Blog

Posted on

What is Good Governance?

gray scale photo of gears

So…what do we mean by “Good Governance”, and what does it look like?

If you think “government” you wouldn’t be far wrong, after all, in most jurisdictions, government is the ultimate source of control.  Yet this extends to any grouping or association where some form of hierarchy and the necessity for decision-making exists, be it an educational establishment, charitable institution, or business venture.

Governance is the system of oversight.

Corporate Governance refers to the process by which an organisation is managed.  Good governance means an organisation is managed legally, transparently and ethically – taking a broader view than the traditional singular focus on profitability.  In other words, that it is appropriately governed.

How Did it Begin?

A long, long time ago (okay, in 1992), a report was commissioned by the UK government triggered by the very public collapse of several large corporations, such as the Polly Peck consortium and the pension scandal of the Maxwell Group.  These failures to practice good governance damaged the credibility of UK financial institutions leaving shareholders mistrustful.  A Committee was tasked with scrutinising the practices of these large organisations, particularly concerning their financial reporting processes and the accountability (or lack thereof) of their Directors.

What is now commonly referred to as The Cadbury Report, a well-respected wake-up call for UK business management.  One of its recommendations was the establishment of a Code of Best Practice, which applied initially to companies listed on the London Stock Exchange.  Where they failed to comply with that Code, justification and thorough explanation was demanded.

Corporate governance has continued to evolve since the foundations established by the Cadbury Report in the early nineties.  In fact, there have been over a dozen committees and reviews charged with producing Codes, reports and guidance around internal controls, Board effectiveness, risk management and assurance.

Governance Today

The current provision is the UK Corporate Governance Code, which the FRC (Financial Reporting Council) states, ‘places greater emphasis on relationships between companies, shareholders and stakeholders. It also promotes the importance of establishing a corporate culture that is aligned with the company purpose, business strategy, promotes integrity and values diversity.’

Shareholder confidence remains strong even during times of uncertainly, they retain their shares in consideration of historic stability which implies endurance and longevity.
Customers and clients maintain loyal to a brand when its values and wider approach to environmental and social issues align with their own practices and beliefs.
Competitive advantage is gained through greater access to investment, as lenders and venture capitalists take assurance from the knowledge that management is effectively held to account when making decisions that impact the future of the company.

Governance for All

So, you may be wondering, where’s the relevance if you’re not about to float your company on the Stock Exchange?  To this, all I can say is: Great oaks from little acorns grow.  Think about it…

No organisation is too small to embed good governance practices.  It is something to consider and start implementing from Day 1:  whilst your considering what to name your business and perusing colour themes for your branding – before you open your business bank account!  What is your vision?  Your mission?  Plan your strategy: how will you get there? 

What regulations and legal obligations must you adhere to, to establish credibility and give yourself every opportunity for success.

We live in age that places more and more emphasis on doing the right thing as well as performing well, whether you’re a FTSE 100 company or a non-for-profit charity.

Establishing systems of good governance means much more than a box-ticking exercise, and it’s never too late to start introducing these systems.  Think of it as that little acorn that you nurture and encourage.  Over time, as your organisation develops/grows/expands and increases in complexity, its systems of governance will grow alongside you, taller and broader as the regulatory environment you must operate within continuously diversifies and evolves.  That canopy of branches can protect you and your business from a plethora of non-compliance issues, from minor reprimands and penalties to fines that could literally force your business to close.

The Four Pillars

Whilst there remains no specific definition of governance, the four concepts in the below graphic are agreed as guiding pillars of “good governance” worldwide:

The cyclical arrangement illustrates the eternal revolving system of good governance – the practice itself must be regularly reviewed to gauge its overall effectiveness, compliance to changing legislation and alignment to best practice.

If it were to have a start and end point, this would be People.  A robust governance regime must be implemented from the top down

It is the embedding of a culture which requires the buy-in and participation of all members of an organisation.

In Conclusion

Governance isn’t just concerned with things getting “done”.  Its focus is that things are done PROPERLY…embracing the principles of accountability, transparency, fairness & responsibility.  It’s not a parallel track that runs alongside day-to-day business management: it is the track itself.  It’s fundamental: it can determine whether your business is a success or, in the long run, a failure.

Posted on

Data Protection – The Basics

As we’re all aware, the General Data Protection Regulation (GDPR) came into effect on 25th May 2018, together with the Data Protection Act (DPA) 2018.  

This was replaced by the UK GDPR on 1 January 2021, following the end of the Brexit transition period.  This, together with the updated DPA 2018, forms the legal framework for the UK’s data protection regime.

This legislation was updated after nearly 20 years to catch-up with advances in technology and also reflect the fact that the vast majority of us are regularly sharing a great deal of personal information online. We now have enhanced rights in terms of both accessing this information and understanding what is being done with it… whilst organisations have a greater obligation to ensure our information is protected.

When it comes down to compliance, both pieces of legislation must be read alongside one another to gain the full picture.  The GDPR contains the principles that must be adhered to by all organisations who process the personal data of citizens of the European Union, while the DPA2018 details how these principles are incorporated into UK legislation.  Additionally, the DPA fills in the gaps concerning areas that are outside the scope of the GDPR, such as data processing activities performed by law enforcement or intelligence services, and the role of our regulator – the Information Commissioner’s Office (ICO).

How does this impact my business?

Well, there are several factors to be considered, such as your core activities and the number of individuals you employ; but ultimately, if you have a website there likely already exists a legal requirement for compliance.   

…noticed the “Cookies banner” that pops up on most websites nowadays..?  Although only mentioned once in the GDPR, Recital 30 states:

Natural persons may be associated with online identifiers […] such as internet protocol addresses, cookie identifiers or other identifiers […].

Cookies are essentially small data files stored on your device by websites for various purposes and lengths of time.  As a business owner, you are likely using cookies for analytical reasons to gain an understanding of traffic to your website and how users navigate around the web pages.  Additionally, they have practical uses such as remembering a user’s log-in details so that they don’t have to re-enter their password on each visit, present them with more relevant adverts and saving selected preferences to improve the general user-experience.

If you want to know which cookies are in use, just right-click the padlock icon that appears left of the website address in your browser.

Essentially, the remit of the GDPR and DPA2018 is “… Personally identifying or identified information of a natural person” i.e. any piece of data that discloses the identity  of a living person (deceased individuals do not fall within the remit of these laws). I.P addresses and the information collected by cookies are considered personally identifiable information, as these are unique to you and your device.

ALL websites who offer a subscription or ask a user to enter ANY personal information into a form are legally required to seek consent through acceptance (or refusal) via these cookie banners.  Additionally, your website should have a Cookie Policy separate to its existing Privacy Policy  – combining the two is no longer considered adequate.