You will never get it right the first time!
Hi! Today I want to talk a little more about setting a controls baseline, initial governance work. Almost immediately when we start taling aobut that, about having mandates, about having rules with consequences if they are not followed, the discussion jumps to finding the right policies. Finding the right rules. Making them perfect. Debating which rules are best.
I’ll let you in on a secret: that really doesn’t matter! It’s the wrong thing to focus on.
Improving over time always beats trying to start perfect
The thing you that you want to be building, the capability you want to be creating in the organization is the things around the rules. The ability to decide some rules, communicate those rules, detect when people aren’t following the rules, the fortitude to enforce consequences when the rules aren’t followed.
MOST important - a way to revise the rules. A process, a dignified way, an orderly way to take feedback.
To understand where the rules are not working, where they are not having the effect that you want, and to revise them. This is the most critical part that most small organizations don’t have yet - to be blunt most large organizations aren’t very good at it either.
This is governance
The process around having rules and revising rules is way more important than the rules themselves. The process will enable or inhibit future improvements, and control the rate at which you can improve.
Of course, having good rules is important too, and we’ll talk about that later.
The place to start is with having some sustainable human-friendly processes around your initial rules.