21st Century governance

David Porteous • Sep 29, 2021

Stay up-to-date on trends shaping the future of governance.

How technology is starting to change the way organizations make decisions 


The most boards on which I have participated still live mainly in the Twentieth Century in terms of their practices. This remains true despite some visible shifts: videoconferencing, for example, was not widely available until this century and it is now widely used for remote board meetings. Boards have followed the general trend toward greater use of digital technology, yet the practices of their decision-making are little changed. Digital adoption has hardly freed up time or focused attention. Instead, board meeting time seems all the more scarce and often harried; and the allocation of time is often mismatched with those agenda items where it might achieve the highest return for the organization. Decision-making is still largely based on documents emailed before a quarterly meeting, the information in which is often at least a month out of date by the time of the meeting. A typical board meeting often involves much sifting of dense status updates; and all too little time for robust discussion of future opportunities and risks. 


In their book Governance in the Digital Age, Brian Stafford and Dottie Schindlinger go further to point out that much contemporary board practice is built on the value of ‘deliberating’, a word whose very meaning suggests slow and cautious decision making. They are not against deliberation; nor am I. But ‘slow and cautious’ may be no better than ‘moving fast and breaking things’ at a time when opportunities and crises erupt suddenly, certainly not waiting for the next meeting cycle. New tools are becoming available which can upgrade the time honored practice of deliberation, buttressing it with more relevant information, timely discussion and convergence to decision. 


Boardtech tools for the digital age


Stafford and Schindlinger describe three typical types of corporate boards widely encountered today at different stages of growth—foundational, structural and catalytic boards. They then make the case for evolving towards a fourth category which they term a futuristic board. This is one in which directors want and receive real time information about a company via dashboards and scorecards which monitor key areas of risk, compliance and indeed their own effectiveness. In this context, the board itself becomes a strategic asset of a company, rather than being mainly a watchdog or a rubber stamp of management’s actions. There are all too few boards like these around.


Stafford and Schindlinger practice what they preach about dashboards, as they are respectively the CEO of leading boardtech firm Diligent Corporation and Executive Director of its research arm, the Diligent Institute. The field of boardtech has taken off over the past ten years, as tech vendors like Diligent vie to provide governance tools as a service to companies and governments around the world. New York City-based Diligent reports having more than 25,000 customers from around the world, with recurring revenues exceeding $300m in 2019. But it is not alone in the expanding category of ‘boardtech’ providers: among others, NASDAQ linked Boardvantage and BoardMaps offer comparable board portal services.


Today’s boardtech tools are built around board portals—access-protected storage sites from where directors can access board documentation with secure messaging and even voting options. Some integrate videoconferencing technology to secure this channel too. Certainly, boardtech tools like these are a part of supporting better decision making: at very least, they can bring efficiencies to meetings and also better security for corporate information. But boardtech tools can go beyond document managing and messaging alone. Portals may include board-relevant dashboards which provide directors with access to real time organizational information. By changing the pattern of information flow, they start to transform the essence of governance: from a ‘contact sport’ played out on the ‘field’ of intermittent meetings to an ongoing discipline of accessing and assessing relevant timely information to support better decision making. In the future, boardtech services widen the information flow beyond company sources only: they may also help to curate third party information sources for non-executive directors so that they are not reliant only on information from management or their personal sources. The expanding reach of some of boardtech providers may enable them to function like Facebook or Google but for governance—for example, notifying subscribed members that ‘directors in companies like yours are reading this trending article or following this breaking news.’


The aim of introducing boardtech tools like these should not be to double-guess management nor to encourage non-executive directors to interfere more in the domain of management. It should rather enable non-executives to ask better questions of management. They can also become more active in the development and evolution of strategy as an active conversation, not a document updated once a year. This active role is recommended strongly by economist and public company board member Dambisa Moyo in her 2021 book How boards work. She starts her book with the observation that “virtually every board … is contending with sometimes conflicting demands for environmental and social change with urgency.” She then makes three cogent recommendations about innovating board practice, of which this role in strategy is one. It’s worth a read for anyone interested in this field.


Computer circuit board


Data governance is at the heart of 21st century governance


New tools alone are not sufficient to answer the question of how governance can, should and even must evolve in the 21st century. As it does in other sectors, digital transformation both requires and enables deeper changes than merely adopting new tools as they become available. It does this by changing the basis on which decisions are made in organizations.


The currency of governance is the good judgment of the ‘governors’. This currency is ‘minted’ by the mental models which individual directors bring to the board of an organization, often shaped by relevant experiences in other organizations. The value of the currency in an organization is determined in large part by whether those different personal mental models cohere to shape an robust guiding ‘model’ for an organization: that is, one where its purpose meshes with its operating model and ethical foundations. In the fast-changing digital world, the degree of fit of any model to circumstances depreciates rapidly. So, creating enduring value through organizations comes not from sticking to one model but rather from refining and re-shaping models as new information and circumstances emerge.


To define the basis on which information is collected, verified and used, boards need a new understanding of data governance. All too often, data governance is seen as the preserve of the CIO, and delegated to risk committees of management, when really it concerns how the most valuable asset of digital-first companies—their data—is stewarded. This is of course a big topic in itself—the subject of future articless on this site to be sure—but in essence data governance is about defining and overseeing the flow of appropriate data within an organization. The flow has to be continuous, reliable and diverse: improving distributed cognition in the face of complexity requires that a much wider range of data, information and weak signals is considered and boards must oversee the curation process which harnessed the flood.



David Porteous Integral Governance Quote



Organizations which succeed in the 21st century are likely to be those which redesign their governance to take account of the tectonic shift towards better stewardship of digital data. In time to come, we may look back on today’s boardtech tools as akin to the elementary ‘compasses’ which guided the golden age of maritime exploration in the Sixteenth and Seventeenth centuries. Even though compasses remain useful navigational aids today, they have largely been supplanted by GPS devices which are now considered essential for most maritime travel. Using a GPS, the captain still directs the ship; but has access to a much richer set of relevant, timely and valuable information which creates more options for routes. Boardtech is on a journey to becoming more like the GPS for organizational governance.    

At Integral, we provide ESG Consulting advice, evaluation, facilitation, mentoring and coaching services to develop governance systems that fit your organization’s purpose and stage of growth. To explore further how we can help you, read about our services, or set up a free consultation.

S H A R E

Four Characteristics of Purpose-Driven Companies

By David Porteous 29 Jun, 2023
Framing the purpose of a company as beyond making profits for shareholders alone is age-old, but the move to state corporate purpose explicitly is newer. Stating purpose is part of a deeper transformation of a growing number of companies–from being product-driven to becoming purpose-driven.

Data Governance and DPI: what’s the link?

By David Porteous 25 May, 2023
Data governance is now a well-established domain of knowledge systemizing the rules on how data flows over a data life cycle within organizations. In essence, the DPI approach is all about managing digital data in a safe, effective and principled way for public good. Therefore the governance of DPI is essentially the same as data governance, right? Wrong. The relationship between data governance and governance of DPI can be likened to that between hygiene practices and a hospital. The hospital needs to have hygiene practices in place at a very exacting level to function effectively and safely; but a hospital is much more than its hygiene practices alone. A hospital has to serve patients, manage billing, procure supplies, operate secure buildings–all sorts of functions which are part of operating essential social infrastructure. Governing DPI is similarly complex. It is true that governing DPI will include governing data , and as I have sought to understand the older domain of data governance, I have been struck by some parallels for DPI. Here’s one: just as hygiene practices and protocols have evolved over the decades, so too has data governance. We can only hope that governance of DPI will also evolve from today’s rudimentary understanding. If you read recent books like “Disrupting Data Governance” by Laura Madsen (2019), several more echos emerge: “Data governance is one of the keys to effective data management, yet there’s a lack of shared definition”—I have been on record arguing that it is unnecessary, and maybe even futile, at this early stage to have too precise a definition of DPI, yet some boundaries are needed if DPI is to avoid this same judgment as data governance in twenty years’ time. “Data governance is about trust”—so too, ultimately, is DPI even when citizens are required to use one. “Balancing the forces of protection and promotion (of the use of data) will take some effort, each needs to be well defined and managed to avoid losing focus on their respective needs”—indeed, balancing these forces in the operation of a DPI is a critical function, maybe the critical function, of DPI governance. All those similarities should not conceal one big difference between these two fields: data governance is about the usage of data as a valuable asset within an organization , while DPI is all about supporting flows of valuable data across organizations . This is obvious for payment systems, but even digital ID systems exist to provide forms of secure authentication or verification to relying parties. Optimizing the interoperability of data for public purposes is at the heart of the DPI approach. DPI governance can therefore be framed as a form of ‘meta-data governance’, where the DPIs are themselves stewards of sorts of types of data within digital data ecosystems. That makes the task of DPI governance more challenging, but also potentially more interesting and rewarding. How long will it be before we have textbooks for DPIs with sub-titles like the standard Data Governance text by doyen John Ladley: “How to design, deploy and sustain an effective [data] governance program.” ? I hope we can accelerate the learning cycle with DPI.

Connecting Frameworks: Privacy by Design and Governance by Design for DPI

By David Porteous 19 May, 2023
There is general agreement that good governance matters for Digital Public Infrastructure (DPI). There is much less agreement at this stage about what governance means in a DPI context. One way to explore building consensus is to explore whether existing widely accepted frameworks could be adapted to the DPI context. Since DPI at its heart is all about exchanging digital data for different purposes–from payment to identification– it seems appropriate to consider the original ‘by design’ framework which was developed for data privacy. This framework was built around the concept of Privacy by design. Since its first use in 1995, privacy commissioners and data protection authorities around the world have recognized privacy by design as an international standard which they intended to promote and incorporate in policy and law. It was originally articulated as seven principles which together signaled an intention to embed privacy considerations proactively throughout the data use cycle. While the privacy by design framework is agnostic about the organization handling the data, the operators of DPIs are types of institutions with a particular purpose which demands specific governance features. The comparison of data to DPI is somewhat akin to that between blood and the heart in the human body–blood, like data, is widely distributed but the heart is the ‘essential infrastructure’ responsible for pumping it. Privacy by design is about protecting the ‘blood chemistry’; governance by design for DPIs is about ensuring that the ‘heart’ functions well, including but not only protecting the unique blood chemistry. So, governance is really the means which connects to ends like this. With that contrast in mind, how well might the principles of privacy by design inform governance by design? The table below maps privacy by design principles in the first column to my suggestions of counterpart principles for governance of DPI in the second column. You will see that the majority of principles (those numbered 1,3,5 and 6) map across pretty easily to governance of DPI. This isn’t surprising, considering a concern for ways of using data is at the heart of both.

Navigating complexity through scenario thinking: imagining a future for DPI

By David Porteous 04 May, 2023
“How can we stop going faster while our ability to see further ahead is decreasing?” In today’s world of fast-evolving digital technology, it can be challenging to make informed decisions in complex fields like Digital Public Infrastructure (DPI). With the increasing speed of change, this question posed by Peter Senge and his co-authors in their 2008 book, Presence , remains relevant. The question is applicable in any complex field in which information is limited and the interaction of feedback loops unknown. But DPI has complexity associated with fast-evolving digital technology compounded by public and private sector decisions about its deployment. No wonder the discussion surrounding DPI is filled with both optimistic expectations and valid concerns, from the potential to reduce inequality to the potential to enable dystopian surveillance and state control. The air of recent G20 meetings and World Bank spring meetings was saturated with claims about the promise of DPI and its perils. How then are we to make sensible decisions in the midst of this complexity? The most useful approach I’ve found for navigating complexity is scenario thinking. Scenario thinking is a disciplined approach to building plausible stories of potential futures (note the use of the plural, because there are always multiple paths to the future). A large part of distilling complexity down to more manageable levels is isolating the swing factors, or ‘key uncertainties’ in scenario language. The different possible outcomes of these will interweave to create rich stories, which, like good fiction, will likely have some unexpected twists and turns. These stories, or scenarios, are the backdrop against which to test how different choices may turn out. A robust strategy is one which yields the best outcomes across the widest range of scenarios but also identifies early warning indicators of major scenario shifts so that, where needed, the strategy can shift too. An important aspect of the scenario process is the way in which it helps participants build shared language and understanding, leading to new collaborations and actions to prevent unwanted outcomes. The scenario-building process has now been applied in thousands of cases at the level of country and company strategies around the world. In many, it has led to remarkable shifts in perspective. For example, the complexity of climate change has launched a whole new range of scenario tools which unpack the possible range of implications for public and private strategists to build into their risk disclosures. So how might scenario building apply to the nascent field of DPI? Here’s one way. As I have discussed in other posts, DPI lacks a single accepted definition right now. I point out in the white paper, “Is DPI a useful category or a shiny new distraction?”, that the absence of a single monolithic definition may even be a good thing in the early stages of a field, as witnessed with the older acronym ‘ESG’. However, definitional choices carry consequences. Scenarios could help to answer a driving question like: “Which definitional parameters of DPI will most affect its developmental outcomes?” Layering the different choices about what type of DPI, and therefore whether to promote or protect or regulate it, on top of the fundamental forces driving digital and societal change would be a complex exercise to do well, to be sure. But, I believe, one worth doing. Because as Peter Senge reminds us, reaching actionable clarity is a worthwhile goal–but to get there, you need first to walk through the pit of complexity. Scenarios offer a path through the pit.

Why Digital Infrastructure Needs Public-Private Partnerships: Lessons from Physical Infrastructure

By David Porteous 20 Apr, 2023
In a recent Devex post, Achim Steiner, head of UNDP, and Amitabh Kant, India’s G20 Presidency sherpa, join the growing calls for more investment in DPI as a means of driving growth, reducing poverty and increasing resilience in the face of crises. However, with government budgets already stretched, where will the additional funding come from? While donor funding may help, it cannot fill the gap alone. The field of physical infrastructure offers another way for cash-strapped governments to fund infrastructure projects: public-private partnerships (PPPs). Governments have long used various methods to raise funding or move the risk of providing essential services to the private sector. However, the modern push for infrastructure PPPs gathered momentum in the 1990s as countries like the UK and Australia explored new ways of financing essential infrastructure. Multilateral financiers became major promoters of PPPs, offering technical assistance to governments through specialist agencies like PPIAF , and co-funding designed to entice private funding to defined PPP projects. They even documented their approach in a comprehensive PPP guide directed at governments, together with associated training and certification . Could a PPP-like approach work for digital infrastructure as well? In principle, the answer has to be yes. Like physical infrastructure, digital infrastructure involves an upfront design and build process and requires subsequent operation and maintenance. Private sector providers can play a combination of different roles in PPPs at different stages, but the key difference from a pure service contract is whether in fact the main private partner assumes significant financial risk. One of the big arguments in favor of PPPs was that having private partners assume risk was the best way of managing it, rather than simply passing it over to governments who were often ill equipped to do so. However, ensuring delivery as specified and without unfair exploitation of either party over a long period required a complex web of contracts. Both parties needed the capacity and willingness to work within clear and fair contractual frameworks. But when they did, the state had clear oversight and control of infrastructure without having to build and manage it. The state often assumed full ownership of the underlying asset after the PPP contract period ended. Even if states have the financial capacity, most are highly unlikely to be able to build their own digital infrastructure in-house. They will rely on technology partners for this, even if their role is to deploy and modify open source applications in a specific context. Even when a government agency chooses to maintain a DPI once built, it will likely rely at least in part on external service providers to support it. In other words, the digital services environment is already rife with complex contracting and inter-dependencies between contractors and clients. Taking an explicit PPP approach may not reduce complexity, but it may enable it to be addressed in a more explicit and effective manner. A final question for now: was “the juice (of setting up PPPs for physical infrastructure) worth the squeeze”, particularly with regards to the end outcomes for the state? After all, PPPs in some places have generated controversies over the manner of their procurement, failed standards of service delivery, or the high price of their services. But the alternative—direct government procurement and delivery—has hardly been immune from criticism either. In 2015, the Independent Evaluation Group at the World Bank published its judgment based on evidence from the sizable number of PPPs supported by the World Bank Group. It concluded: “PPPs are largely successful in achieving their development outcomes.” There is ground to believe that PPPs can be successful in delivering public services. While the visibility of PPPs has faded slightly in recent years, in part because of association with privatization as a politically unpopular approach in many places, the call for blended finance options has risen. PPPs of course offer just that: a structured way to blend different types of finance, including donor and concessional funding. With eyes wide open from the past 30 years of experience of PPPs, I believe there is therefore a case to consider explicitly the circumstances in which digital infrastructure PPPs may work best for delivery and operation. It won’t be all cases, maybe not even a majority. But it may well be enough to make a substantial difference in the delivery of essential digital services. Read the Devex Post: Why digital public infrastructure matters more than you think

Is DPI a useful category or a shiny new distraction? (Working Paper)

By David Porteous 29 Mar, 2023
This paper explores the usefulness of the term Digital Public Infrastructure (DPI) as a new category descriptor. In order to reach any conclusion, I first reflect on whether there is yet sufficient clarity about its meaning. This question leads to an exploration of the space in which to locate the existing definitions of DPI; and then to the wider question of what is the appropriate combination of definitional openness and certainty at this early stage of the field’s development? The answer is linked to the purpose for which a definition is needed: such as championing a field or investing in it or regulating it. The relatively rapid take-off of the term DPI reflects in part deeply felt but diverse hopes and fears about the emerging digital future, such that reconciling all these will not be easy; DPI alone is no magical fix. However, it is possible to pursue an emergent definitional path which starts broad and over time, rules out certain options as evidence gathers. Definitional questions aside, there is already evidence of convergence in substance across different sectors that can make DPI a useful lens beyond the existing sectoral lenses alone. In addition, the DPI lens allows new questions to be asked, for example about whether the fragmented approach to regulatory architecture for data is adequate. The term DPI seems potentially useful therefore, but it will require some careful shepherding to avoid either the confinement of premature narrowness or the vacuousness of prolonged vagueness,

Could the FTX Failure Have Been Avoided?

By David Porteous 07 Mar, 2023
Could the dramatic failure of FTX have been avoided? What went wrong, and how can startups avoid making the same mistakes? Here a few of my thoughts: FTX's spectacular implosion has provided yet another demonstration of the tech law of amplification: namely, technology takes what works well and scales it; but it takes what works badly, and scales that too. Many circles of venture capital operate with the idea that a concern for governance should come later on in the life of a company. According to this view, governance at the early stage is restrictive and bureaucratic, and therefore antithetical to the capacity to move fast. FTX scaled superfast on this premise. At least Mark Zuckerberg recognized in Facebook's early motto that this could lead to breaking things. In the case of FTX, those things total $8 billion in claims to potentially up to a million creditors, apart from collateral reputational damage to the crypto sector as a whole.

The Difference Between Power and Authority in Governance

By David Porteous 24 Feb, 2023
 What can “Tank Man” teach us about governance? A few weeks back, I wrote about the distinction between authority and power, and how this plays out in the context of startup governance. But for many people, the distinction between authority and power is not very clear. So, here’s a very visual way of representing the difference. In this iconic picture taken 1989, we see an unidentified man standing in front of a line of tanks in front of Tiananmen Square, standing against the government's violent crackdown on the Tiananmen protests. It’s obvious at a glance that all the power sits with the column of large tanks, and some authority too–after all, the tanks were called in by the government to crush the student protests. By contrast, the lonely protestor has no power; he is physically small compared to the tanks, seemingly outmatched by the state's might. Despite this clear imbalance, the man holds a certain authority. He has the authority to bring a column of tanks to halt. Where does his authority come from? Remember the definition from Victor Lee Austen: “Authority is held by a person/s who lead humans to a fuller exercise of their freedom to accomplish human tasks.” Tank Man’s courage gave him a moral authority which both tank captains and their commanders recognized–for a while at least. This concept of authority is not limited to the realm of politics. Even though they have no tanks to command, leaders of companies may also accrue wider authority inside and even outside their organizations. Inside, authority will grow to the extent that leaders build the capacity of their employees to flourish. Outside, a company’s products and services, together with the way in which they are provided, can enable even customers and citizens to grow also in their relative freedom to accomplish tasks. This type of authority creates the capability to influence without coercion. It’s the power of demonstration and that’s why we have celebrated examples of companies which have had influence, like Ricardo Semler’s Semco Partners or those others mentioned in Good to Great . Read more on my Linkedin .

Governance in a Post-Authority Era

By David Porteous 10 Feb, 2023
Governance in a Post-Authority Era In my many years of observing private and public organizations of all sizes, I’ve made one very critical observation: governance often lies behind their failure to achieve their purpose. But governance failure itself is only a symptom of what I feel is a bigger issue that organizations are facing globally. In today's "post-authority" era—alongside all the other “posts” which characterize it, like post-modern, and post-truth—there is a growing mistrust of institutions and leaders that hold authority. The notion that there can be rightful authority is not accepted. Authority is seen as a potential or actual violation of the freedom of the “sovereign individual.” There is a pervasive sense that our institutions which should have authority—in government, religion, civil society—are all failing us. The result of the decay of authority is that other forms of power, like the coercive power of authoritarian regimes and the persuasive power of digital media, are on the rise. And they don’t usually provide a path to human flourishing. But what if the problem is less with specific authorities and more with our understanding of authority? I like how Victor Lee Austen defines authority: “Authority is held by a person/s who lead humans to a fuller exercise of their freedom to accomplish human tasks.” The word ‘authority’, a close cousin in English to the generative word ‘author’, comes from the Latin word meaning to increase. Rightful authority leads to flourishing for both those wielding it and those under it. Most of us are in both situations: under some form of authority but also wielding it in some way—as a parent, for example. Rightful authority brings with it the power to change circumstances, but power does not necessarily lead to authority. Consider the example of a #startup founder. She has the authority of the one who originated the idea for the company and who guards it jealously; but she lacks the power to bring that vision to fruition alone. As a result, she likely turns to those who have one form of power (money), but who don’t necessarily carry authority over her company: venture capital funders. When these funders provide the necessary financial resources, they also gain a level of influence and decision-making power in the form of shareholder votes. The founder/CEO’s authority is no longer absolute, even if it remains paramount. As the startup raises more funding, and grows to become profitable, alongside authority, the founder/CEO acquires more power: that is, she has more control over more resources and people and more effect on the marketplace. However, if the #CEO acquires too much power without being accountable to some form of authority outside of herself, the risk of abuse and failure grows. A rebalancing of authority and power needs to take place over time so that power and authority are appropriately distributed across the organization. Not only will the nature of this rebalancing change over time, but it will look different in different organizations. I see this as the basic task of #governance : optimizing the distribution of authority and power in organizations. When this is done well, it should result in conditions for everyone involved—employees, shareholders, customers and the communities in which they live—to flourish. In a post-authority age, it may be harder to do well, but that does not make it any less important. Do you have any thoughts on how organizations can effectively balance and distribute authority and power in this 'post-authority' era?

How to Build Effective Digital Public Infrastructures

By David Porteous 02 Nov, 2022
Reducing the Risk of Ineffective Digital Public Infrastructures There are many risks associated with the rollout of Digital Public Infrastructures (DPIs). They can open the backdoor for governments to surveil and control their citizens. They can even fall into the hands of malicious actors and be used against the people they were designed to serve. Understandably, in the growing movement propagating DPIs, many people wish to reduce risks like these. However, in my view, a risk with less severity but perhaps higher probability is that many DPIs are simply not effective–meaning that they fail to fulfill the purpose set out by their creators or funders. As a result, they may become expensive ‘white elephant’ projects, like their counterparts in the world of physical infrastructure: “bridges to nowhere” or roads and dams built without real consideration of their use, but which are expensive to maintain. A world full of ‘white elephant’ DPIs may not seem as dark as other digital dystopias, but if the DPIs are indeed that important, the absence of well functioning DPIs carries costs. Of course, effective DPIs do not guarantee utopia either; but having more effective DPIs which achieve their purpose seems like a reasonable and attainable goal. Governance challenges for DPIs To achieve this goal, the question then becomes: how best to design, build and operate effective DPIs? I am convinced that a large part of the answer is by building sound governance structures which take into account both the specific and generic challenges faced by new DPIs. First, the specific challenges of DPIs . The envisaged large scale of deployment of most DPIs leads to heightened degrees of caution and oversight from the start in ways which typically do not constrain private startups. At the same time, DPIs often need the nimbleness to compete for take up against indirect competitors at least–for example, instant retail payment systems are a fast-growing category of DPI which rely on customers choosing to use them, rather than other available means of payment. In addition, many DPIs are built and managed as public-private partnerships. The ‘partnerships’ may take different forms: from build-own-operate contracts to service agreements; or indeed, using software provided by private open-source foundations. This aspect adds an additional layer of complexity on top of standard corporate governance.
More Posts
Share by: