An Agile view of the ‘Whole - of – Organisation’ Governance Framework A two-stage /three level/ two-way representation

Grahame Flynn Dip.BA, FAICD, CGEIT (ISACA)

Whole-of-organisation governance is founded in the establishment of accountabilities, optimisation of resources toward objectives and in

assurance against risk. Risk management features in organisational processes across three levels: enterprise, change and operational. The

triangular overlay below is also indicative of the levels of roles and controls within the requisite organisation. The circle is representative of

workflow and of active decision making. An agile governance model requires consideration of change and of planned benefits return while

applying due diligence to the future …not just the past. Governance should always be dynamic …not static. Assurance from an agile perspective

should be a match for uncertainty …not just compliance.

1. Planning Model

Uncertainty

Plans/Budgets/Metrics Values/Beliefs

Responsibility Objectives

Authority

Processes

Corporate governance involves a set of relationships between a company’s management, its board, its shareholders and other stakeholders. It

also provides the structure through which the objectives of the company are set and the means of attaining those objectives and monitoring

performance are determined (OECD).

& Reporting Model

strategy

change

operations Resources

An Agile view of the ‘Whole - of – Organisation’ Governance Framework A two-stage /three level/ two-way representation

Grahame Flynn Dip.BA, FAICD, CGEIT (ISACA)

2. Performance Management & Reporting Model

Regulations/Policies

Enterprise (or whole-of-organisation) governance is defined as the set of responsibilities and practices exercised by the board and the

executive management team with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are

managed appropriately and verifying that the organisation’s resources are used responsibly (IFAC & CIMA (UK)/COSO (US). The latter being a

subset of the first (corporate governance) and being more about ‘how’ rather than ‘what’ it does. The diagrammatic models highlight the need

for inclusion of external factors in the model as well as recognising the dynamic pull of ‘change’. Measuring of historical results is a model not

suited for the agile planning environment; nor an all-too-common lack of visibility of benefit delivery processes. Assurance is in keeping as a

monitor/hedge against uncertainty (good/bad). The models portrayed are inspired by a systems theory/cybernetics approach. Management of

compliance as an end in itself is seen as more suited to the industrial age …not for times where discontinuous change is the new norm.

Opportunities/Threats

Business Results/Environment/Behaviour/Resilience

Portfolio & Benefit Management

Compliance Assurance

Review

Reporting Update &

Optimisation