Governance lessons

Ross Woods, 2022-23

In the recent past, I’ve seen a series of inquiries into major public organizations. Here's what I learned …

Community organizations normally start as small, highly-motivated groups of friends. While the organization is still small, many board members are operational personel and the board actually oversees itself. Besides, some board members might be related.

Eventually, however, it must change when it gets bigger. Services must become more professionalized, such as clear policies and procedures, documentation, compliance systems, and evidence-based practices. It probably needs to liaise with other bodies in the industry. If it didn't need a license to commence operations, it might need one later on, along with accountability to a government authority for compliance and periodic audits. Individuals might need formal qualifications and licenses. The more it interacts with government, the easier it becomes to fail to meet legal obligations.

The board must also change. It must become independent of operations so that it has oversight. The kind of people on the board also needs to change. The board needs to minimize the number of family members so that nepotism does not compromise its governance role. The board needs to be able to recruit people who can present independent views; they should be able to work with others and support the organization, but are not “yes-men.” As the board grows, it needs more specialist expertise, although the mix tends to vary. If it doesn't have it among board members, it will probably need access to specialist advice in accounting, legal services, and licensing requirements.

Rather than describe good behavior, it is easier to say what can go wrong:

  1. Some organizations do not make these changes. The same qualities that made the new, small organization successful become toxic in a mature organization.
  2. If anything goes wrong, the board cannot say “We didn’t know.” It is not responsible governance. Board members have a right to be informed in as much detail as they feel they need, which means not just getting full reports from the CEO and CFO, but also through an internal auditor if they choose. The CEO’s oral reports at board meetings are not enough for the board to show due diligence. It needs adequate detail, to be put in writing, and to be sent to board members well ahead of board meetings.
  3. Some board members don’t attend meetings, and some board meetings are too brief for the board to fulfill its responsibilities.
  4. The CEO must be accountable to the board, which must show oversight of the CEO. However, in some cases, the CEO controls the board, and the board has not fulfilled its duty. Some boards act as merely support teams for the CEO, and some board chairpersons have misplaced trust in the CEO.
  5. Some boards are not very responsible either. They want the right to “hire and fire” on a whim.
  6. The board is responsible for organizational culture, even though “culture” is hard to define definitively. Nevertheless, culture has been the cause of various problems, such as bullying, sexual harassment, and unspoken intimidation in a way that prevents people from making complaints. Culture also includes the attitude to rules, such as taking short-cuts or breaking, bending, or ignoring them altogether.

Complaints

Everybody needs to be free to make complaints, because an undercurrent of unresolved dissatisfaction can result in catastrophic problems later on. Complaints need to be handled independently, so that residents do not have to submit complaints to persons when the complaint might be about the person who handles the complaint.

Financial audits

The report of a financial auditor normally satisfies legal requirements, but it might not mean what board members think it does. A clear audit report does not necessarily indicate a completely clean bill of financial health, and the board still holds responsiblity for its financial management.

Many audit reports simply trace the path from source documents (invoices, bank records, etc.) to final reports (balance sheet, profit and loss statement). If a sample is satisfactory, the audit is usually finished, and the auditor issues their report. If the report is qualified, it is only for the auditors to cover themselves; for example, it states the purpose of the audit, the documents covered, and the nature of the organization. (The audit of a non-profit is different from the audit of a public company.) If the sample is not satisfactory, they check all source documents. If it is still not satisfactory, the report also mentions the problems they found.

However, they only check for items that are included in their brief. However, it might no include other kinds of problems, such as conflicts of interests, value for money, contractual compliance, financial risk, governance. Moreover, the auditor might not know if an employee withholds some documents from the auditor or provides the auditor with falsified documents.