Kathy Gibson reports from SMEXA 2015 – Finding the balance between regulatory compliance and sound governance on one hand, and the cost of governance is not easy.

Yes, it’s important to have control, says Get-It-Right’s Johann Botha. But it can also go too far and might even put companies out of business.

“Governance is about giving direction to the organisation and ensuring that it happens,” Botha says. “So we need to do the best possible job with the minimum resources and the least risk.”

The conventional approaches to governance, he adds, are generally to either stick their heads into the ground; or to build fortresses.

The problem with building walls, Botha says, is that they tend to get bigger and higher and more complex as time goes on. “And you can’t move, because you have walls.

“But, at the end of the day; the walls will be penetrated.”

It’s a fact that users also don’t like being told what to do, and so they revolt, Botha points out – and they will find a way to do what they want.

“So create a controlled environment that works for people,” he advises.

Governance also urges companies to create value – but frequently the fear of risk means that the value is stifled.

“If you take best practice as rules, you could create a very compliant but useless organisation,” Botha says.

To be successful, though, governance implementation approaches means that best practice can never replace strategy, but should be used as guidance.

Botha adds that governance guidelines are tools, but should not be misconstrued as toolboxes.

“Tools don’t solve problems – people do,” Botha says.

He offers some governance advice, including a suggestion that companies not use governance to do something you otherwise wouldn’t be able to do; or do things for appearance’s sake.

“People are suffering from compliance fatigue. They have had enough. And yet we come up with new frameworks. Remember these things are guidelines; they are not rules.”

Best practice describes all the different permutations and possibilities, he explains. “Some of this will apply to your organisation; and even fewer will apply to things that you can control.

“But remember, the more controls you and have and the more complex they are, the less likely they are to be effective.

“So spend time thinking about the things that really matter. And then put your effort on the overlap between the things that matter and things you can control.”

At the end of the day, companies need to understand their requirements and build their own frameworks using the tools provided by existing best practice frameworks.

“Don’t implement everything that best practice describes,” Botha says. “If it makes no difference, don’t bother.”

He quotes Peter Drucker as saying: “There is nothing as useless as doing efficiently something that shouldn’t be done at all.”