Governance and Assurance


We define Governance as “the processes, customs, interactions, policies, procedures and practices used by staff and stakeholders in the way the organisation is directed, administered and controlled”. This definition is effective at a corporate level and looks at how:

  • Processes are structured (or excluded, especially when tailoring)
  • Decision making is taken, ensured or embedded
  • Evidence to support such decision making is collected, processed, digested and used
  • Oversight of such decision making is carried out, if any
  • Risks are identified, analysed, prioritised, ranked for severity, response strategies structured, the risks managed and handling reviewed
  • Learning is recognised, captured, stored, made available and secured

Corporate governance refers to the system by which the organisation has a focus on how it is directed and controlled.

Corporate governance involves oversight in areas where owners, stakeholders and members of Boards of Directors, may have conflicts of interest.

These areas include the election of directors, the general supervision of CEO pay and more focused supervision of director pay.

At the level of Enterprise Change Governance is performed by the Enterprise Change Director and his team. The Enterprise Change Director structures and embeds Governance at this Enterprise Change level, and this is cascaded down to the portfolio, programme and project levels, as is appropriate.

Decision making is delegated to the lowest level of decision maker and effectiveness, as far as possible. This makes decision making an accountability and when understood, it is a responsibility to be performed.

The range of authority is also devolved down to the lowest practical level. In the change context, this translates to management by exception and the imposition of controls which are understood by both parties, or each party in the case of multiple parties.


Decision making is required to be carried out at all levels of the organisation and has to be underpinned by robust and reliable data. The decision-makers have to be confident in the integrity of the data, they are analyzing and acting on.

Their confidence in the integrity of the data is built on their knowledge of the source of the data, the quality and range of data, and from the results of independent assurance activities.

Assurance activities are there to observe in an independent capacity and assess performance in different areas of the business. Assurance is defined as “the provision of a positive declaration intended to build confidence through objective, proportionate and effective assurance activities”. In some cases this may have to be done through an audit function.

The results obtained from the assurance activities will provide information on whether those activities have been correctly applied or followed. This enables a picture to be built up, of whether the plan is effective, being followed, or if changes are necessary.

Leave a Reply

Your email address will not be published. Required fields are marked *

Join our mailing list to receive tips, resources, and special offers!

Error: Contact form not found.