Good governance

What is good governance?  Good governance is governance that works in practice. It means an organization is directed, overseen, and held accountable in a way that is clear, fair, responsible, and effective. UN ESCAP describes good governance as having 8 major characteristics: “participatory, consensus oriented, accountable, transparent, responsive, effective and efficient, equitable and inclusive and…

Ava Kernan Avatar
Ava Kernan

What is good governance? 

Good governance is governance that works in practice. It means an organization is directed, overseen, and held accountable in a way that is clear, fair, responsible, and effective.

UN ESCAP describes good governance as having 8 major characteristics:

“participatory, consensus oriented, accountable, transparent, responsive, effective and efficient, equitable and inclusive and follows the rule of law.”

Applying this to GRC teams, good governance is not proven by having an intricate framework on a shared drive. It is instead proven in practice when decisions follow the right process, owners know their responsibilities, evidence is reliable, and leaders can see what needs action.

ORIGINS

Where does the idea of good governance come from?

The phrase good governance is commonly used across public sector, development, corporate, and regulatory contexts. It became prominent as institutions moved beyond asking whether decisions were made and started asking how they were made.

In public governance, it is often linked to participation, fairness, responsiveness, and the rule of law. As the concept gains prominence in business, good governance is often closely linked to board oversight, transparency, internal control, stakeholder confidence, culture, and risk management. The shared idea is that power needs structure, evidence, and accountability.

OECD Logo

The OECD says corporate governance guides how a company is directed and how it relates to shareholders and stakeholders. It also says the right structures and systems help create trust, transparency, and accountability.

The shared idea is that power needs structure, evidence, and accountability. Good governance is not just about who has authority. It is about how that authority is exercised, challenged, recorded, and reviewed.

PROCESS

Why does good governance matter?

Good governance matters because weak oversight creates risk. When ownership is unclear, reporting is fragmented, and evidence is hard to trust, organizations struggle to make confident decisions.

That is no longer a theoretical problem.

PwC Logo

PwC found that 71% of respondents expect digital transformation initiatives over the next 3 years to require compliance support.

KPMG logo

KPMG also found that 48% of organizations have centralized risk and resilience structures, but only 26% have strong collaboration and a holistic, cross-functional view of risks.

Good governance gives leadership the confidence to ask better questions, challenge the right issues, and act before problems become bigger.

What does good governance look like in practice?

In practice, good governance usually involves:

  • clear decision-making authority and delegated authority
  • documented governance roles and responsibilities
  • governance workflows for approvals, escalations, and reporting
  • board and committee reporting that supports decisions
  • connected risk, compliance, audit, and control information
  • evidence of decisions, actions, reviews, and approvals
  • regular monitoring of policies, risks, controls, obligations, and actions
  • transparent reporting on performance, issues, and outcomes
  • a governance framework that reflects how the organization actually works

Good governance is visible in the small things: decisions are documented, owners are named, actions are tracked, and reporting shows what matters.

Common challenges with good governance

Organizations often struggle with good governance when:

  • Governance is treated as documentation rather than decision-making
  • Ownership is unclear across teams and committees
  • Board reporting is too manual, slow, or high-level
  • Approvals happen in email with weak audit trails
  • Risks, controls, policies, and obligations sit in separate systems
  • Actions are agreed but not tracked to completion
  • Reporting focuses on activity instead of outcomes
  • Governance frameworks are too rigid for the operating model
  • Evidence is difficult to find when audit, assurance, or regulators ask for it
  • Business teams see governance as admin rather than support

The practical test is this: can the organization show what was decided, who owned it, what evidence supported it, what risk was considered, and what happened next?

Good governance best practices

Strong good governance usually depends on:

  • Clear ownership and accountability
  • Documented governance roles and responsibilities
  • A decision-making framework people understand
  • Consistent workflows for approvals, escalations, and reporting
  • Reliable evidence and audit trails
  • Reporting that supports decisions, not just administration
  • Regular monitoring of risks, controls, obligations, and actions
  • Board and committee packs that focus on insight and outcomes
  • Governance processes that fit the organization’s real operating model
  • Continuous review as the business, risk profile, and regulatory environment change

The best approach is one that people can actually follow. Good governance should give teams structure, not slow them down.

PEOPLE

GRC job roles

Who is responsible for good governance?

Good governance must be led from the top, but it cannot sit only with the board. It depends on people across the organization knowing their role in the process.

  • Board or governance committee: oversees accountability, culture, performance, risk, and control.
  • Senior leadership: turns governance expectations into operating priorities and management routines.
  • Company secretary or general counsel: supports governance documentation, committees, and decision records.
  • Risk and compliance teams: connect governance to obligations, policy, controls, testing, and reporting.
  • Internal audit and assurance teams: review whether governance processes work as intended.
  • Control owners and business managers: provide the day-to-day evidence that governance is operating.
  • Specialist governance leads: manage growing areas such as data, AI, cyber, IT, and information governance.

Good governance works best when responsibility is clear at every level. The board sets direction, leaders manage execution, and business owners provide the evidence that the process is real.

TECHNOLOGY 

What do good governance tools look like?

Good governance tools should reduce friction, not add more administration. They should help teams manage work, monitor progress, and evidence accountability without rebuilding everything manually.

Effective governance risk and compliance tools should give teams:

  • Visibility: a clear view of risks, controls, policies, actions, obligations, and decisions
  • Accountability: named owners, deadlines, approvals, and escalation routes
  • Evidence: a reliable record of what happened, who did it, and when
  • Workflow: consistent processes for approvals, attestations, reviews, and reporting
  • Reporting: insight that supports leadership and board decision-making
  • Flexibility: governance processes that reflect the real operating model
  • Usability: a system business teams can actually use
  • Scalability: the ability to support new governance needs over time

The test is not whether the tool looks impressive. It is whether it makes governance clearer, faster, and easier to prove.

How CoreStream GRC helps maintain good governance

Good governance should be practical, not performative.

Organizations often have the language of good governance but not the operating model behind it. Policies, committees, reports, and action logs may exist, but if they sit across spreadsheets, inboxes, shared drives, and disconnected systems, oversight is still fragile.

Richard Eddolls headshot

“Good governance does not mean keeping everything in the live working view. It means keeping the record accessible while making current work clear, owned and actionable.”

Richard Eddolls, Co-founder and Chief Product Officer, CoreStream GRC

That is where the CoreStream GRC software helps. It connects governance workflows, delegated authority, policy governance, internal controls, risk and compliance activity, issue management, audit trails, and board reporting. That turns good governance from a principle into a process people can use.

Instead of relying on teams to chase updates, rebuild evidence, or manually pull governance reports together, CoreStream GRC helps organizations create a clearer live view of ownership, action, evidence, and accountability.

OUR GOVERNANCE SOLUTION

CoreStream GRC: Governance software

CoreStream GRC: Expert guide to value-based GRC

Board Intelligence: How to measure good corporate governance

The impact of corporate governance on financial performance: a cross-sector study.

FAQs on good governance

What is good governance in simple terms?

Good governance means an organization is directed and controlled in a clear, accountable, transparent, and effective way. It helps people make better decisions, understand who owns what, and prove that oversight is working.

What are the principles of good governance?

Common principles of good governance include accountability, transparency, participation, responsiveness, effectiveness, efficiency, fairness, inclusiveness, and respect for the rule of law. In a corporate setting, these principles usually show up through board oversight, risk management, internal control, reporting, and clear accountability.

Why is good governance important?

Good governance is important because it helps organizations make better decisions, manage risk, meet obligations, and build trust. Without good governance, decisions can become unclear, evidence can be weak, and accountability can break down.

What is an example of good governance?

An example of good governance is a clear approval workflow where a key decision has a named owner, documented evidence, risk review, senior approval, an audit trail, and tracked follow-up actions. The process is clear, repeatable, and easy to prove.

What is good governance software?

Good governance software helps organizations manage decisions, approvals, responsibilities, reporting, evidence, and audit trails in a structured way. It should make governance easier to operate, easier to monitor, and easier to prove.

Tags:
  • Is the vendor risk assessment dead?

    Is the vendor risk assessment dead?

    Is the traditional vendor questionnaire still fit for purpose?  Imagine beginning a vendor assessment without sending another 200-question form.  Before contacting the third party, you already understand who the organization is, who sits behind it, and whether there are public risk signals that warrant closer attention. You can ask the vendor for the evidence it already holds, identify the gaps that…

  • Governance structure

    Governance structure

    What is a governance structure?  A governance structure is the way an organization organizes authority, oversight, accountability, and decision-making. It explains who has the power to decide, who needs to approve, who must be consulted, what gets escalated, and how leadership can see whether the organization is operating in line with its objectives.  In GRC, a governance structure matters…

  • Governance framework

    Governance framework

    What is a governance framework? A governance framework is the structure an organization uses to guide decision-making, assign accountability, manage oversight, and demonstrate how governance works in practice. It sets out who has authority, which decisions require approval, how issues are escalated, and how governance activity is monitored and reported.  In governance, risk and compliance (GRC), a clear governance…