Whole of Organisation Governance Breaks the F2F-Cycle
11/12/2019 3:47 PM
WHOLE OF ORGANISATION GOVERNANCE BREAKS THE F2F-CYCLE
What is the F2F-Cycle?
What has emerged without fanfare is the F2F-Cycle. The F2F-Cycle refers to an organisation’s “Fatigue to Failure governance cycle”. It is weighing heavily on the practice of governance. Unfortunately, it is afflicting many organisations.
In order to avoid governance fatigue, organisations need to better recognise the dangers of single-issue management. Organisations which operate with a whole of organisation governance approach understand.
As we move towards 2020, it is becoming easier to identify more and more examples of single-issue management. One such example is privacy / use of personal data.
Indeed, single issues can start out quite innocently. It may be a focus and/or response to a new or proposed government policy or new regulation.
What happens next though, is crucial.
The Pop-Up Industry Phenomenon
Often, when there has been a change in government policy or new regulation, we can expect a pop-up industry to emerge. These pop-up industries seem to take hold quickly also. Then we observe their exponential growth. Above all, they seem to manage to create their own energy and messaging. Somehow, even within a crowded advisory marketplace, they find enough oxygen to flourish.
While this may not be remarkable, it is surprising that no-one has stopped to ask – are these pop-up industries successful in delivering the solution that they promised?
Compliance Fatigue on Governance and Performance
Organisations need to recognise the governance fatigue felt amongst staff. It is a serious issue affecting governance practitioners, and in turn senior executives and directors.
Let’s use GDPR compliance as an example.
Steven Snaith, Technology Risk Assurance Partner at RSM, was quoted in an article written by Steve Randall in the Australasian Lawyer Magazine (27 July 2019). The title of the article was – “One year after GDPR came into effect many firms are non-compliant”.
Randall commented “a new survey has found that even in the EU itself, 30% of companies don’t believe they are compliant with the rules and 13% are not sure.”
Snaith said “With so much pressure on organisations to meet complex requirements, we saw GDPR fatigue setting in last year. Middle market businesses were overwhelmed by information from the press, industry bodies and stakeholders. Many organisations simply gave up and reverted back to the old way of doing things”.
Not all Doom and Gloom
Interestingly, this outcome exists despite clear evidence that “GDPR-compliant organisations also point to benefits behind the scenes, with around four in five of those surveyed of the opinion that being compliant with data protection regulation has helped improve IT systems and cybersecurity practices throughout the organisation.”
The report further commented that “Organisations need to promote a data protection and privacy mindset among employees and integrate advanced technologies to boost data discovery, data management, data quality, cybersecurity, and information security efficiencies”.
Firms that take these actions proactively – and view data protection and privacy regulation as an opportunity – will secure a significant competitive advantage. (See article by Danny Palmer published September 26, 2019 in ZDNet.)
Recognising Signs of Governance Fatigue
Organisations are the target of frequent, and potentially significant, new and more complicated regulatory compliance issues. It is therefore no wonder that this compliance challenge has created organisational governance fatigue.
The directors and leadership group need to better understand the cause and effect of compliance fatigue on staff and governance performance. This understanding leads to insights into how a whole of organisation governance framework can prevent fatigue. Only then can we take the right steps to improve compliance and organisational business performance.
What is our understanding of governance fatigue?
Governance fatigue could be described as a state of perceived weariness that can result from the prolonged working on ambiguous, fuzzy objectives, confusing tasks, non-aligned activities, uncertain targets, and blurred value creation outcomes.
We can spot elements of this governance fatigue where there is:
- endless change of regulatory goalposts
- viewing of compliance as an end in itself
- compliance directly contribute to reduced ability to perform work effectively
- loss of apparent connectedness with real-world work experiences
- establishment of barriers to processing of information
- elongation of actions and decision-making
- the regulatory body appearing to lack empathy with the person who executes the compliance
- apathy as regulators lose credibility
In addition, governance fatigue can reveal itself in instances of increases in the likelihood of errors, and may even negatively impact business performance, across such tasks as:
- flagging of occurrences
- awareness generally
- decision making confidence
- appreciation of patterns
- fast reaction time
- recording of instances
Negative Effects of Governance Fatigue
The nature of this fatigue is likely to be a significant contributory cause of governance failures in organisations. This fatigue can be described as the “hidden limits” on the effectiveness of governance.
In essence, the focus on regulations and hard compliance shifts our attention away from behavioural and business performance objectives. It distorts the governance operations within a whole of organisation framework. It also causes an unnecessary emphasis on systematic and procedural activities. Too often, to the detriment of positive business performance.
Despite consistent and increasing evidence to the contrary, too many stakeholders, governments included, continue to assume that hard compliance can deliver desirable governance objectives. It is readily identifiable that a governance framework with a bias to controls at an individual, job and organisational level, is unlikely to deliver success.
Change is Nigh
Given work is changing, why is it not a requirement that compliance itself needs to be changed for success to occur? It is not the sheer volume of compliance activities that counts, but whether those activities achieve the desired outcome.
And we can again use the GDPR compliance example to illustrate this point. In fact, let the consumers have the final say on whether compliance is at the core of their concerns:
“No matter how great their products or services, 83 percent of consumers say they would stop working with a firm if they discovered their information has been shared without their consent.
According to the research, it is not just a matter of how consumer data is protected — customers also expect businesses to maintain clear guidelines on how information belonging to them is used.
In total, 60 percent of consumers said that organizations play a “great deal” of a role in creating clear, understandable guidelines, more so than the same expectations of the government, third-parties, or watchdog groups.”
Charlie Osborne reported the above finding in an article for Zero Day in September 12, 2019. The article’s topic was “Most consumers will refuse to work with enterprises that won’t keep their data secure”.
The Consumer’s Voice
In other words, there may be a twist in all of this. Instead of ignoring compliance at your peril, the message is one of ignoring the interest of the consumer at the ultimate peril of your business’ performance and sustainability.
The first thing is to avoid simply reacting to a single issue or change in isolation. This is highly likely to simply generate fuzzy activities. It will then feed into the F2F-Cycle. Rather, adopt a whole of organisation governance perspective and break the F2F-Cycle for good.
DISCLAIMER: This article is general ONLY in nature and is not advice
For more information contact Damien Smith on firstname.lastname@example.org or 0418 325 781.