This Is Why ISO Certification Unlocks Superior Corporate Governance
The importance of corporate governance in a business environment cannot be denied.
Emphasis is put on organisations achieving trust and a good reputation, rather than their tangible assets.
For organizations already certified to ISO standards, there is an opportunity to further enhance governance practices through deeper integration and advanced certifications.
Understanding Corporate Governance
What is Corporate Governance?
Corporate governance is defined by ICSA: The Governance Institute as “the way in which companies are governed and to what purpose.” It encompasses the systems, rules, practices, and processes by which companies are directed and controlled. While governance practices may differ across organizations, the fundamental principles of accountability, transparency, fairness, and responsibility remain consistent.
Today, intangible factors like trust and reputation contribute more to market capitalisation than net assets do. Simply put, shareholders are demanding that companies demonstrate good corporate governance.
Why do investors demand good Corporate Governance?
In recent years, environmental, social, and governance (ESG) concerns have become a focal point for investors and shareholders alike. Massive corporate failures over the last century have led to significant environmental, social, and economic harm, prompting a societal push for more responsible and transparent management practices.
The triple bottom line—people, planet, and profit—has become a critical framework for evaluating a company’s impact and long-term sustainability. Investors are now more than ever demanding robust corporate governance structures that address these ESG concerns and mitigate risks.
The environment has been damaged through bad governance
In 1989, the Exxon Valdez went aground, spilling 40 million litres of crude oil into Alaska’s Prince William Sound. The BP Deepwater Horizon explosion, that killed 11 people in July 2010, dumped 757 million litres of oil into the Gulf of Mexico, spoiling 25 750 km of coastline.
Workers have been poisoned
In December 1984, the Union Carbide methyl isocyanate gas leak in Bhopal India caused 20 000 deaths and left almost 500 000 people with permanent physical damage.
Children have been used as cheap labour
In 1998, Nike was exposed for using child labour in the East and had to spend $1.13 billion to recover its tarnished reputation.
Environmental protection measures have been flouted
In 2015, it came to light that Volkswagen had programmed its cars to only apply emission control measures during testing, and had to budget $18.2 billion to deal with the matter.
Fraud at the highest levels has robbed people of their pension funds…
… and caused huge job losses. In 2001, Enron, a major electricity, natural gas, communications, pulp and paper group, filed for bankruptcy, due to fraud and corruption. It claimed revenues of $101 billion during the previous year.
Organisations formed to improve Corporate Governance and prevent disasters
A few of the more notable organisations that have been formed to deal with and help prevent disasters like those above, are:
OECD was established after the First World War and aims to promote policies that improve the economic and social well-being of people around the world. The OECD signed a Memorandum of Understanding with ISO in 2008, and have been working closely to expand existing management system standards.
GRI was established in 1997 by the Coalition for Environmentally Responsible Economies (CERES). It is renowned for its widely used standards in sustainability reporting. These standards help organizations effectively communicate their environmental, social, and governance (ESG) impacts. GRI is a leading force in guiding reporting on sustainable development and, in 2011, signed a Memorandum of Understanding with ISO to further drive sustainable development initiatives.
ILO is an agency of the United Nations, established in 1919, to promote workers’ rights, encourage decent employment opportunities, enhance social protection, and strengthen dialogue on work-related issues. The ILO worked with the British Standards Institute (BSI) on generating a guideline that led to the worldwide use of OHSAS 18001. In 2013, the ILO reached an agreement to work with ISO to develop ISO 45001.
IIRC was established in 2010. It’s a global coalition of regulators, investors, companies, standards setters, the accounting profession, and NGOs.
In 2013, it published the International Integrated Reporting Framework, which has become a key benchmark for integrated reporting.
In 2021, the IIRC merged with the Sustainability Accounting Standards Board to form the Value Reporting Foundation (VRF). This merger aims to streamline corporate reporting by combining integrated thinking and reporting with sustainability accounting standards.
The Relationship Between ISO and Corporate Governance
The drive for improved governance has led to a structured approach in developing ISO management system standards. ISO’s Directives 1 and 2, particularly Annex SL, provide a common framework for these standards, integrating governance principles with a focus on climate change and the UN’s Sustainable Development Goals (SDGs).
This structure ensures that good governance practices are embedded within the standards, addressing key issues such as risk management, stakeholder engagement, and continual improvement, while also aligning with sustainability objectives and enhancing transparency.
What is the relationship between ISO and Corporate Governance?
The drive for improved governance of organisations has resulted in a structured approach in the development of all management system standards.
ISO has achieved this by publishing Directives 1 and 2 which provide rules for the teams that develop standards, in the case of ISO 9001, ISO/TC 176. Directive 1 contains annex SL which provides a common structure to be used by all management system standards.
It therefore shares common headings and common text, that addresses good governance requirements, with other management system standards and is used as the framework into which the management requirements are written.
There are also common definitions that address the issues associated with good governance.
How does ISO Conformance work with Good Corporate Governance?
ISO standards were initially established to supplement the confidence provided by quality inspection and control. They were developed to enforce and promote a minimum set of legal requirements and standards that need to be applied to conduct better business practices and improve performance.
There are over 24,000 different ISO standards, each relevant to different industries. A small subset of about 80 of these are management system standards.
These various ISO management system standards are the tools which organisations can use to improve areas of governance that the individual standards target. An efficient management system is one that is tailored to the organisation’s individual needs, as well as one that conforms with ISO standards.
Undergoing an ISO conformity assessment process has a number of benefits for an organisation. Firstly, it provides consumers and other stakeholders with added confidence. Getting certified with one of ISO’s management system standards is a way of showing outsiders that the organisation has an effective quality management system in place.
Complying with ISO standards also gives your organisation a competitive edge, particularly against competitors who are not complying with ISO standards. ISO standards also assist with better corporate governance, integrity, and transparency. They also look to improve ethics, social responsibility, and sustainability within an organisation.
No matter which ISO standard your business adopts, getting a certificate of conformity is a useful part of achieving good corporate governance. There are certain issues and risks that arise when a business is non-conforming, which we will get into later.
How have ISO Standards been developed around Good Corporate Governance Principles?
ISO Management System Standards (MSS) have been influenced by corporate governance principles through ISO’s collaborations with organizations such as the IIRC, GRI, ILO, OECD, and other strategic partners.
Notably, at the time when ISO developed Annex SL, the IIRC underwent several mergers with similar-purpose organizations. In June 2021, the IIRC merged with the Sustainability Accounting Standards Board (SASB) to form the Value Reporting Foundation (VRF). Subsequently, on 3 November 2021, during the COP26 climate conference, the IFRS Foundation Trustees announced the consolidation of the VRF and the Climate Disclosure Standards Board (CDSB) into the IFRS Foundation. The IFRS Foundation developed the International Integrated Reporting Framework.
As a result of these developments, several corporate governance principles are addressed in the ISO High-Level Structure (HLS), which serves as a template for ISO standards.
For instance, the International Integrated Reporting Framework, developed by the IFRS Foundation, requires an integrated report to address eight basic elements, which align with those found in the ISO High-Level Structure.
Table 1 illustrates this alignment, comparing the IIRC’s integrated report elements with the ISO High-Level Structure outlined in ISO Directive Part 1 Appendix 2.
Content elements in an integrated report: | ISO/IEC Directive Part 1, Annex SL, Appendix 2 |
1. Organisational overview and external environment – What does the organisation do and what are the circumstances under which it operates? | 4. Context of the organisation, 4.1 Understanding the organisation and its context, 4.2 Understanding the needs and expectations of interested parties, 4.3 Determining the scope of the … management system, 4.4 … management system |
2. Governance – How does the organisation’s governance structure support its ability to create value in the short, medium and long term? | 8. Operation |
3. Business model – What is the organisation’s business model? | 4.4 … management system |
4. Risks and opportunities – What are the specific risks and opportunities that affect the organisation’s ability to create value over the short, medium and long term, and how is the organisation dealing with them? | 6. Planning, 6.1 Actions to address risks and opportunities |
5. Strategy and resource allocation – Where does the organisation want to go and how does it intend to get there? | 7. Support, 7.1 Resources |
6. Performance – To what extent has the organisation achieved its strategic objectives for the period and what are its outcomes in terms of effects on the capitals? | 9. Performance evaluation |
7. Outlook – What challenges and uncertainties is the organisation likely to encounter in pursuing its strategy, and what are the potential implications for its business model and future performance? | 6. planning, 6.1 Actions to address risks and opportunities, 6.2 … objectives and planning to achieve them, 10 Improvement, 10.1 Nonconformity and corrective action, 10.2 Continual improvement |
8. Basis of preparation and presentation – How does the organisation determine what matters to include in the integrated report and how are such matters quantified or evaluated? | 9.3 Management review |
Practical Benefits of ISO Conformance and Governance Integration
Implementing ISO standards not only ensures conformance with international requirements but also enhances corporate governance while reducing business risks. Key benefits include:
- Increased stakeholder confidence and trust.
- Competitive edge in the market.
- Improved organizational integrity, transparency, and sustainability.
- Enhanced ability to meet social responsibility and ethical standards.
For instance, ISO 9001:2015 establishes a robust quality management system that promotes consistency, accountability, and continual improvement. This, in turn, supports good governance by enhancing organizational integrity.
Similarly, ISO 14001 provides a framework for compliance with legal environmental requirements, minimizing environmental impacts and thus reducing business risks related to environmental issues.
In the same way, ISO 45001:2018 establishes a comprehensive occupational health and safety management system that helps organizations proactively manage workplace risks.
Check out our Blog Post “The Significance of ISO Certification in Global Business” to learn how obtaining ISO certification unlocks boundless opportunities for growth and prosperity.
How can using ISO Standards help improve Corporate Governance?
ISO Management System Standards (MSS) are revisited every five years, with new standards frequently introduced All existing MSS and new ones are structured according to the ISO High-Level Structure, incorporating its preamble and terminology. These standards offer tools for improving governance in the specific areas they target.
A central tenet of the ISO High-Level Structure is the determination of risk to protect value and the determination of opportunity to seek value. Risk Committees, as the ‘right arm’ of the board, can adopt specific ISO Management System Standards to guide sound governance practices that address these critical touchpoints.
Implementing these standards can lead to numerous business benefits, including reduced insurance costs and the mitigation of losses resulting from relevant risk exposures.
Practical tips for implementing Governance within ISO frameworks
To effectively integrate governance practices within ISO frameworks, organizations can follow these steps:
1. Conduct a Governance Audit
Assess your current governance practices and identify areas for improvement. Use ISO standards as a benchmark for best practices.
2. Engage Top Management
Ensure that top management is committed to integrating governance practices with ISO standards. Their leadership and strategic thinking are crucial for successful implementation.
Top management should be actively involved in addressing the context requirements of the harmonized structure, using strategic insights to inform and control business processes effectively.
3. Develop Clear Policies and Procedures
Create or update policies and procedures to reflect the integration of governance practices with ISO requirements. Ensure they are well-documented and communicated to all employees.
4. Training and Awareness
Provide training to employees at all levels to ensure they understand the importance of governance and their role in maintaining conformance with ISO standards.
5. Regular Audits and Reviews
Conduct regular internal and external audits to assess conformance and identify opportunities for improvement. Use audit findings to drive continual improvement in governance practices.
6. Stakeholder Engagement
Engage with stakeholders to understand their expectations and incorporate their feedback into your governance and ISO conformance efforts.
ISO 31000, the most widely accepted guideline for enterprise risk management, emphasizes the importance of regular communication with stakeholders as a core component of its risk management model. This approach ensures that stakeholder perspectives are considered and integrated into risk management practices effectively.
The figure illustrates the integration of stakeholder communication within the ISO 31000 risk management model.
Do You Have The Right Questions On Hand To Assess Your Top Management's Conformance to ISO 9001:2015?
Download our FREE GUIDE featuring “Checklist: Evaluating Top Management’s Conformance to ISO 9001:2015” and learn more about the extent to which your organisation is complying with the key ISO 9001:2015 standard requirements!
Please note that the use of the checklist doesn’t guarantee a successful audit.
Addressing Nonconformance and its Risks
Nonconformity refers to the failure to meet ISO standard requirements, customer expectations, or legal obligations. It can occur at any level of an organization and has significant implications:
Cost Implications
Nonconformities can lead to financial losses due to rework, waste, and penalties.
Reputation Damage
Repeated nonconformities can harm an organization’s reputation and stakeholder trust.
Operational Disruptions
Nonconformities can cause delays and inefficiencies in operations.
Check out our Blog Post on the “ISO Certification Process and What You Need to Know” to take steps towards certification success.
BONUS! We share a guide on how to manage nonconformities effectively!
Strategies for Addressing Nonconformities
Root Cause Analysis
Identify the underlying causes of nonconformities to prevent recurrence.
Corrective Actions
Implement corrective actions to address nonconformities and verify their effectiveness.
Continual Improvement
Use nonconformities as opportunities for improvement, enhancing overall governance and ISO conformance.
Issues and key risks around nonconformance
Nonconformity is the failure to meet one or more of the existing requirements prescribed by the ISO management system, the ISO standard, the customer or by related legislation. Nonconformity can be found at any level of an organisation’s operations and ISO standards always demand that the underlying cause for nonconformity is removed to prevent recurrence.
In most cases, non-conformances negatively impact organisations in terms of cost, reputation, efficiency and effectiveness. Identification of a nonconformance, however, should not be considered a bad thing. By identifying a nonconformity and addressing it at a root cause level will assure all stakeholders that the event will not become a pattern.
Repeat failures
Repeated failures indicate that the organisation is failing to identify, measure, communicate or improve the processes that matter within the system. The organisation, therefore, could be facing bigger issues than just barriers to certification.
When considering ISO 9001, non-conformities or systematic failures are a significant red flag about the organisation’s ability to manage quality effectively.
Major vs Minor
Repeated failures indicate that the organisation is failing to identify, measure, communicate or improve the processes that matter within the system. The organisation, therefore, could be facing bigger issues than just barriers to certification.
When considering ISO 9001, non-conformities or systematic failures are a significant red flag about the organisation’s ability to manage quality effectively.
Do You Have The Right Questions On Hand To Assess Your Top Management's Conformance to ISO 9001:2015?
Download our FREE GUIDE featuring “Checklist: Evaluating Top Management’s Conformance to ISO 9001:2015” and learn more about the extent to which your organisation is complying with the key ISO 9001:2015 standard requirements!
Please note that the use of the checklist doesn’t guarantee a successful audit.
Leveraging ISO Certification for Better Corporate Governance
Obtaining ISO certification demonstrates an organization’s commitment to ethical practices, regulatory conformance, and stakeholder engagement, whilst practising good governance. It assures stakeholders that the organization meets international standards and practices effective governance.
Audit For Conformance
Audits, either internal or external, are a vital part of the management system approach as they enable the company or organisation to check how far their achievements meet their objectives and show conformity to the standard.
The audit processes in ISO 9001:2015, for example, provide a framework for helping organisations identify and fix their own quality management issues before they result in product/service quality concerns or waste.
Audit processes in ISO 14001:2015, for example, provide a framework for helping organizations identify and address their environmental management issues before they lead to significant environmental impacts or regulatory non-compliance.
ISO 45001:2018, for example, has audit processes which provide a framework for helping organizations identify and mitigate occupational health and safety risks before they result in workplace incidents or harm to employees.
Internal Vs External Audits
An internal ISO audit is a critical review of the business processes and related management arrangements. Internal conformance audits are not required by law, but are part of good corporate governance and are required by all management system standards.
A third-party ISO audit, on the other hand, is an audit conducted by an external organisation looking into the organisation. The external auditor will usually compare against a specific set of requirements or guidelines, generally stipulated by the organisation’s chosen Management Standard, its own internal business rules, policies and procedures as well as any applicable legislation relating to the particular standard.
A comprehensive internal audit is a vital step before ISO certification in a formal process to align management systems with internationally recognized standards. It is also part of an iterative process that drives continual improvement of the management system.
ISO Certificate Of Conformity
ISO certification, when considering management system certification, is the provision by an independent body of written assurance (a certificate of conformance) that the management system in question meets specific requirements.
Accredited third-party certification, like that offered by Wynleigh International Certification Services, shows that your organisation has met the specific requirements set out in the ISO standards.
Risk Assurance Service by Wynleigh International
Our optional, free value-adding service means that Audits can be customised through feedback from your customers, to close out gaps. This means a reduced need for your customers to perform second-party audits.
We then share your ISO-certified status with your insurer and key customers to create trust which will ultimately give your company the competitive edge. The Risk Assurance Service means less risk to transfer to your insurer and improved assurance for your stakeholders.
Learn more about how Wynleigh International can support your governance and ISO conformance efforts. Call us at +44 (0) 203 926 6507 or +27 (0) 31 941 4790, or email us at info@wynleigh.com