Governance Maturity in Action

Navigating Levels of Success with ISO 37004

  • 11 September 2025

This webinar is the THIRD the ISO 37004: Governance Maturity series.

Effective governance is no longer just about meeting compliance requirements, it’s a strategic advantage.

ISO 37004:2023 provides the first internationally agreed framework to measure and improve governance maturity, helping organisations move from undefined practices to optimising performance.

Other events in the series:

By assessing governance behaviour, effectiveness, and efficiency, leaders can identify strengths, close gaps, and drive long-term value creation.

Join governance expert Carolynn Chalmers to discover how applying ISO 37004 can unlock higher levels of governance performance.

You’ll learn how to measure and improve the key aspects that build stakeholder trust, strengthen accountability, and enhance strategic agility. Through practical insights, you’ll see how governance maturity assessments can be transformed into actionable improvement plans that ensure your organisation thrives in a rapidly changing environment.

Background information

Effective governance is more than meeting compliance requirements, it is the foundation for achieving sustainable performance, responsible stewardship, and ethical leadership. The challenge for many organisations is understanding how well their governance is working and where improvement is most needed.

ISO 37004:2023, Governance of Organizations — Governance Maturity Model — Guidance, provides the first internationally agreed framework to measure governance maturity. Built on the principles and conditions defined in ISO 37000, it enables governing bodies and stakeholders to evaluate, compare, and improve governance performance across three key aspects:

  • Governance behaviour – how governance principles are applied in practice.
  • Governance effectiveness – the extent to which governance practices achieve their intended objectives.
  • Governance efficiency – how consistently governance practices are implemented and improved.

The model uses a six-level scale, from Undefined to Optimising, offering a clear roadmap for progression. By applying this framework, organisations can set realistic improvement targets, benchmark against peers, and link governance maturity directly to strategic outcomes.

This event explores how to apply ISO 37004 to navigate through these levels of governance success, transforming governance from a reactive function into a strategic advantage. 

Short Explainer Video

Questions and Answers

The ISO 37004 standard provides international guidance for assessing, comparing, and improving an organisation’s governance maturity. It offers a model to help organisations understand their current level of governance, rather than being a certifiable compliance standard. Developed with input from experts across many countries, it aims to foster effective performance, ethical behaviour, and responsible resource stewardship.

Governance, particularly under ISO 37000 and 37004, is fundamentally distinct from compliance. Compliance focuses on meeting legal requirements and compliance obligations. In contrast, governance, guided by principles, encourages organisations to “do their best” – exceeding minimum standards to achieve optimal outcomes. While a governing body must ensure compliance as a foundation, true governance is about dynamic, strategic decision-making and continuous improvement, rather than adhering to mandated rules.

Well-governed organisations, by appropriately applying governance principles, can expect several beneficial outcomes. These include effective performance, meaning the organisation operates efficiently and achieves its objectives; ethical behaviour, where decisions and actions align with moral principles; and responsible resource stewardship, ensuring that resources are used wisely and sustainably. These outcomes collectively contribute to the organisation’s overall success and its ability to meet stakeholder expectations.

ISO 37004 measures governance maturity across three key aspects:

  1. Efficiency of Communication: This relates to how well governance policies and principles are documented, communicated, understood, and integrated throughout the organisation and to its stakeholders. It assesses whether this communication leads to cohesive and comprehensive guidance.
  2. Behaviour of the Governing Body: This focuses on the attitude and commitment of the governing body towards governance. It evaluates whether board members actively engage with principles, apply them in decision-making, analyse their results, and proactively seek to innovate and improve governance practices.
  3. Effectiveness of Application: This assesses how well the established governance principles and practices are actually implemented and make a tangible difference in the organisation’s operations and decision-making. It looks at whether policies are not only in place but are also consistently applied, measured for impact, and continuously improved.

The ISO 37004 standard uses a 0-5 scale for governance maturity, aligning with other ISO maturity models:

  • Level 0 (No Evidence): No commitment, no evidence of governance in place.
  • Level 1 (Limited): Some limited activities, minimum commitment, often driven by compliance requirements.
  • Level 2 (Emerging): Governance practices are beginning to appear, with some documentation, but not yet formally adopted or consistently managed. There’s an intent to engage with governance.
  • Level 3 (Formalised): Governance is organised, documented, and actively discussed and actioned, with a cohesive set of policy documents in place, though it may be a reactive process.
  • Level 4 (Measured): Governance is seen as a strategic advantage, with aggregated evidence, interconnected policies, active engagement from the governing body, and regular measurement of effectiveness.
  • Level 5 (Optimised): Governance is creative, proactive, and continually improving, serving as a core strategic advantage for the organisation.

It’s crucial to note that these are integers (no decimals) and represent subjective assessments, with the process of discussion and improvement being more important than the number itself.

The appropriate governance maturity level varies depending on an organisation’s size, industry, and environment:

  • Level 0 (No Evidence): May be appropriate for a truly self-employed individual with no significant external dependencies.
  • Level 1 (Limited): Suitable for micro-enterprises or highly unregulated environments, like a small “mom and pop” store.
  • Level 2 (Emerging): Appropriate for small, growing businesses that are starting to gain traction and bring in others, requiring emerging practices.
  • Level 3 (Formalised): Ideal for medium-sized organisations with established teams and potentially seeking external funding, where organised and documented governance is essential.
  • Level 4 (Measured): Necessary for large organisations in highly regulated environments (e.g., financial services, pharmaceuticals), where consistent application and measurement of governance are critical.
  • Level 5 (Optimised): Reserved for very large groups in highly innovative, fast-moving environments (e.g., asset managers rapidly acquiring and selling companies) where governance is a competitive advantage and drives continuous innovation.

It’s inappropriate to over-govern a small, low-margin business or under-govern a highly regulated or dependent entity. The level must align with the organisation’s context and needs.

Organisations should not get “hung up” on the specific numerical score. The number is merely a guide or an indicator, providing brevity and a common language for discussion (e.g., “we were a 3, we want to be a 4”). The true value lies in the process of the assessment and the subsequent conversation it sparks. This involves understanding why a particular score was given, identifying areas for improvement, and discussing what actions can be taken to progress. Publicly disclosing a single number is less useful than explaining the narrative behind it, including current status, future aspirations, and the journey of improvement. Good governance is not a competition; it’s about finding the most suitable level for the organisation at a given point in time and continually evolving.

AI can certainly be a helpful tool in governance maturity assessments, but its role is primarily to enhance communication and understanding, not to generate scores independently. AI could assist in summarising complex discussions or written responses from board members, making their thoughts more succinct and easily interpretable by others. This can facilitate better dialogue around the subjective aspects of governance maturity. However, AI cannot “gather data” in the sense of making subjective judgments about behaviour, commitment, or effectiveness. These assessments require human insight into the nuances of an organisation’s culture and practices, such as whether policies are truly understood and applied, or if board members are actively engaged beyond mere compliance.

Our guests

Carolynn Chalmers 620px
  • ISO 37004 Editor and
    co-convenor ISO/TC309/WG6
Marc_Morley-removebg-preview
  • Head of
    Education and Training

Key Terms

  • ISO 37000: An international guidance standard for the governance of organisations. It outlines the overall framework and principles for effective governance.
  • ISO 37004: A follow-on international guidance standard specifically focused on assessing and elevating governance maturity within organisations. Carolyn Chalmers led its development.
  • Governance Maturity: The state of development and effectiveness of an organisation’s governance framework, practices, and behaviours. It is measured on a scale from 0 (no evidence) to 5 (optimised/innovative).
  • Governance Maturity Aspects: The three key areas measured by ISO 37004 to determine an organisation’s governance maturity: Behaviour (how the governing body acts), Practices (the methods used to apply principles), and Efficiency (how governance is communicated).
  • Principled-Based Guidance: Standards or codes that provide a set of core principles for organisations to follow, encouraging them to “do their best” rather than just meet minimum legal requirements. ISO 37000 is an example.
  • Sarbanes-Oxley (SOX): A US federal law that mandates certain practices in financial record-keeping and reporting for public companies, often cited as an example of compliance-driven regulation.
  • Governing Body: The group or individual ultimately responsible for the governance of an organisation (e.g., a board of directors).
  • Resource Stewardship: The responsible and effective management and use of an organisation’s resources.
  • Agency Risk: The risk that arises when management (agents) acts in their own self-interest rather than in the best interest of the shareholders (principals) of the organisation.
  • Integrated Governance: The concept that governance principles and practices should be consistently applied and delegated throughout an entire organisation, not just at the top level.
  • Heisenberg’s Principle: A scientific principle (also referred to as the observer effect) stating that the act of observing or measuring something can change it. In governance, this implies that the assessment process itself can influence an organisation’s governance.
  • Self-Evaluation: An internal assessment conducted by an organisation to understand its own governance maturity, often for improvement purposes rather than external reporting.
  • Arithmetic Mean: The average of a set of numbers, calculated by summing them and dividing by the count of numbers. Used in ISO 37004 for aggregating scores, typically rounded down to the nearest integer.
  • Strategic Enabler: Something that facilitates or enhances an organisation’s ability to achieve its strategic objectives. Good governance is considered a strategic enabler.

Dr Lindie Grebe

Senior Lecturer, College of Accounting Sciences, University of South Africa

Dr Grebe is a chartered accountant and senior lecturer at the University of South Africa (Unisa). 

 

She teaches postgraduate accounting sciences through blended learning using technology in distance education, and through face-to-face study schools throughout South Africa. During her employment at Unisa, she also acted as Coordinator: Master’s and Doctoral Degrees for the College of Accounting Sciences (CAS), chairperson of the research ethics committee and chairperson of the Gauteng North Region of the Southern African Accounting Association (SAAA). 

 

Before joining Unisa as academic, she gained ten years’ experience in audit practice and in commerce.

Carolynn Chalmers

Chief Executive Officer, Good Governance Academy

Carolynn Chalmers is the Chief Executive Officer of Professor Mervyn King’s Good Governance Academy and its initiative, The ESG Exchange. She has edited two international standards: ISO 37000:2021 – Governance of organizations – Guidance and its associated Governance Maturity Model, ISO 37004:2023.

 

Carolynn makes corporate dreams come true, assisting leaders and leadership teams in how to create value for their organisations. She makes use of her expertise and experience in corporate governance, organizational strategy, Digital Transformation, and IT to do so.

 

Carolynn is an Independent Committee Member of South Africa’s largest private Pension Fund, the Eskom Pension and Provident Fund, and recently retired as Independent Committee member of several board committees for the Government Employee Medical Scheme. Carolynn has extensive management, assurance and governance experience and has held various Executive roles for international, listed, private and public organisations across many industries.

 

Carolynn is best known for her successes in establishing governance frameworks, and designing and the leading large, complex initiatives that can result. She attributes this success to the application of good governance principles. She shares her insights on her 2 LinkedIn Groups – Applying King IV and Corporate Governance Institute. 

Marc Morley

Building Partnerships for an Ethical and Sustainable Future

Good Governance Academy: Training Manager

Marc switched careers from Finance in 2012, when he moved from corporates to start-ups.

 

Marc’s first initiative in this new capacity was to help ITWinners to grow. This company is focused on helping businesses achieve their strategic goals – by building and enhancing specific capabilities.

 

Subsequently, IT Winners has grown into Executive Education Online, an organization with a passion for ethical and sustainable change, focussing on education.

 

Marc joined the Good Governance Academy in 2023 as Training Manager in a collaboration arrangement between the Good Governance Academy and Executive Education Online.

Terms and Conditions

  • The Good Governance Academy nor any of its agents or representatives shall be liable for any damage, loss or liability arising from the use or inability to use this web site or the services or content provided from and through this web site.
  • This web site is supplied on an “as is” basis and has not been compiled or supplied to meet the user’s individual requirements. It is the sole responsibility of the user to satisfy itself prior to entering into this agreement with The Good Governance Academy that the service available from and through this web site will meet the user’s individual requirements and be compatible with the user’s hardware and/or software.
  • Information, ideas and opinions expressed on this site should not be regarded as professional advice or the official opinion of The Good Governance Academy and users are encouraged to consult professional advice before taking any course of action related to information, ideas or opinions expressed on this site.
  • When this site collects private information from users, such information shall not be disclosed to any third party unless agreed upon between the user and The Good Governance Academy.
  • The Good Governance Academy may, in its sole discretion, change this agreement or any part thereof at any time without notice.

Privacy Policy

Link to the policy: GGA Privacy Policy 2021

The Good Governance Academy (“GGA”) strives for transparency and trust when it comes to protecting your privacy and we aim to clearly explain how we collect and process your information.

It’s important to us that you should enjoy using our products, services and website(s) without compromising your privacy in any way. The policy outlines how we collect and use different types of personal and behavioural information, and the reasons for doing so. You have the right to access, change or delete your personal information at any time and you can find out more about this and your rights by contacting the GGA, clicking on the “CONTACT” menu item or using the details at the bottom of the page.

The policy applies to “users” (or “you”) of the GGA website(s) or any GGA product or service; that is anyone attending, registering or interacting with any product or service from the GGA. This includes event attendees, participants, registrants, website users, app users and the like.

Our policies are updated from time-to-time. Please refer back regularly to keep yourself updated.

Search