An ISO Standard for Good Governance – Warning Sign or Pivotal Inflection Point?

ISO 37000/2021 is a relatively new international standard for the governance of organisations. The standard puts purpose at the heart of any and every organization, i.e. their (hopefully) meaningful reason to exist. Values inform both the purpose and the way the purpose is achieved.

The guidance set out is intended to help governing bodies (specifically: Board of Directors, or Executive Boards) clarify the purpose and values, ensure that strategy is aligned with this intent and ensure value is generated for all relevant stakeholders to strategically achieve purpose in line with the values. It is also intended for stakeholders involved in, or impacted by, the organization and its governance.

At least in theory the standard is applicable to all organizations regardless of type, size, location, structure or purpose.

The Standard defines ‘Governance of an Organisation’ as follows:

Human-based system by which an organisation is directed, overseen and held accountable for achieving its defined purpose.

ISO 37000/2021

Figure 1: Structural overview of ISO 37000/2021 (Source)
Figure 1: Structural overview of ISO 37000/2021 (Source)

The ISO37000/2021 standard hence is

  • A Guidance Standard for governance by providing principles for good governance practice.
  • Intended to help organisations establish effective governance systems, all while emphasizing value creation, risk management, and accountability
  • NOT intended for certification purposes
    → arguably hence the standard is a ‘management framework’ rather than a ‘been there, done that’ type of label. This of course aligns well with the fact that governance is an ongoing process that requires continuous attention, monitoring, and improvement.

In this capacity, it outlines key roles in an organisation’s governance, namely:

  • Governing Body – in corporate context typically the Board of Directors
  • Management
  • Stakeholders
  • Auditors
  • Regulators
  • Advisors – only if their advise is related to governance

… and proposes a clearly outlined governance framework:

Figure 2: ISO 37000/2021 Oversight System with its checks and balances (Source).
Figure 2: ISO 37000/2021 Oversight System with its checks and balances (Source).

Interestingly: This is an ISO standard that in the whole ESG discussion has largely flown under the radar – which is strange, given that a Board of Director’s fiduciary duty and duty of care has regularly been in the headlines in the last few years, and even been dragged into the courts for Climate Litigation purposes (see the following article collections: here and here).

ISO 37000/2021 is based on a governance model that puts an organisation’s purpose at the centre, and structures the influencing components on a strategic as well as operational level around it.

But – do we really need such a standard? And: what does its existence signal to the world?

The fact that it is the International Organisation for Standardisation, and any other lesser organisation, publishing the standard, voluntary and non-auditable as it may be, signals important aspects:

  • We have by now an understanding how good governance is supposed to look like.
    To an extent, that it can be fairly readily be codified.
    In other words: there exists something we could call a ‘global consensus on good governance’.
  • At the same time it has become much harder
    a) to practice good governance, as well as to
    b) separate the wheat from the chaff of who is, and who is not, committed to it.
    In other words: many talk about practising good governance, but it is hard to check, and arguably it is a lot less common than we think (or hope) it may be.
  • The market relevance of risk management, ethics etc is evident – and strongly linked to good governance.
    In other words: the link from bad governance to business failure is pretty thoroughly investigated by now, and warrants stringent oversight by the legislator and company stakeholders.
  • A framework such as this ISO standard, provides a unified measuring stick, which offers a base against which to compare, learn from, and scrutinize boards and companies.
    In other words: it is no longer about individuals’ or indeed a business schools preferred point of view. But it is a framework that is neutral, independent, and a (decently high) lowest common denominator for all.

Conclusion

To sum the above up: the relevance of good governance has become so evident, that it is no longer good enough to have numerous vastly disparate approaches as fundaments to build on.

It makes the governance job, notably in boards, possibly a lot less fun (read: ‘creative’) than it may have been in the past. But a lot more relevant for the long-term sustained existence of the companies in questions, and their respective stakeholders.

Annex: The ISO 37000 Series of standards for ethical governance or organisations

ISO 37000/2021 is the (generic) Governance Standard and part of an entire series of standards for the governance of organizations, with a particular focus on ethical governance. Each of the additional standards of the series is intended to address a defined issue, that reaches from general/generic to rather quit specific.

This series of published standards includes the following, with a significant number further standards still being under development:

  • ISO 37001: Anti-bribery management systems:
  • ISO 37002: Whistleblowing management systems:
  • ISO 37003: Guidance for the management of legal risk associated with bribery:
  • ISO 37004: Guidance for the monitoring and measuring of the implementation of an anti-bribery management system
  • ISO 37008: Internal investigations of organizations
  • ISO 37301: Compliance management systems