The Foundation of Trust

Governance is how your business is run — the structures, practices, and cultures that shape decisions and ensure accountability.

Good governance prevents scandals before they happen. Bad governance creates conditions where problems fester until they explode.

Investors increasingly view governance as the foundation of ESG. Without sound governance, environmental and social commitments are unreliable. A company that can't govern itself well won't deliver on any of its promises.

This chapter covers the key governance elements and how AI can help you assess and strengthen your practices.

Board and Leadership

Board Composition

For larger companies with formal boards, composition matters:

Independence:

  • Sufficient independent directors
  • Independent chair or lead director
  • Independent key committees (audit, compensation, nominating)

Diversity:

  • Gender, ethnic, and background diversity
  • Range of skills and experiences
  • Avoidance of groupthink

Expertise:

  • Financial literacy
  • Industry knowledge
  • ESG competence
  • Risk management understanding
  • Technology literacy

Refresh and succession:

  • Term limits or regular evaluation
  • Succession planning for key roles
  • Onboarding for new directors

For Smaller Businesses

Even without a formal board, governance matters:

Advisory structures:

  • Informal advisory boards
  • External advisors with independence
  • Peer accountability groups

Owner/operator discipline:

  • Self-imposed governance standards
  • External review and feedback
  • Clear decision-making processes

AI Prompt: Board Assessment

Help me assess governance at the board/leadership level.

Company type: [Public, private, family-owned, etc.]
Size: [Revenue, employees]
Current structure: [Board composition, advisory structure]
Key leadership: [Relevant background]
Known gaps: [Areas of concern]

Analyze:
1. Appropriate governance structure for our size/type
2. Gaps in current composition or independence
3. Recommended improvements
4. Best practices for our stage
5. ESG competence considerations

Ethics and Business Conduct

Code of Ethics/Conduct

Every organization needs clear ethical guidelines:

Coverage:

  • Conflicts of interest
  • Anti-corruption and bribery
  • Fair dealing
  • Confidentiality
  • Proper use of company assets
  • Compliance with laws
  • Reporting concerns

Implementation:

  • Written code, accessible to all
  • Training on code requirements
  • Regular acknowledgment/certification
  • Consequences for violations
  • Tone from the top

Anti-Corruption and Bribery

A critical governance area with serious legal consequences:

Key laws:

  • US Foreign Corrupt Practices Act (FCPA)
  • UK Bribery Act
  • Local anti-corruption laws

Controls:

  • Clear policies on gifts, entertainment, payments
  • Due diligence on third parties
  • Accurate books and records
  • Regular risk assessments
  • Training for high-risk roles

AI Prompt: Ethics Program Assessment

Help me assess our ethics and compliance program.

Business type: [Industry]
Size: [Employees]
Geographic scope: [Countries of operation]
Current ethics program: [Code, training, hotline, etc.]
High-risk areas: [Government contracts, international operations, etc.]
Known issues: [Any past problems]

Analyze:
1. Gaps in our current ethics program
2. Risk areas based on our profile
3. Recommended policies and procedures
4. Training needs
5. Enforcement and accountability mechanisms

Whistleblowing and Speak-Up Culture

Employees must be able to raise concerns safely:

Elements:

  • Multiple reporting channels (manager, HR, hotline, ombudsman)
  • Anonymous reporting option
  • Clear non-retaliation policy
  • Investigation procedures
  • Follow-up and closure

Culture:

  • Leaders model speaking up
  • "Good catch" recognition
  • Trust that issues will be addressed
  • Visible consequences for retaliation

AI Prompt: Speak-Up Culture

Help me assess and improve our speak-up culture.

Current channels: [How employees can raise concerns]
Anonymous reporting: [Available? Used?]
Recent reports: [Volume, types, without identifying details]
Known barriers: [What might prevent people from speaking up]
Retaliation history: [Any concerns]

Analyze:
1. Effectiveness of current mechanisms
2. Gaps and barriers to reporting
3. Recommended improvements
4. How to measure speak-up culture
5. Best practices for our size

Risk Management

ESG Risk Integration

ESG risks should be part of enterprise risk management:

Environmental risks:

  • Climate physical risks (extreme weather, sea level)
  • Transition risks (policy changes, technology shifts)
  • Liability risks (pollution, environmental damage)

Social risks:

  • Human capital risks (talent, labor disputes)
  • Reputation risks (controversies, boycotts)
  • Supply chain disruption
  • Community opposition

Governance risks:

  • Compliance failures
  • Ethics violations
  • Board dysfunction
  • Succession failures

Risk Oversight

Board role:

  • Regular risk updates
  • Risk appetite definition
  • Challenging management assumptions

Management role:

  • Risk identification and assessment
  • Mitigation strategies
  • Monitoring and reporting

AI Prompt: ESG Risk Assessment

Help me assess ESG-related risks for my business.

Industry: [Sector]
Size and scope: [Revenue, geography, employees]
Business model: [Key activities and dependencies]
Known risk areas: [Current concerns]
Current risk management: [Existing processes]

Analyze:
1. Key ESG risks by category
2. Risk likelihood and impact
3. Current mitigation gaps
4. Recommended risk management improvements
5. How to integrate ESG into enterprise risk management

Data Privacy and Security

Data governance is increasingly critical:

Privacy Compliance

Key regulations:

  • GDPR (EU)
  • CCPA/CPRA (California)
  • Other state and national privacy laws
  • Industry-specific requirements (HIPAA, GLBA)

Elements:

  • Privacy policies and notices
  • Consent management
  • Data subject rights processes
  • Data processing agreements
  • Privacy impact assessments
  • Breach notification procedures

Cybersecurity

Governance elements:

  • Security policies and standards
  • Board and management oversight
  • Incident response plans
  • Regular assessments and testing
  • Employee training
  • Vendor security management

AI Prompt: Data Governance Assessment

Help me assess our data privacy and security practices.

Data we collect: [Types of personal/sensitive data]
Regulatory environment: [GDPR, CCPA, industry-specific]
Current privacy program: [Policies, processes, personnel]
Current security measures: [What's in place]
Recent incidents: [Any breaches or close calls]
Third-party data sharing: [Vendors, partners]

Analyze:
1. Compliance gaps
2. Security vulnerabilities
3. Recommended improvements
4. Priority actions
5. Governance structure needs

Executive Compensation

Compensation governance signals what the company values:

Key Principles

Alignment:

  • Pay linked to performance
  • Long-term incentives alongside short-term
  • ESG metrics in compensation (increasingly)

Fairness:

  • Reasonable pay levels
  • Internal pay equity
  • Transparency about pay decisions

Accountability:

  • Clawback provisions
  • Stock ownership requirements
  • Pay for performance correlation

ESG-Linked Compensation

Growing trend to tie pay to ESG outcomes:

  • Environmental targets (emissions reduction)
  • Safety performance
  • Diversity goals
  • Customer satisfaction
  • Employee engagement

AI Prompt: Compensation Governance

Help me assess compensation governance.

Company type: [Public, private, size]
Current compensation structure: [Base, bonus, equity, etc.]
Performance metrics: [What pay is tied to]
ESG linkage: [Any sustainability metrics in pay]
Peer practices: [What you know about industry norms]

Analyze:
1. Alignment between pay and long-term value
2. Opportunities to incorporate ESG metrics
3. Best practices for our size/type
4. Governance mechanisms for compensation decisions

Transparency and Disclosure

Financial Reporting

Foundation of governance:

  • Accurate financial statements
  • Strong internal controls
  • Independent audit
  • Timely reporting

ESG Disclosure

Growing expectations for non-financial reporting:

  • Sustainability reports
  • Climate disclosures
  • Human capital information
  • Board composition and practices

Tax Transparency

Emerging governance expectation:

  • Tax strategy disclosure
  • Country-by-country reporting
  • Fair tax practices

AI Prompt: Disclosure Assessment

Help me assess our transparency and disclosure practices.

Company type: [Public, private, size]
Current disclosures: [What we report beyond financial statements]
Stakeholder expectations: [Investor, customer, employee expectations]
Regulatory requirements: [Mandated disclosures]
Industry norms: [What peers disclose]

Analyze:
1. Gaps between current and expected disclosure
2. Priority improvements
3. Appropriate reporting frameworks
4. Materiality considerations
5. How to build disclosure capacity

Shareholder and Stakeholder Rights

Shareholder Rights

For companies with outside shareholders:

  • Voting rights (one share, one vote)
  • Access to information
  • Ability to raise concerns
  • Protection of minority shareholders

Stakeholder Engagement

Beyond shareholders:

  • Employee representation and voice
  • Customer feedback mechanisms
  • Community engagement
  • Supplier relationships
  • Civil society dialogue

AI Prompt: Stakeholder Engagement

Help me design stakeholder engagement practices.

Key stakeholder groups: [Employees, customers, community, investors, etc.]
Current engagement: [What we do now]
Known concerns: [Issues stakeholders raise]
Decision-making: [How stakeholder input is used]
Gaps: [Where engagement is weak]

Recommend:
1. Engagement mechanisms for each group
2. How to integrate input into decisions
3. Reporting back to stakeholders
4. Measuring engagement effectiveness
5. Governance of stakeholder engagement

Building a Governance Culture

Tone at the Top

Leaders set governance culture:

  • Model ethical behavior
  • Take responsibility for problems
  • Reward integrity, not just results
  • Act consistently with stated values

Middle Management

Where culture is transmitted:

  • Understand and communicate expectations
  • Address issues promptly
  • Escalate appropriately
  • Balance performance with integrity

Policies vs. Culture

Policies establish minimum standards. Culture determines actual behavior.

Indicators of strong governance culture:

  • People raise concerns before problems escalate
  • Mistakes are acknowledged, not hidden
  • Decisions consider multiple stakeholders
  • Accountability is real, not performative

AI Prompt: Governance Culture Assessment

Help me assess our governance culture.

Company size: [Employees]
Industry: [Sector]
Leadership style: [How decisions are made, communicated]
Recent examples: [How ethical issues were handled]
Employee feedback: [What people say about culture]
Concerns: [Areas that worry you]

Analyze:
1. Strengths in our governance culture
2. Gaps between stated and actual values
3. Recommendations for improvement
4. How leaders can model better governance
5. Metrics to track culture

Governance for Different Business Types

Startups and Small Businesses

Focus on:

  • Founder ethics and values
  • Simple but clear policies
  • External advisors for accountability
  • Building governance as you grow

Family Businesses

Additional considerations:

  • Separation of family and business roles
  • Succession planning
  • Family governance alongside business governance
  • Managing family conflicts

Private Equity-Owned

Specific dynamics:

  • Board composition during ownership
  • Short-term vs. long-term balance
  • Exit planning implications
  • Reporting to investors

Public Companies

Full governance expectations:

  • Regulatory compliance (SOX, exchange rules)
  • Independent board majority
  • Committee structures
  • Executive compensation disclosure
  • Proxy and shareholder engagement

What's Next

You understand the three pillars — Environmental, Social, and Governance. Now you need to communicate your performance.

Chapter 5 covers ESG reporting and disclosure — frameworks, data collection, and how AI can help you create credible, useful reports.

Social: Workforce, Community, and Supply ChainESG Reporting and Disclosure with AI