Signs of poor governance (updated monthly)

Is your organization’s governance healthy, or just "compliant" on paper?

Poor governance rarely happens overnight; it leaves a trail of subtle signs. This series is a monthly deep-dive into the common patterns of bad GRC observed in the field. By treating governance as a recurring calendar of awareness rather than a one-time audit preparation, we can build more resilient, transparent businesses.

Below is a running archive of "Red Flags." Check back monthly to see if any of these signs are appearing in your organization.

Sign no. 1: Managers Without Teams

A common pattern in deteriorating governance is the proliferation of managerial titles that lack any direct reports. While often intended as a "reward" or a way to retain talent, this creates a significant GRC blind spot.

Sign no. 2: Unclear Roles and Responsibilities

In a healthy organization, if you ask three different people who is responsible for a specific process—such as a Corrective Action or a Risk Assessment—they should all point to the same person. In poor governance, they point at each other.

Sign no. 3: Lack of Strategic Direction

When an organization treats governance as a series of boxes to check rather than a roadmap to follow, it is a clear sign that strategic direction is missing. Without a direction, GRC efforts become fragmented, expensive, and—ultimately—ignored by the workforce.

Sign no. 4: Poor Risk Management

Risk management is the heartbeat of modern ISO standards, which are built on Risk-Based Thinking. When an organization views risk as a static document rather than a dynamic process, they aren't managing the business; they are just filling better paperwork.

Sign no. 5: Many layers of Management, few decision-makers

When you have an abundance of "managers" but only one or two people are actually allowed to sign off on a decision, governance becomes a performance rather than a process.