Governing an organization is a process of setting a target for the organization to head, and then codifying the way decisions get made to keep the organization headed that direction. Policy governance was first developed by John Carver in the 1970’s and sets out ten principles that when strictly followed allow an organization to claim pure policy governance. The reality is that history and external factors make a pure implementation difficult. Some would argue that not implementing all 10 principles weakens the system. I would argue that not owning your own implementation will do far more damage.
This document is an attempt to distil the principles to a simplified working set of concepts, and to overtly address some of the most common realities boards encounter when moving to policy governance.
What is policy governance
Policy governance is fundamentally deciding who gets to make what kinds of decisions, and where necessary, deciding ahead of time how those decisions will be made.
The first concept of simplified policy governance is to divide the decisions that get made about the future of the organization into two categories:
- The actions or processes we can use to steer the organizations
- The actions or processes we can use to operate the organization
These two domains can be defined as Governance and Execution. Define rules for all of the actions or processes going on in your organization today, and think of them as captured in a big circle. If you draw a vertical line across the center, all those decision that concern Governance go on the left, and all those Execution on the right.
The second concept is to further categorize those rules into
- What are we setting out to accomplish?, and
- How are we going to accomplish it?
If you draw a horizontal line across the middle, all those decisions that concern what the organization is meant to accomplish go on the top side of the line. All those about how we’re going to accomplish that go on the bottom. At this point you’ve got a circle of four quadrants. Each of those quadrants defines a different kind of policy that you’ll want to think about writing.
The top left is Governance policies; what are we setting out to accomplish as we steer this organization. This is where we define mission, vision and values. This is where we define the composition, compensation and structure of the board. This is where we define the rules and regulations of how the governors will act.
The bottom left is the Board/CEO linkage; how we set about steering this organization. Recognizing that the board hires a CEO to do the day-to-day steering of the organization, it is important to define rules about how the board will work with her to ensure alignment.
The top right is the Ends; what we hope to accomplish as we steer the organization. This is a definition of what success looks like. If we accomplish the ends, we’ve reached our destination successfully. Fundamentally, the Ends are the measures by which we determine the operation of the organization has been successful.
The bottom right is the Executive Limitations; these are the limitations on the actions the CEO is allowed to use in order to get us from here to the Ends.
The third concept is to define who gets to make decisions if there are no rules written down. I call this the concept of Default Authority. In a policy governance organization, there are two very important roles. The Chief Governance Officer (usually called the Chair) and the Chief Executive Officer (the CEO). Going back to the circle analogy, the left side of the circle, the Governance domain, is the domain of the Chair. The right side, the Executive Domain, is the domain of the CEO. In their respective domain, the Chief is the Default Authority. When a decision needs to be made and a rule hasn’t been written down, all authority and accountability for the making of that decision falls to the Default Authority. So, need to decide on the values of the organization? That’s the Chair’s decision. Need to decide what the organization needs to accomplish in order to be successful? That’s the CEO’s decision.
At its most simple, as long as you define a Chair and a CEO, you categorize each decision and the appropriate Default Authority makes the decision, you are living Simplified Policy Governance.
Of course, it’s really not that simple. In each policy category there will be many different kinds of decisions that need to be made. Some of these kinds of decisions will need detailed and meticulous policies that explicitly outline actions to be taken. Others will only require a motherhood statement that captures the intent of the board.
The fourth concept of Simplified Policy Governance is that of concentric or cascading policy depth. Any time the board feels it needs to write a rule about an action to be taken, it should start with the broadest possible rule that describes its intent. If the broad rule isn’t sufficient to drive the right behaviours (i.e. to guide the organization in the right direction), more specific policies can be written that inherit from the broad statement to guide appropriately.
While it is a popular thought that policy shouldn’t delve into operational detail, this is a misconception of how policies should be applied. Policies shouldn’t delve into operational detail without first discovering that a higher level policy doesn’t sufficiently control the activity of the organization. In other words, don’t go deep unless you’ve already gone broad.
The key to applying this is that the policy that is defined is followed as deeply as it delves into the organization, but if the policy doesn’t cover a particular variation of a decision, we fall back to the Default Authority who is accountable for the decision. In practice, the Default Authority will likely come to the board to discuss the decision and the board will act as a whole and make a judgement. The board should also, then, take that judgement and codify it in another level of policy to ensure that that same judgement is applied in the future.
One of the primary reasons that organizations struggle to apply a pure form of Policy Governance model is that they feel that external drivers force them to implement structures or policies that are contradictory to the Policy Governance model. The classic example is the use of committees. It is entirely possible that an external standards body or regulator might require (though an Act or guidance) that your organization include a specific committee. Policy Governance is generally disapproving of committees and so if an organization is forced to have a particular committee, they feel that they can’t truly call themselves a Policy Governance organization.
Simplified Policy Governance accepts these external factors as realities and incorporates them into the model. Effectively, Simplified Policy Governance states that any external mandate must be addressed by the organization. This means, at the highest level, that the organization needs a policy that acknowledges the external factor and states whether or not it will abide by the directive. A choice by the organization to not abide by a legislated directive would be a bad choice, but the organization could choose to do so. Once the organization has written policy to abide by the directive, it must then delve deeper into the organization, effecting policies that will ensure that the organization can abide by the directive and report on its compliance appropriately.
External factors that appear to impinge on “pure” Policy Governance are totally acceptable in Simplified Policy Governance, assuming the organization has developed the appropriate policy to define how it will respond.
It is important to specifically address the issue of the board delegating work to committees. Carver is fairly specific about his concern for how committees’ work can be useful to a board at minimal cost to its unity. The concern is that, except for a relatively perfunctory approval vote, there is not a board, only a group of congenial mini-boards.
The concern for Board holism is equally present in Simplified Policy Governance. It recognizes that the board will delegate work to committees from time to time. The key is to codify in the policy that acknowledges the directive how 3 specific activities will be conducted by the committee:
- Does the committee do the pre-work of slimming down the options and bring the two (or some number) best options to the board for decision; or does it whittle the options and bring a recommendation to the board for approval?
- Can the committee ask other committees to do work, or does the board need to make such a request?
- Can specific committees have direct oversight of staff, external to that of the board (i.e. an internal auditor)?
Carver would argue that approval, directives to other committees and oversight of staff would be a direct assault on board holism, and should be avoided at all costs. Simplified Policy Governance acknowledges the reality of External Factors and forces boards to explicitly codify policy that addresses how those behaviours will be conducted.
Finally, it is important to have a consistent structure to all policies to ensure that they are equally understood and applied. The recommended structure asks that every policy include:
- The type of policy (GP, BCLP, EP, ELP), and then the default authority for anything not covered by the policy explicitly
- Cross reference to any external driver to the policy (act, regs, bylaws, etc)
- Broadest policy statement related to policy title
- Numbered sub points. These are further specific detail of this policy statement
a. what is reported, to whom, when (i.e. cross reference to committee agendas)
b. When does the board/committee need to act based on the reporting (i.e. tolerances/ranges of results)