Better governance

Regulatory compliance is challenging and expensive, and getting harder every year.

Phrontex makes it easier.


This is the Phrontex approach to creating a governance management system:

Step 1

Create the knowledge map

The knowledge map defines the core elements of your governance system. Effective governance relies on each of these being under control. In traditional documentation, these elements tend to get bundled together in composite documents.

It makes life much easier to manage these elements separately: each is a short, simple statement with explicit accountability and a precise objective.


Governance system knowledge map

Step 2

Define your governance objectives

Phrontex screen shot: Governance objectives

Articulate what you want ‘well-governed’ to mean for your organization. This might be a short list of statements like

  • Our activities are legal.
  • Our activities are safe.
  • We are aware of and comply with all our obligations.
  • We have a competent and enduring workforce.
  • ...

The purpose of the governance management system is to for the directors and officers to be confident that you can prove that the statements are true.

Step 3

Create a register of compliance requirements

Phrontex screen shot: Compliance requirements

A compliance requirement is any formal statement that affects how the organization operates and how its personnel behave.

Your set of requirements will typically include:

  • Regulatory requirements applicable to your industry and jurisdiction
  • Commercial imperatives such as accreditations, professional standards, and listing rules
  • Standards such as ISO 14001 or ISO 9001, that you choose to comply with as a matter of principle or as a marketing necessity
  • Standards needed to meet community expectations or your social license to operate

Step 4

Get the policies under control

Phrontex screen shot: Policies

Policies exist to give effect to your compliance requirements. A policy may:

  • Provide guidance on, or set rules for, particular kinds of decision-making.
  • Authorize employees to take action outside the normal hierarchy of authority (for example, to authorize any employee to stop an activity if they think it unsafe).
  • Set performance criteria for particular classes of activity.

To get the policies under control:

  1. Create a rule for who may issue a policy: Board only? CEO? Any C-level manager?
  2. Establish a rationale for what policies you need. (Most organizations have too many.) Many governance objectives and compliance requirements need to be supported by a policy; but not necessarily a separate policy for each.
  3. Get all the policies in one place. There should not be the slightest doubt about what policies are in effect at any time.
  4. Make sure that the successive versions of each policy are accurately tracked. Policies are legal documents. In the event of an incident or litigation you may be required to produce every policy that was in effect at the time (which might well be a couple of years in the past). Such a demand should not be embarrassing.

Step 5

Chart the activities

Phrontex screen shot: Activities

Create activity charts or similar to define the processes your organization uses to achieve its performance objectives. The set of activities will form a hierarchy, from ‘run the organization’ (or the part of the organization you are governing) down to front-line operations.

In each case:

  • What is the objective?
  • What are the inputs and outputs?
  • Who is accountable?
  • Who is involved?

Defining the activities is not a mammoth undertaking. This is not end-user documentation or work instructions, telling people how to do things. These are management statements of processes and sub-processes. The concern is only with the identification and control of these processes within the structure of the organization’s activities as a whole.

And regardless of the scale of effort required, it’s essential. You can’t prove that your activities are well governed if they’re not well defined.

The simplicity and clarity of your activity statements is an indicator of the quality of your organizational design. The individual tasks you carry out might be extremely complex; but how those tasks fit together should not be.

Step 6

Define the required knowledge

Phrontex screen shot: Required knowledge

The content provided to your employees is of two types:

  1. Reference information that people may need to look at while they are working.
  2. Required knowledge that people must have in order to be working at all.

Required knowledge might include the code of conduct, emergency and safety procedures, and customer service standards; and some ISO standards stipulate a level of awareness for some or all employees.

Most organizations have a training and induction process to address this. For governance purposes, you need to be confident that:

  • The required knowledge includes everything it should. Does it address all the compliance requirements?
  • The amount of required knowledge is within the capacity of employees to understand and retain.

Next steps…

  • Call or email us now, to arrange a demonstration or free trial.
  • View our calendar to schedule an online discussion and presentation.

© Copyright Kesteven & Associates, 2023