CHAPTER 2: THE CORPORATE GOVERNANCE CONTEXT
ISO/IEC 38500 is clear that governance is distinct from management. It identifies the role of an organisation’s governing body and aligns that with the governing body’s role as described in the G20/OECD Principles of Corporate Governance, as revised in 2004, and in the 1992 Cadbury Report on corporate governance.
“Corporate governance could be thought of as the combined statutory and non-statutory framework within which boards of directors exercise their fiduciary duties to the organisations that appoint them.”5
The term ‘corporate governance’ gained prominence in 1978 when used by Robert Tricker in The Independent Director.6 In Corporate Governance (1984), he described corporate governance as being “concerned with the way corporate entities are governed, as distinct from the way businesses within those companies are managed. Corporate Governance addresses the issues faced by boards of directors, such as the interaction with top management, and relationships with the owners and others interested in the affairs of the company.”
In the Cadbury, Greenbury and Turnbull reports of the 1990s, the UK led the way for the OECD in defining how what is known as directors’ duty of care should be exercised.
The Cadbury report’s introduction provides a lucid description of the role of corporate governance:
Corporate Governance is the system by which companies are directed and controlled. Boards of directors are responsible for the governance of their companies. The shareholders’ role in governance is to appoint the directors and the auditors and to satisfy themselves that an appropriate governance structure is in place. The responsibilities of the board include setting the company’s strategic aims, providing the leadership to put them into effect, supervising the management of the business and reporting to shareholders on their stewardship. The board’s actions are subject to laws, regulations and the shareholders in general meeting.
The UK Corporate Governance Code (2018) states that the board should “establish a framework of prudent and effective controls, which enable risk to be assessed and managed”.7 This recognises the need for a risk management framework and leaves little room for imprudent risk taking. Directors’ duties in the UK are enshrined in statute by the Companies Act 2006.
ISO/IEC 38500 directly addresses the governing body of an organisation, although it does recognise that, in smaller organisations, the members of the governing body may also have roles in management. In this way, the Standard makes itself applicable to organisations of all sizes, regardless of purpose, design or ownership structure.
5Alan Calder, Corporate Governance: A Practical Guide to the Legal Frameworks and International Codes of Practice, Kogan Page, 2008.
6According to Professor Andrew Chambers, in Tottel’s Corporate Governance Handbook (2003).
7UK Corporate Governance Code, 2018, p. 4.