Category: Governance

Governance Is Not About Making a Big Song and Dance for the Sake of It


Why effective governance, auditing, and oversight depend on clarity, restraint, and role discipline

Good governance is often misunderstood. Many organisations behave as if oversight must be loud, dramatic, or ceremonially complex to be effective. But governance is not theatre. It is not a performance. It is a discipline rooted in clarity, proportionality, and the quiet confidence that comes from doing the right things consistently.

This article explores why governance fails when it becomes performative, drawing on classic cautionary tales, real‑world audit practice, and the recurring problem of Supervisory Boards drifting into executive territory. It concludes with a reminder from the “wise old owl” that the best oversight is often the quietest.

Governance and the Danger of Performative Oversight

Matilda and the problem of false alarms in governance

Hilaire Belloc’s Matilda is a perfect metaphor for governance gone wrong. Matilda repeatedly raised false alarms for the pleasure of the attention they brought. When the real fire came, nobody listened. She had exhausted the system’s capacity to take her seriously.

Many organisations fall into the same trap. They escalate everything. They dramatise routine matters. They mistake procedural fuss for foresight. And when a genuine governance risk finally emerges, the organisation is deafened by its own theatrics.

Key governance lesson: Oversight loses its power when everything is treated as urgent.

Edward Lear and the softer side of governance nonsense

Edward Lear’s nonsense characters offer a gentler warning. Their misadventures arise not from malice but from distraction, whimsy, or a love of spectacle. They are charming — but they are not models of governance.

Governance takeaway: Nonsense has its place, but not in the boardroom.

Audit Governance: When Emphasis of Matter Becomes a Song and Dance

The proper role of the Emphasis of Matter paragraph

The Emphasis of Matter (EoM) paragraph is a legitimate tool in the auditor’s report. It is used when:

  • the auditor’s opinion is unmodified,
  • management has already made full disclosure, and
  • the auditor judges the matter so fundamental that it merits highlighting.

Used correctly, it enhances clarity.

The problem: overuse of Emphasis of Matter paragraphs

Some auditors use EoMs as if they were Matilda shouting “Fire!” — emphasising matters already perfectly disclosed, simply to appear diligent. This is governance by performance, not governance by principle.

Worse still, some auditors are tempted to disclose information in the EoM that management has not disclosed. This is a cardinal error. If the auditor feels compelled to introduce new information, the correct response is a modified opinion, not a theatrical EoM.

When Emphasis of Matter is appropriate

There are legitimate cases — for example, in publicly listed companies where a disclosure is technically complete but placed where a reasonable reader might not expect it. In such cases, an EoM enhances transparency.

But it should be the exception, not the rule.

Supervisory Boards and the Governance Failure of Role Confusion

When overseers drift into executive management

A second common governance failure occurs when Supervisory Board members begin to act like executives. They:

  • rewrite management’s plans,
  • involve themselves in operational decisions,
  • direct staff,
  • or behave as if they are auditioning for an executive role.

This is not oversight. It is role confusion. It comes from human nature and is related to the mission creep we see in national governments and state sectors using regulators and regulations to reduce the remit of privatye businesses. Oversight boards in the private sector need to know that the temptation is there in human nature, but they need to know better. Let the execs do their job, give them duue encouragement, help them think, be a sparring partner when required, and know when to butt out when not.

The revolving‑door problem

In some organisations, careers shuttle between executive and non‑executive roles. This creates:

  • blurred accountability,
  • conflicts of interest,
  • weakened independence,
  • and a governance structure that looks busy but functions poorly.

An overseer who expects to become an operator tomorrow cannot hold today’s operators to account.

A historical contrast: overseers in the early church

The early church used the term episkopos — overseer — for individuals who were spiritually mature but still ordinary members of the community. Their authority came from example, not executive power.

Modern corporate governance is different, but the contrast is instructive:

  • Church oversight is pastoral.
  • State oversight is constitutional.
  • Business oversight is fiduciary.

These are three strands of a threefold cord not quickly broken — but only when each strand keeps its integrity.

Governance takeaway

Oversight is not a rehearsal for executive office. It is not shadow‑management. It is a separate vocation requiring distance, independence, and clarity.

Coda: The Wise Old Owl and the Power of Quiet Oversight

The old nursery verse about the wise old owl, usually attributed to Edward Hersey Richards, captures the heart of effective governance:

The more he saw, the less he spoke; The less he spoke, the more he heard.

It is a child’s rhyme, but it contains a governance truth many adults never learn.

Oversight — whether by non‑executive directors, auditors, regulators, or Supervisory Boards — is most effective when it is:

  • observant rather than intrusive,
  • attentive rather than theatrical,
  • measured rather than noisy.

If overseers make a fuss over everything, they become like Matilda: ignored when it matters. If they try to do management’s job, they lose the independence that gives oversight its value. If they speak too often or too loudly, they find that when they finally need to be heard, their voice no longer carries.

Good governance listens more than it lectures. It intervenes only when intervention is truly needed. And when it speaks — really speaks — people listen.

And what we can say about corporate governance is no less true when we speak about the government of nations.

New Requirement for Quoted Companies in Poland


A new provision in the Act on Public Offers (Ustawy o Ofercie Publicznej) has introduced a new obligation on Polish PIEs to prepare an annual report on the remuneration of the management board and supervisory board and to submit this report to the auditor’s assessment.

Art. 90g of the Act on Public Offering, Conditions Governing the Introduction of Financial Instruments to Organized Trading, and Public Companies” introduces the new Remuneration Report. The supervisory board of a public company must prepare a report on the remuneration of the management board and the supervisory board each year. The scope of the report is specified in the provision cited above. The report has to be “assessed” by a statutory auditor to ensure that the information it contains is accurate and complete.

The first such annual Remuneration Report will be prepared jointly for the years 2019-2020 and the audits of them will be carried out for the first time in 2021.

The Remuneration Report will be prepared separately from the financial statements and the company’s annual report, and its “assessment” will be classified technically as “an assurance service, other than an audit of the financial statements”, and considered by the Regulator as part of the auditing business of a licensed firm. Only registered auditors and their companies licensed to audit Public Interest Entities should be engaged to perform these assurance services.  The purpose of the auditor’s assessment is to confirm that the remuneration report contains all the elements required by law. Responsibility for the substantive correctness of the information indicated in the remuneration report rests solely with the members of the company’s supervisory board, and the auditor should be independent to the entity. It may indeed be the same auditor which carries out the audit of the Financial Statements, according to Art. 136 paragraph. 1 of the Act on Statutory Auditors, therefore in most cases it will be the same auditor which you already have.

The above has been confirmed by the Financial Market Development Department at the Ministry of Finance in response to a query by the Chamber of Auditors in Poland (PIBR).

Should you be in a situation where your financial statements auditor is reluctant to carry out this review, they are not obliged to as it is separate to the existing contracts in place currently. You may prefer, for the sake of good corporate governance, to engage a smaller Firm which is able to carry out PIE audits for this task. Please contact us and we will assist you to a good offer from a reputable Firm for the audit, or alternatively if you would like help with the report itself, this ca also be done with Quoracy Consulting and our partners.

For further help, please use the contact form below.  It emails direct to me at the audit firm Grupa Strategia, which has been developing a competence in this area in anticipation of the changes.

← Back

Thank you for your response. ✨

What should the relationship of internal and external audit look like?


Not every organisation has both an external audit and internal audit. In some jurisdictions you can get companies that have internal audit but no external audit, while in most countries you get quite a prevalent external audit with far less incidence of internal audits. Russia is a prime example of the latter case.

External audits done under ISAs are supposed to plan and carry out work in order to have a reasonable expectation of detecting fraud and other irregularities, and certainly the expectation of users has traditionally been that external auditors are responsible for finding fraud.

I work both as external auditor and I also carry out internal audits for clients who don’t have their own departments or who do but still need to be beefed up locally by brought-in experts. Therefore I have no particular axe to grind, but I will say this – a lot seems to be expected of external auditors with relation to fraud without giving them the tools necessary to find instances of fraud.

Internal audit departments can, within reason (they cannot supercede data protection law or labour law, etc, or contravene people’s basic human rights when monitoring them) have whatever tools they like if they are within budget. I can just imagine what my clients would think if I as an external would start installing cameras, GPS trackers on company vehicles, doing spot checks for alcohol, lifestyle checks on managers, and all the other things that internals can do. And yet if you take the standards literally I have to do a job not far off that of a policeman as an external auditor.

All we are usually given as external auditors is a couple of generic questionnaires which we try to go through with the client’s management adapting it to the specifics of their business, then we have the duty and hopefully also the ability to map out and analyse the systems of the client, including the controls and to perform walk-through tests and seek to identify key controls. The way an external auditor assesses a key control and the way an internal auditor assesses a key control are also different in a number of ways, and how we define a key control for our respective purposes differs, and then the timing and frequency of checks on that control will differ. Many people who have worked only in external audit won’t know how or why they differ and therefore their ability to get the best from internal if it is even there will be in many cases limited.

Actually most of the fraud questionnaires in use are a good start because they are based in fact on the fraud triangle originally talked about by notable criminologist Donald Cressey back in the 1960s and 70s. This is the triangle of means, motivation and rationalisation or self-justification. It is based on the idea that if a person hasn’t got the opportunity to get around the system, doesn’t really need to and thinks it would be wrong to, then the chances of that person committing fraud are extremely remote. If on the other hand a person thinks that they know how to get away with it, need the money and also think they deserve to do it, then the fraudulent activity by that person is virtually certain. Various permutations of this give varying degrees of likelihood of fraud. The questions in fraud questionnaires would be good at helping to build a “fraud triangle” exercise in a given context, but only as long as the person doing it knows what they are doing both in theory and in practice. Often it is given to quite junior people to carry out and also very often in assessing audits I have seen that the answers don’t necessarily carry through to specific tests relevant to those answers, but instead increase general risk meaning that there is a likelihood that the sample sizes for other detailed substantive tests (by the way the weakest set of tests for detecting fraud) will be higher. And sometimes you are lucky to even get that much of a response.

Externals go on to make their control tests if they do recognise a key control (and on a worldwide scale I would hazard a guess that tests of controls are still done on only a small minority of audits, with most defaulting to the substantive route based really on lack of time or confidence with control work by the external audit team) and also the other big weapon they have in the arsenal is substantive analytical review. But SAR is only as good as the in-depth knowledge of the branch or business, so externals – especially those which are not branch specific as some Big Four externals are – don’t really have the sector knowledge that the internal audit team have and so their chance of noticing something that doesn’t stack up as they go through their analyses of ratios, or building of expectations and confronting to reality is not as good as that of the internal in many cases.

And then auditors finish every section by mopping up whatever needed assurance they could not derive from the earlier procedures by other substantive procedures based if done properly on a statistical sample, which is designed to get them from the assurance they got from less time-consuming procedures through to within their tolerable error (a function of risk and materiality from their perspective, which again differs from the internal auditor’s perspective which may not even be couched in money figures but in non-monetary terms). However the chances of getting at fraud looking through sampled accounting documents is miniscule, and here many external auditors do the bulk of their work.

So naturally if there is an internal audit team, an enlightened external auditor should be ver anxious to understand how they decided their work plan, what they did, and how many key controls have been checked thoroughly and how many risks are still open. If they want to give the organisation real value for money they will design tests that supplement, rather than duplicate the work of internal auditors.

Internal auditors will encourage this – they too will want to see that the organisation’s budget for external audit work goes on procedures that help to improve the risk heat map and the overall picture for the organisation. This call only be done when each side understands the other and “speaks their language”. Many internals have worked as external but not many are continually doing both types and therefore able to think through an assurance issue from both perspectives.