Innovation governance

Every governance layer in your organisation was added for a reason. A sign-off process because something went wrong once. An approval chain because a decision got made without the right people in the room. A compliance check because a regulator raised a concern. Each one, individually, made sense at the time.

The trouble is that governance accumulates. And while each individual layer might be perfectly rational, the cumulative effect is something nobody designed and nobody intended: an organisation that's extremely good at preventing the wrong things from happening and extremely slow at allowing the right things to happen.

This is the brittleness problem. And it's hiding in plain sight in most organisations.

The innovation governance conversation is missing the point

There's a growing body of advice about how to govern innovation. Frameworks, RACI charts, board committees, approval matrices. McKinsey's Global Board Survey found that while 87% of directors consider innovation a top three priority, fewer than 20% believe their board governs it effectively. The usual response is to build better governance for innovation - clearer processes, dedicated budgets, protected spaces where experimentation is permitted.

That's not a bad response. But it's treating the symptom rather than the cause.

The deeper question isn't "how do we govern innovation better?" It's "what is our governance doing to the health of the whole system?" Because an organisation's governance doesn't just affect innovation projects. It shapes how decisions get made, how quickly the organisation can respond to what's emerging, and whether people at every level feel they have permission to act on what they see.

Governance, in other words, isn't a management tool. It's a condition of the living system. And like any condition, it either strengthens or weakens the organism's capacity to adapt.

How governance creates fragility

There's a pattern that shows up across organisations of every size and sector. It usually starts with something sensible - a risk materialises, a mistake is made, a regulator asks questions. The organisation responds by adding a control. A new approval step, a new reporting requirement, a new compliance process. The control works. The specific risk is managed. The organisation moves on.

But the control stays. And the next time something goes wrong, another control is added on top of it. Over years, the governance architecture grows through accretion - layer upon layer of perfectly rational responses to specific problems, none of which were designed to work together and none of which get retired when the original risk changes.

The result is an organisation that's tightly controlled and structurally fragile. Three things tend to happen:

Decision-making slows to a crawl. When every decision of consequence requires multiple sign-offs across multiple layers, the organisation loses its ability to respond at the speed the environment demands. This isn't about reckless speed. It's about the difference between an organisation that can adjust course in weeks and one that takes months to approve a change everyone already agrees on.

Local intelligence gets filtered out. The people closest to customers, to delivery, to the frontline - they notice shifts first. A change in what people are asking for. A process that used to work and doesn't any more. A competitor doing something differently. But in a heavily governed environment, that intelligence has to travel up a chain before it can influence anything. By the time it reaches a decision-maker, it's been summarised, averaged, and stripped of the specificity that made it useful.

Risk appetite quietly disappears. Not because leaders become timid, but because the governance architecture makes anything new feel disproportionately difficult. When proposing an experiment requires the same approval process as committing to a major investment, people stop proposing experiments. The system doesn't reject ideas outright - it exhausts them. And the organisation gradually converges on repeating what it already knows, which feels safe until the environment shifts and the old approaches stop working.

A systematic review of organisational resilience published in the International Journal of Health Policy and Management found that resilience in complex adaptive systems isn't primarily about robust controls. It's an emergent property - arising from factors like flexibility in governance practices, collateral pathways for action, and strong social networks. In other words, the things that make organisations resilient are often the things that rigid governance suppresses.

The control paradox

Here's the part that makes this genuinely interesting. Governance designed for control often produces the opposite of what it intended.

Tight controls are supposed to reduce risk. But an organisation that can't adapt quickly to changing circumstances is carrying a different kind of risk - the risk of being too slow, too rigid, too locked into yesterday's assumptions. The governance reduces operational risk while increasing strategic risk. And because strategic risk is slower to materialise, it's harder to see until it's too late.

This isn't an argument against governance. Organisations need clear decision rights, accountability, and oversight. The question is whether your governance is designed to strengthen the organisation's capacity to adapt or to minimise the chance of anything going wrong. Those sound similar. They produce very different organisations.

An organisation governed for adaptation has clear boundaries within which people can act, rapid feedback loops so mistakes are caught early, and governance that flexes as the context changes. An organisation governed for control has detailed procedures for every contingency, long approval chains to prevent errors, and governance that tightens every time something goes wrong.

The first organisation makes small mistakes and learns quickly. The second organisation makes fewer mistakes and learns slowly - until the environment shifts and the accumulated rigidity becomes the biggest risk of all.

What governance looks like when it strengthens the system

The organisations that seem to get this right don't have less governance. They have differently designed governance. A few things distinguish them.

They govern for outcomes, not activities. Rather than prescribing how work should be done and requiring sign-off at each stage, they set clear boundaries around what matters - risk tolerance, quality standards, ethical lines - and give people freedom to act within those boundaries. The organisational design question shifts from "who needs to approve this?" to "what does this person need to know in order to make a good decision?"

They build governance that can flex. Not every decision carries the same weight. Organisations that recognise this create tiered governance - lightweight processes for reversible, low-stakes decisions and more rigorous oversight for irreversible, high-stakes ones. This sounds obvious, but most governance architectures apply the same weight of process regardless of what's at stake. An experiment that costs a thousand pounds shouldn't require the same approval path as a programme that costs a million.

They retire governance as actively as they create it. Every governance layer should have an expiry condition - not a date, but a test. Is the risk this was designed to manage still present? Has the context changed? Is this process still proportionate? Organisations that build review into their governance avoid the accretion problem. Those that don't end up carrying the accumulated weight of every historical problem they've ever encountered.

They treat operational effectiveness as an enabler of adaptability, not a constraint on it. The most operationally effective organisations aren't the most tightly controlled. They're the ones where processes are clear enough that people can follow them without thinking and flexible enough that people can deviate from them when the situation demands it. Good operations create the stability that makes adaptation possible. Over-engineered operations create the rigidity that makes adaptation impossible.

The connection to organisational health

Governance isn't usually discussed as a factor in organisational development. It sits in a different conversation - risk, compliance, oversight. But when you look at organisations through the lens of the EMERGENT framework, governance shows up everywhere. It shapes how strategy gets enacted. It affects whether culture is lived or merely stated. It determines whether people have the generative capacity to contribute their best thinking or whether they're constrained to executing within narrowly defined parameters.

The organisations we work with that are navigating change effectively tend to have governance that operates like a skeleton - providing structure and support while allowing the organism to move. The organisations struggling with change tend to have governance that operates like an exoskeleton - protecting from the outside but constraining everything within.

The difference isn't the amount of governance. It's the design intent. Was this governance built to protect the organisation from its people? Or was it built to enable its people to protect the organisation?

The question worth asking

Most governance reviews ask: are we compliant? Are our risks managed? Are our controls effective? Those are necessary questions. But they're not sufficient.

The question that changes the conversation is: what is our governance doing to our ability to adapt? Not just to innovate - to adapt. To sense what's changing, respond at the speed the situation requires, and learn from what happens.

Because governance that makes an organisation efficient and fragile is doing exactly half its job. The other half - the half that rarely gets examined - is whether the structure you've built to keep the organisation safe is also the structure that's keeping it stuck.