In association with

Laying the groundwork for good governance

Laying the groundwork for good governance

To oversee your business well, you need to make sure a few things are in place first. For example, you need a vision showing where you’re going and plans for how to get there. And you need to understand any risks and have robust internal processes to keep things under control.

Understand your duties

As a director of your business, you have ethical and legal duties. They form a framework for good business and keep you on the right side of the law. Understanding your duties will help you run your business better, for example by trading sensibly and not making any commitments you can’t meet.

Free up time to work on the business

As a business owner and director, you’re often pushed for time. You’re probably deeply involved in running your business, meaning it’s hard to find a moment to step back and look at the bigger picture.

It can be challenging to try to do everything yourself. To oversee your business well, you need to assign tasks to other people (delegating). For example, it’s useful to delegate day-to-day tasks so you can work ‘on’ the business instead of ‘in’ it.

You can also assign some of your director duties if you want to. Just make sure that you delegate to people who are reliable and competent. They must act in the best interests of the company, and it’s your responsibility to make sure they do.

The board of directors can assign some powers to board committees, directors or employees. The board must believe that the person they’ve delegated to will act responsibly. And they must monitor how that person uses the power.

In a small company, you may not have the luxury of staff or other committees to delegate tasks to. You may need to hold back on some of your other tasks or plans to free up time, at least while you get your governance set up. You’ll find the sacrifice well worth it when good governance helps you further down the line.

Case study

Case study

Mai frees up time for governance by delegating to trusted employees

Mai’s Wellington-based food truck business has been doing well for a few years now. She started the business as a one-woman operation, and bought a larger truck and recruited three staff as its popularity increased.

She’s thinking about recruiting teams to work in new trucks in other New Zealand cities. While she takes pride in cooking and preparing the food herself, that won’t be possible when the business operates in several locations. With the increasing demands of running the business, she’s already struggling to supervise the quality of the food.

Mai realises that she has to delegate some responsibility. She promotes a thorough and reliable staff member to team leader, tasking them with overseeing the day-to-day operations of the Wellington truck. She also writes down all business processes, from ordering ingredients to closing up the truck at the end of the day. This written record means that staff in new locations can run the business exactly how Mai wants, even though she can’t be there to supervise. Plus, the documents will be very useful if she ever decides to sell the business.

With trusted staff in place, Mai can now spend more time on the bigger picture. Having time for governance means she feels much more confident about expanding into new cities.

Document your plans

Having a set of plans helps you and everyone else in the business know what you’re aiming for. Plans make your business more valuable to buyers, investors or lenders. You probably documented some of your plans when you started your business, and it’s sensible to update these regularly. Here are some of the plans your business might need.

Set a clear vision first

Establish your vision before getting into more detailed planning for your business. Your vision draws on your goals, purpose and environment to show what your business wants to be like in some years’ time.

Your vision should be about the outcome you want your business to achieve, rather than specific things you will or won’t do. It’s worth the effort it takes to think beyond your day to day activities in a clear, memorable way — allowing for growth without deciding on details that will constrain you. Some examples are:

  • a future where you don’t have to choose between sustainability and the best performance in backcountry transport
  • Tauranga households have the fastest, most reliable internet access in the country.

All your plans and business activities should be consistent with your vision.

Business plan — preparing for success

Business planning means stepping out of day-to-day tasks to set work goals and decide how you’re going to reach them. It makes you think about the ‘big picture’ both inside your company (strengths and weaknesses) and outside it (opportunities and threats). Your business plan is a platform for you to plan key tasks — for example, how to build the brand, what markets to enter, and which current weaknesses to tackle first.

To ensure your business can keep growing or be sustainable over the long term, you need to work on your business plan not only up-front, but also when your business grows or the environment around you changes. Treat the plan as a living document that you’ll update when necessary to react to change and stay ready to deal with unexpected events.

Business continuity plan — preparing for emergencies

A business continuity plan lays out how your business will continue its main tasks after an emergency. This could include natural disasters, equipment failure or a supplier going out of business. If you’re unable to perform an important task due to an emergency, continuity planning helps your business to continue functioning. For example, you might plan how you would work from a different location, or how you would work around key staff or services if they weren’t available.

Writing a business continuity plan means you’ll have documented procedures instead of storing them ‘in someone’s head’.

Succession plan — securing the future of your business

Succession planning means preparing people you trust to replace you (or other directors) when you leave or retire. This will help your business continue to succeed. Because a small business can change quickly, a succession plan is very important.

If you have no one to take over from you, succession planning means setting out how you’ll sell, close or transfer the business. Either way, you need to prepare carefully for the transition — this might include training and educating the person you want to take over from you.

You need to carefully manage succession if you have a family business, as the directors, CEO and managers are often all part of the family (and the same person may cover more than one of these roles). This can limit your choices and cause emotional tension — you can resolve this by calling on suitable people outside the family to fill some positions.

Business continuity planning is part of your duty to act in the best interests of the company.

Business continuity planning is part of your duty to act in the best interests of the company.

Get insured

Insurance is an investment in managing your risks. You’ve probably already thought about fire and natural disasters, theft, and stock damage. But you also need to protect yourself against problems like employment disputes or injury or property damage caused by your products or services.

Liability insurance can protect you against damages and costs from legal action. Indemnity insurance is particularly relevant to people involved in overseeing a business. It can protect you and other directors if you cause damage, or make a mistake of judgement that negatively affects your business. Directors’ and officers’ (D&O) insurance is the most common type of indemnity insurance for directors.

“We strongly recommend anyone operating as a director to investigate their liabilities and take out D&O insurance to cover them.”

“We strongly recommend anyone operating as a director to investigate their liabilities and take out D&O insurance to cover them.”

Tim Grafton, The Insurance Council of New Zealand

No single policy can cover all your business risks so you may need more than one policy — but it’s possible to be over-insured too. Insurance can be a significant item on your operating expenses, so make sure your insurance fits your business risks and delivers good value. Expert advisors can help you find the right balance. You may want to speak to an insurance broker about the types of insurance your business needs.

Set strong internal controls

Internal controls are rules and procedures that ensure your reporting is reliable and on time. They ensure you have the information you need for governing effectively. They also help you stay on the right side of the law and deter employees from being tempted into stealing or committing fraud. You can use two types of controls: preventative and detective.

Preventive controls are sensible processes that deter errors or fraud. For example, separating duties so that more than one person is needed to authorise and record transactions (such as invoices and expenses). You can also physically limit who can access cash or valuable assets.

Detective controls are a safety net for anything you couldn’t prevent. This includes regularly checking your finances and correcting any errors. You can also ask an accountancy firm to carry out an external audit of your controls.

Ensure you receive good information

Directors and advisors must keep up to date on the business’s situation and performance. To do this you need business processes to measure everything you want to track, and to present you with the latest information, such as in weekly or monthly updates.

Choose what to measure

You’ll probably need a few different kinds of information to understand how your business is performing — both financially and in other respects. Here are some things you might want to measure or monitor. Some support your legal obligations as a director, and others help you get an insight into how well the business is functioning in other ways.

Financial information

  • financial results
  • forecasts and comparisons with previous years
  • sales data
  • insurance

Strategic information

  • progress against plan
  • new risks or threats
  • research and innovation
  • competitors’ results and industry trends

Customer and marketing information

  • brand reputation
  • customer loyalty and feedback
  • market share and trends
  • environmental impact

Staff information

  • staffing levels
  • health and safety
  • employee satisfaction
  • employee retention and loyalty

How to measure

Key performance indicators (KPIs) measure performance against specific targets. They show you how well your business is achieving its objectives. For example, your budget probably already sets targets for income, spending and profit. For financial objectives, you might want to use KPIs like year-on-year gross profit margins and net profit margins. You’ll also need other KPIs to keep track of the big picture.

KPIs can be quantitative (can be presented with a number) or qualitative (can’t be presented as a number). This means you can set KPIs for anything. For example, they could be:

  • financial, eg achieving a certain level of income or profit
  • operational, eg serving a certain number of customers per day or improving manufacturing output
  • people-based, eg helping staff to gain qualifications or encouraging them to stay in the business
  • intangible, eg improving your reputation or achieving a certain level of quality.

Setting KPIs helps you keep track of business performance and can alert you to problems before they get out of hand, allowing you to take action.

How often to measure

Performance reporting is a careful balance — you need enough information to stay updated, but you don’t want to create too much work for yourself or waste staff time on constantly preparing reports.

You’ll need different types of information at different times. For example, you’ll probably need updates on your finances each month or fortnight, but you might only survey your customers’ opinions once a year or less. You and any other directors are best placed to know how often you need each type of info to get a clear view of how the business is doing.

Create a risk management plan

To build on its success, your business needs to be able to meet challenges. Risks are inevitable. If you don’t manage them, they could have severe consequences. Risk management involves creating plans to deal with risks and prevent them damaging your business.

Risk management involves:

  • identifying risks
  • deciding which ones are important due to their likelihood and impact
  • controlling them appropriately.

Risk management can’t usually remove risks altogether, but it can reduce their effect. Sometimes managing one risk introduces a new, smaller risk but makes an overall improvement — or you might leave a minor risk in place while you focus on a higher priority.

1 — Identify the risks

Most significant risks are operational or strategic. Useful things to consider include:

  • what problems or near misses you’ve already encountered
  • what types of fraud you could be vulnerable to
  • the major regulatory and legal risks you face.

Here are some examples of risks you might need to manage.

Financial risks might include:

  • cash flow problems
  • inability to attract investment
  • fluctuating currency
  • slow-paying customers.

Operational risks might include:

  • computer viruses, hacking or fraud
  • out-of-date or unreliable equipment
  • inadequate resourcing
  • disruption from natural disaster.

Strategic risks might include:

  • wrong or badly implemented business strategy
  • failure to innovate
  • changing business environment, eg:
    • new government policy
    • regional economic problems
    • competitive pressure.

Health &  safety risks might include:

  • slip, trip or fall hazards
  • biological or chemical hazards
  • stress from high workloads or long hours
  • bullying or sexual harassment.

Compliance risks might include:

  • unpaid income tax or GST
  • unfulfilled director duties
  • breaching environmental standards
  • breaching employment standards.

Reputational risks might include:

  • privacy leaks
  • unfulfilled promises to investors
  • low quality products or services
  • negative publicity eg, on social media.

2 — Prioritise the risks

Decide which risks pose a bigger threat, based on their likelihood and impact. Consider their financial impacts, how they could prevent the business achieving its objectives, and how they relate to your legal obligations as a director. For example, the ‘cyber risk’ of stolen payment information or attacks like ransomware can have a huge impact on your business. And health and safety risk is something you can’t delegate away — it belongs to directors.

3 — Control the risks

After you prioritise the risks, decide how you want to control each one to reduce its likelihood or impact. You can control risks by:

  • eliminating them (often difficult)
  • replacing them with new, smaller risks
  • transferring them to another business or person in a contract, or sharing them
  • insuring against some or all of the risk.

4 — Monitor the risks

To monitor risk, you may want to regularly discuss the risks that each team or work stream faces with their managers. You could ask external auditors to assess more complicated risks. Documenting your risks in a risk register that describes your control and monitoring for each risk is a good start. As well as monitoring individual risks, you might monitor how they combine, to ensure you’re comfortable with your overall risk profile.

Worksheet: identify, prioritise, control, and monitor your risks

Worksheet: identify, prioritise, control, and monitor your risks

Use this worksheet to make a plan for managing your risks.

Risk management plan worksheet [DOCX, 1.5 MB]

Case study

Case study

Taking time to work on the business helps the Kiwi Paper Company to assess risk

Jim is the new managing director of the Kiwi Paper Company. The previous managing director, Sione, was the founder of the company and ran it for 25 years.

Now that the business has 30 employees, Jim recognises that the informal oversight procedures that Sione had ‘in his head’ need updating. It’s the right time to start thinking more seriously about topics such as risk.

Jim evaluates the risks of various decisions he might have to make in the next few years. For example, now that they’re buying materials in larger quantities, it might make sense to import cheaper ones from overseas. However, that would introduce new risks around delivery timing, quality control and environmental standards.

After evaluating these risks, Jim realises that (for now at least) the risks outweigh the return he’d expect from the change. Jim decides he’ll focus on New Zealand suppliers for now. But the work he’s done documenting risk provides a strong base for future growth — he can work in the background on changes that would reduce the risk if he wanted to change suppliers in the future.

Risk management doesn’t prevent you taking on risk, it just helps you recognise it and handle it sensibly.

Risk management doesn’t prevent you taking on risk, it just helps you recognise it and handle it sensibly.

Involve the right people

Depending on your business and key risks, you may want to have different types of people helping you in your governance activities, such as:

  • other business owners can share their experiences from the same industry or the stage of business you’re going through, as well as providing useful networks
  • accountants can help you understand your cash flow and finances in order to be financially prudent
  • lawyers can help you avoid pitfalls — they have often seen many ways things can go wrong for a business
  • compliance experts can help you improve practices - eg a health and safety expert can help you identify hazards and make things safer.

Many businesses find board members or advisors through networking platforms, eg Linkedin, or online databases. Specialist organisations can help you advertise and fill board positions, and you can also advertise roles through the Institute of Directors.

Director vacancies(external link) — Institute of Directors

Don’t rely on reputation and experience alone. Interview any potential directors or advisors. Validate their expertise and get a feel for their working style, motivations and expectations. Strive to be objective in your appointment process, but be sure to choose people you get on with. Board members are an integral part of your team.

Involving family

Family companies can face unique governance challenges, particularly because of personal relationships. Some family companies combine governance roles,eg the CEO might also be chair of the board. As the business grows, it can be a good idea to separate these roles to prevent one person having too much power and being exposed to conflicts of interest.

Also, bear in mind that no one should advise you unless they actually have the skills needed. Doing what’s best for the company means hiring the best person for the job, which may not be a family member.

 “Diversity is about having different perspectives through a balance of expertise, knowledge, gender, ethnicity, age and background to get the best mix of talent, thinking and capability."

“Diversity is about having different perspectives through a balance of expertise, knowledge, gender, ethnicity, age and background to get the best mix of talent, thinking and capability."

Kirsten Patterson, Chief Executive, Institute of Directors

Getting on board with diversity(external link) — Institute of Directors

Set up good communication

Your staff need to understand how you carry out your governance activities — it isn’t just a passive process, it requires their input too. Make sure the people overseeing the business and those running the business day-to-day regularly discuss how governance is working. As with any other aspect of the company, you need to explain the reasons behind major decisions to employees. It can be helpful to ask staff for feedback. Sometimes they can spot opportunities or risks you aren’t aware of. Consider events like weekly ‘stand up’ meetings or regular ‘town hall’ meetings for everyone.

Investors often prefer more formal written reports about the targets you set for the business, strategies to achieve them, and performance against them. And you have a responsibility to check they agree with your governance.

Visual guide: Laying the groundwork

Track and improve your governance

Your approach to governance may need to change as your business grows or your focus changes. You should track the effect of your methods to make sure they’re working properly — you should be able to see your effectiveness in your progress towards the big-picture goals you’ve set yourself as a director. It can also help to conduct surveys (of employees, investors and other stakeholders) to understand how you’re doing. Look out for any signs that you need to take a more structured approach to governance, such as appointing advisors or a board of directors.

As your business grows or changes, identify any emerging areas that might require specific skills to keep your governance on track. That way you can get advice, or bring relevant people into your governance work, in good time.

Stay in the know

It’s important to make sure you know about changes in the law — you can sign up to the newsletter to keep on top of this.

Subscribe to our newsletter

You might also find it useful to keep up to date on how other businesses in your industry approach governance. Networking can provide excellent opportunities to do this and avoid working in isolation. Talking to other directors helps you learn what's going on in the market, whether you do it through informal socialising or official events.

Branch events(external link) — Institute of Directors

Rating form

How useful did you find this?

Rate this

"Rate this" is required