control

Create a register of compliance requirements

A compliance requirement is any regulation, standard, or set of rules that guides or constrains how your organization operates and how its personnel should behave.

The register will include:

Assign accountability for each requirement

Nominate the position with accountability for each requirement, and define their responsibilities. These include:

  1. Determining what the organization must do to meet the requirement, such as: design or control of particular activities, employee awareness, and external reporting and filing.
  2. Managing third-party audits if required
  3. Determining how non-compliance will be detected and actioned.

Step 3. Get the policies under control

Policies exist to give effect to your compliance requirements. A policy may:

To get the policies under control:

  1. Create a rule for who may issue a policy: Board only? CEO? Any C-level manager?
  2. Establish a rationale for what policies you need. (Most organizations have too many.) Many governance objectives and compliance requirements need to be supported by a policy; but not necessarily a separate policy for each.
  3. Get all the policies in one place. There should not be the slightest doubt about what policies are in effect at any time.
  4. Make sure that the successive versions of each policy are accurately tracked. Policies are legal documents. In the event of an incident or litigation you may be required to produce every policy that was in effect at the time (which might well be a couple of years in the past). Such a demand should not be embarrassing.

Step 4. Chart the organization’s activities

Create activity charts or similar to define the processes used to achieve the organization’s performance objectives. The set of activities will form a hierarchy, from ‘run the organization’ (or the part of the organization you are governing) down to front-line operations. In each case:

Defining the activities is not a mammoth undertaking. This is not end-user documentation or work instructions, telling people how to do things. These are management statements of processes and sub-processes. The concern is only with the identification and control of those tasks within the structure of the organization’s activities as a whole.

And regardless of the scale of effort required, it’s essential. Governance means ensuring that your activities are consistent with your compliance requirements. You can’t do this unless the activities are defined.

The simplicity and clarity of your activity statements is an indicator of the quality of your organizational design. The individual tasks you carry out might be extremely complex; but how those tasks fit together should not be.

Step 5. Map the compliance requirements to the activities

For each compliance requirement, work through the detail to identify the activities to which the requirement is relevant and through which compliance is achieved. This might entail:

The first element of governance assurance is achieved when the people with accountability for the compliance requirements are satisfied that all relevant clauses in the compliance requirement are adequately addressed.

Step 6. Get the employee awareness under control

Collate the information required for each position

This information will comprise:

Divide the information into:

Define the information delivery methods

Specify how the the information will be provided to each position, such as knowledge items provided through induction and training, and reference items provided through a documentation delivery system. The specification should cover:

Reality check

The delivery of information to your front-line employees is the single most important component of your organization’s knowledge management. If this step fails, everything else is irrelevant.

You need to be confident that:

There have been several prosecutions in recent months, of organizations and executives personally, for failing on this point. The organizations had well-documented safety systems, but the information never made it to the employees who needed it. Apart from the financial penalties, those executives have deaths and injuries on their conscience.

The above steps might seem like a mountain of work, one of the awful management burdens: too hard to do, too important to skip. If you’re trying to manage your corporate knowledge as a collection of documents, it will indeed be challenging.

© Copyright Kesteven & Associates, 2023