By Marcus Allen
Director, Thamer James Ltd
Management Consultants
In recent years, governance has become an increasingly important topic for Boards, regulators and senior leadership teams. Organisations face growing expectations to demonstrate accountability, transparency, ethical behaviour and effective oversight.
Yet despite significant investment in governance structures, many organisations continue to experience governance failures during periods of operational disruption.
The question is why.
After all, governance frameworks often appear robust on paper. Organisations may have established Board committees, documented authorities, risk management processes, reporting mechanisms and assurance programmes.
However, when operational pressure arrives, those same governance structures can struggle to function effectively.
This is one of the key lessons that can be drawn from ISO 37000, the international guidance standard for the governance of organisations.
ISO 37000 encourages organisations to view governance not simply as a collection of policies and oversight arrangements, but as a dynamic system that supports organisational purpose, performance, accountability and long-term sustainability.
Importantly, the standard recognises that governance effectiveness is most visible during periods of challenge rather than stability.
Many organisations unknowingly design governance frameworks for predictable operating environments.
Meetings are scheduled.
Reports are prepared.
Decisions follow established approval routes.
Risks are reviewed periodically.
Under normal conditions, these arrangements can operate effectively.
Operational pressure changes the situation entirely.
Cyber attacks, major supplier failures, technology outages, regulatory investigations, health and safety incidents, reputational crises or sudden market disruption often require immediate decisions under conditions of uncertainty.
It is during these moments that weaknesses within governance arrangements become exposed.
Common issues include:
→ Delayed decision-making
→ Unclear accountability
→ Conflicting leadership priorities
→ Ineffective escalation arrangements
→ Fragmented communication
→ Poor visibility of operational impacts
→ Excessive dependence on key individuals
→ Slow recovery coordination
The disruption itself may not be the primary cause of organisational difficulty.
More often, it is the inability of governance arrangements to support effective decision-making under pressure.
ISO 37000 places significant emphasis on organisational purpose and value creation.
This is important because organisations can sometimes become overly focused on governance processes rather than governance outcomes.
Committees may meet regularly.
Reports may be produced consistently.
Policies may be reviewed annually.
Yet none of these activities automatically guarantee effective governance during disruption.
The real test is whether governance supports sound decisions when information is incomplete, risks are evolving rapidly and consequences are uncertain.
One area frequently overlooked is operational awareness.
Boards often receive strategic information, while operational realities remain several layers below formal governance structures.
This can create a disconnect between governance oversight and operational capability.
Leaders may believe risks are understood and controlled, while operational teams recognise vulnerabilities that have not been fully escalated or explored.
ISO 37000 encourages governing bodies to maintain sufficient insight into organisational realities to support informed decision-making.
Good governance should not be detached from operational conditions.
Another important lesson concerns accountability.
Under normal circumstances accountability structures often appear clear. Job descriptions exist, responsibilities are documented and reporting lines are understood.
During disruption, however, ambiguity can emerge quickly.
Who has authority to make urgent decisions?
Who communicates externally?
Who determines recovery priorities?
Who accepts operational risk?
If these questions have not been considered in advance, governance effectiveness can deteriorate rapidly.
ISO 37000 highlights accountability as a fundamental governance principle because accountability creates clarity during uncertainty.
Culture also plays a significant role.
Many governance failures are not caused by inadequate procedures but by organisational behaviours.
Employees may hesitate to escalate concerns.
Managers may avoid difficult conversations.
Information may become filtered as it moves through leadership layers.
Important warning signs may therefore be missed.
A healthy governance culture encourages transparency, challenge and timely escalation.
It enables organisations to identify emerging issues before they become major incidents.
Operational resilience provides another valuable lens through which governance should be viewed.
Organisations increasingly operate within complex ecosystems involving technology providers, outsourced services, supply chains and interconnected business processes.
Disruption within any part of that ecosystem can affect organisational performance.
ISO 37000 does not specifically prescribe resilience frameworks, but its principles strongly support resilience thinking.
Effective governance requires leaders to understand:
→ Critical services
→ Key dependencies
→ Recovery capabilities
→ Operational vulnerabilities
→ Stakeholder expectations
→ Strategic risks
Without this understanding, governance may become disconnected from the realities of organisational resilience.
Perhaps the most important lesson from ISO 37000 is that governance should be viewed as an enabler rather than a control mechanism alone.
Governance should help organisations achieve their purpose, adapt to change and remain sustainable over time.
This requires governance arrangements that are capable of functioning during uncertainty, not merely during periods of stability.
The strongest organisations recognise this.
They do not simply review governance annually.
They test decision-making.
They examine escalation pathways.
They challenge assumptions.
They conduct crisis exercises.
They assess leadership effectiveness under pressure.
Most importantly, they seek to understand whether governance remains operationally effective when normal conditions no longer exist.
At Thamer James Ltd, we frequently work with organisations seeking to strengthen governance, resilience and continuity arrangements. Experience consistently shows that governance frameworks are most effective when they are connected directly to operational realities rather than existing solely as compliance structures.
ISO 37000 provides valuable guidance in this area.
Its principles remind us that governance is not measured by the quality of documentation alone.
It is measured by the organisation's ability to make sound decisions, maintain accountability and achieve its purpose when faced with challenge and uncertainty.
Because ultimately, governance frameworks are not tested when everything is going well.
They are tested when pressure arrives.
Marcus Allen
Director | Thamer James Ltd
Management Consultants
Master’s Degree in Management Learning and Change – University of Bristol
Diploma in Governance, Risk and Compliance (GRC) – ICA
Member, BSI G/01 Governance Committee
Thamer James Ltd
Governance • Resilience • Business Continuity • Risk Management
#ISO37000 #Governance #CorporateGovernance #OperationalResilience #BusinessContinuity #RiskManagement #Leadership #BoardEffectiveness #GRC #GovernanceFrameworks #BusinessResilience #StrategicLeadership #OrganisationalResilience #Continuity #ThamerJamesLtd