Skip to main content

As regulatory changes become more numerous and more complex, governance fatigue begins to set in. Discover how to avoid the Fatigue to Failure Cycle

What is it?

An organisation’s “Fatigue to Failure governance cycle” is weighing heavily on the practice of governance. Unfortunately, it is afflicting many organisations.
In order to avoid governance fatigue, organisations need to better recognise the dangers of single-issue management. Organisations which operate with a whole of organisation governance approach are able to avoid these pitfalls.

As we near the end of 2020, it is becoming easier to identify more and more examples of single-issue management. One such example is privacy / use of personal data.
Indeed, single issues can start out quite innocently. It may be a focus and/or response to a new or proposed government policy or new regulation.

What happens next though, is crucial.

The Pop-Up Advisory Industry Phenomenon

Often, when there has been a change in government policy or new regulation, we can expect a pop-up advisory industry to emerge. These pop-ups seem to take hold quickly. Then we observe their exponential growth.  Above all, they seem to manage to create their own energy and messaging. Somehow, even within a crowded advisory marketplace, they find enough oxygen to flourish.

While this may not be remarkable, it is surprising that no-one has stopped to ask – are these pop-up industries successful in delivering the solution that they promised?

Compliance Fatigue on Governance and Performance

Organisations need to recognise the governance fatigue felt amongst staff. It is a serious issue affecting governance practitioners, and in turn senior executives and directors. Let’s use General Data Protection Regulation (GDPR) compliance as an example.

Steven Snaith, Technology Risk Assurance Partner at RSM, was quoted in an article written by Steve Randall in the Australasian Lawyer Magazine (27 July 2019). The title of the article was – “One year after GDPR came into effect many firms are non-compliant”.

Randall commented “a new survey has found that even in the EU itself, 30% of companies don’t believe they are compliant with the rules and 13% are not sure.”

Snaith said “With so much pressure on organisations to meet complex requirements, we saw GDPR fatigue setting in last year. Middle market businesses were overwhelmed by information from the press, industry bodies and stakeholders. Many organisations simply gave up and reverted back to the old way of doing things”.

Steven Snaith, Technology Risk Assurance Partner at RSM

Not all Doom and Gloom

Interestingly, this outcome exists despite clear evidence that “GDPR-compliant organisations also point to benefits behind the scenes, with around four in five of those surveyed of the opinion that being compliant with data protection regulation has helped improve IT systems and cybersecurity practices throughout the organisation.”

The report further commented that “Organisations need to promote a data protection and privacy mindset among employees and integrate advanced technologies to boost data discovery, data management, data quality, cybersecurity, and information security efficiencies”.

Firms that take these actions proactively – and view data protection and privacy regulation as an opportunity – will secure a significant competitive advantage. (See article by Danny Palmer published September 26, 2019 in ZDNet.)

Recognising the Signs of Governance Fatigue

Governance fatigue could be described as a state of perceived weariness that can result from the prolonged working on ambiguous, fuzzy objectives, confusing tasks, non-aligned activities, uncertain targets, and blurred value creation outcomes.

The directors and leadership group need to better understand the cause and effect of compliance fatigue on staff and governance performance. This understanding leads to insights into how a whole of organisation governance framework can prevent fatigue. Only then can we take the right steps to improve compliance and organisational business performance.

Governance fatigue could be described as a state of perceived weariness that can result from the prolonged working on ambiguous, fuzzy objectives, confusing tasks, non-aligned activities, uncertain targets, and blurred value creation outcomes.

We can spot elements of this governance fatigue where there is:

  • endless change of regulatory goalposts
  • viewing of compliance as an end in itself
  • compliance directly contribute to reduced ability to perform work effectively
  • loss of apparent connectedness with real-world work experiences
  • establishment of barriers to processing of information
  • elongation of actions and decision-making
  • the regulatory body appearing to lack empathy with the person who executes the compliance
  • apathy as regulators lose credibility

In addition, governance fatigue can reveal itself in instances of increases in the likelihood of errors, and may even negatively impact business performance.

This can be witnessed across such tasks as:

  • decision making confidence
  • appreciation of patterns
  • reaction times
  • recording of incidences
  • monitoring
  • flagging of occurrences
  • awareness generally

Negative Effects of Governance Fatigue

The nature of this fatigue is likely to be a significant contributory cause of governance failures in organisations. This fatigue can be described as the “hidden limits” on the effectiveness of governance.

Despite consistent and increasing evidence to the contrary, too many stakeholders, governments included, continue to assume that hard compliance can deliver desirable governance objectives. It is readily identifiable that a governance framework with a bias to controls at an individual, job and organisational level, is unlikely to deliver success.

In essence, the focus on regulations and hard compliance shifts our attention away from behavioural and business performance objectives. It distorts the governance operations within a whole of organisation framework. It also causes an unnecessary emphasis on systematic and procedural activities. Too often, to the detriment of positive business performance.

Change is Nigh

Given work is changing, why is it not a requirement that compliance itself needs to be changed for success to occur? It is not the sheer volume of compliance activities that counts, but whether those activities achieve the desired outcome.

We can again use the GDPR compliance example to illustrate this point. In fact, let the consumers have the final say on whether compliance is at the core of their concerns:

“No matter how great their products or services, 83 percent of consumers say they would stop working with a firm if they discovered their information has been shared without their consent.

According to the research, it is not just a matter of how consumer data is protected — customers also expect businesses to maintain clear guidelines on how information belonging to them is used. In total, 60 percent of consumers said that organizations play a “great deal” of a role in creating clear, understandable guidelines, more so than the same expectations of the government, third-parties, or watchdog groups.”

Charlie Osborne reported the above finding in an article for Zero Day in September 12, 2019. The article’s topic was “Most consumers will refuse to work with enterprises that won’t keep their data secure”.

The Consumer’s Voice

In other words, there may be a twist in all of this. Instead of ignoring compliance at your peril, the message is one of ignoring the interest of the consumer at the ultimate peril of your business’ performance and sustainability.

The first thing is to avoid simply reacting to a single issue or regulatory/compliance change in isolation. This is highly likely to simply generate fuzzy activities. It will then feed into the Fatigue to Failure Cycle. Rather, adopt a whole of organisation governance perspective and break the Fatigue to Failure Cycle for good.

DISCLAIMER: This article is general only in nature and is not advice
For more information contact Damien Smith on smithdj@enterprisecare.com.au or 0418 325 781.