Mission-Critical Governance

Focusing on What Matters Most

A Fireside Chat with Tim J. Leech

Boards, CEOs, and risk leaders face one pivotal question:

Are your oversight systems focused on mission-critical objectives — or still trapped in risk lists, control checklists, and compliance rituals?

In this fireside chat, governance, risk, and assurance thought leader Tim J. Leech joins the Good Governance Academy to discuss the ideas behind his new book, Mission-Critical Governance: Focusing on What Matters Most.

The conversation will explore why traditional governance, risk, internal audit, and assurance models often fail to give boards the information they truly need: reliable insight into whether the organisation’s most important objectives are being achieved, and whether uncertainty around those objectives remains acceptable.

Drawing on decades of advisory work with boards, executives, risk leaders, and internal auditors, Tim will unpack how Mission-Critical Objective-Centric Risk & Assurance and Purpose-Driven Governance can help organisations move beyond risk lists and control checklists — and towards governance that is anchored in purpose, performance, accountability, and confidence.

About Mission-Critical Governance

Mission-Critical Governance: Focusing on What Matters Most challenges a central weakness in modern governance: boards are often surrounded by reports, dashboards, risk registers, audit findings, and control updates, yet still lack clear, reliable information on whether the organisation’s mission-critical objectives are on track.

The book argues that governance has too often become a compliance ritual rather than a true compass for purpose. In its opening chapters, it describes how boards can become detached from the very purpose that legitimises their existence, creating what Tim Leech calls the Purpose Void.

At the heart of the book is a shift from traditional risk management to objective-centric oversight. Rather than asking only, “What are our top risks?” boards should be asking:

What are our mission-critical objectives, what uncertainty surrounds them, and do we have reliable assurance that they are being achieved within acceptable levels of risk?

About Tim J. Leech

Tim J. Leech is a governance, risk, assurance, and internal audit thought leader whose work focuses on helping boards and executive teams strengthen oversight systems around what matters most.

He is the Founder and Managing Director of Risk Oversight Solutions and is known for his work on Mission-Critical Objective-Centric Risk & Assurance and Purpose-Driven Governance — frameworks designed to shift organisations away from traditional risk lists and control deficiency reporting, and towards achieving mission-critical objectives with acceptable uncertainty.
Earlier in his career, Tim built and sold a niche GRC software company and has delivered advisory and training engagements for thousands of leading organisations worldwide, including major multinational companies, financial institutions, and government agencies.

Questions & Answers

 

1. How “mission critical” are environmental and social impact to global industry, particularly for technology, energy, and natural resources enterprises?

In the approach we promote, a Strategy and Value Oversight Committee plays the lead role in deciding what is “mission critical.” These may, or may not, include ESG-type objectives. In the training we offer facilitators, we encourage them to ask whether the company has any ESG objectives that rank as mission critical.

 

2. To what extent does ChatGPT have any intellectual property rights or ownership interest in the book that was written with its assistance?

I make it clear in the author notes how AI was used in the writing of my book, including the version or versions used in research, drafting, and editing. I reviewed every word in the book and take sole responsibility for the content.

 

3. Mr Leech, how do we draw the line in terms of being called “over-reaching” or “over-stepping,” especially when some CEOs and CFOs are liabilities in their organisations?

It is the board’s job to decide who the CEO and CFO should be. A key question is whether boards acknowledge responsibility for overseeing entity purpose and supporting mission-critical objectives, including overseeing risk and uncertainty linked to those objectives.

 

4. Tim, in your opinion, are CEOs and C-suite executives reluctant to account to governing bodies? If so, why, and what can be done to overcome this?

A main focus in my book is what I have labelled Don’t Tell/Don’t Ask Governance Syndrome. CEOs often do not want to report on risk linked to mission-critical objectives, and boards often do not ask. There are many reasons why this is true, which are covered in my book.

 

5. Is there a common law definition of the purpose of a board?

Each country has evolved what is mainly an implied purpose of the board. It is implied by the things boards are expected to do. This can be found in incorporation statutes, specific laws and regulations, and common law.

In the United States, the Delaware Chancery Court is a primary source of current legal expectations of boards. That court has made it clear that boards should oversee risk linked to “mission-critical” objectives.

Expert legal advice should be sought in each country regarding the board’s fiduciary duty of care generally, and more specifically, its fiduciary duty of care to oversee risk linked to mission-critical objectives.

 

6. Many organisations have mature compliance frameworks but still experience major strategic failures. In your view, what are the biggest governance blind spots that boards continue to overlook?

The biggest blind spot by far is that most boards do not ask CEOs, CROs, or CAEs for reports on risk linked to mission-critical objectives.


7. How can boards distinguish between risks that are truly mission-critical and those that simply consume management attention without materially affecting strategic success?

We dedicate a full module to this in our certificate course in Mission-Critical Objective-Centric Risk & Assurance Management, also known as c-MORA.

Details on that training can be found here:
https://criskacademy.teachable.com/p/cmora?affcode=105582_xchhpp7n

 

8. How should boards balance their focus between short-term financial performance and long-term mission-critical risks?

My view is that the board’s focus should be on mission-critical objectives. These will include a mix of short- and longer-term objectives.

We recommend that a management-led Strategy and Value Oversight Committee proposes what it believes are the company’s mission-critical objectives. These should then be presented to the board for review and endorsement.

 

9. Is the purpose of a board different from one board to another? I am under the impression that the purpose of a board has to do with everything about governance.

Board purpose is generally not stated. It is implied by the activities boards perform, as specified in laws, regulations, director governance codes, and director institutes.

I used AI to look for boards of public companies in major countries around the world that disclose what they see as the board’s purpose. It came back with very few examples. I have asked readers in my posts to provide a link to any company they are aware of that has a board which has disclosed its purpose. So far, there have been no takers.

 

10. With AI increasingly influencing decision-making and institutional operations, how should governance and assurance models evolve to maintain accountability, human oversight, and trust?

Major changes are needed in current governance and assurance models to meet the needs of shareholders and broader stakeholders.

AI analysis confirms that current governance practices have serious, even gaping, flaws that nobody appears to want to address. These are covered in my book.

 

11. From your global experience, what is the single most common governance misconception that prevents organisations from focusing on what matters most?

I do not think it is a “misconception.” I have labelled it Don’t Tell/Don’t Ask Governance Syndrome.

CEOs do not want to report on risk linked to mission-critical objectives, and boards do not ask. Chapters 1 and 2 of my new book cover this, and subsequent chapters expand on how costly Don’t Tell/Don’t Ask Governance Syndrome is.

 

12. In your experience, are you able to mention any companies that have impressed you in their governance work and its impact on the achievement of their mission and objectives?

Over my forty-plus years working with companies around the world, many CROs, CAEs, and board directors have agreed with the core philosophies in the Mission-Critical Governance approach we promote.

You can see a list of companies I have done training, advisory, enterprise risk, and assurance software work for here:
https://riskoversightsolutions.com/about-us/

In the majority of these companies, the biggest barrier sponsors of positive change confronted was the fact that few boards had defined purpose in a way that included oversight of risk linked to mission-critical objectives. Most also had CEOs who did not want the state of risk linked to mission-critical objectives disclosed to the board.

SVG Capital, a FTSE 250-listed private equity company in the UK, was a very prominent exception. There is a four-year case study on it in the resources section of our website:
https://riskoversightsolutions.com/resources-2/

 

13. How can boards ensure that their governance and risk oversight remain focused on the organisation’s most critical objectives, rather than becoming overly consumed by compliance requirements and extensive risk reporting?

They need to take the time to agree on the board’s purpose. There is a whole chapter in my book dedicated to how to work with a board to get agreement on board purpose.

 

14. Your book emphasises focusing governance on mission-critical outcomes rather than procedural compliance. In practice, how can organisations shift leadership culture from compliance-driven governance toward governance that genuinely improves mission achievement and public value?

They need to start by agreeing on the purpose of the board. This does not mean listing the things the board will do, but rather defining why the board exists. Few companies today have taken that step.

 

15. Is the purpose of a board different from one board to another? I am under the impression that the purpose of a board has to do with everything about governance.

The short answer is that the “implied purpose” of boards does vary, but few have articulated in writing what it is. In my experience, boards often struggle a lot when asked to define, with much clarity, what the board’s purpose is.

 

16. With AI increasingly influencing decision-making and institutional operations, how should governance and assurance models evolve to maintain accountability, human oversight, and trust?

It can start by asking AI what AI believes the purpose of a board of a specific entity in a specific country should be in order to better serve the needs of shareholders and broader stakeholders.

I doubt very much that the answer will be what most boards do today.

 

17. The governance rules support institutional investor behaviour to maximise profits with zero downside, as the percentage-based administration fees are still earned. If institutional investors had to share in losses, would that encourage rational investment along the same lines as accepting the same risk as direct investors?

Some powerful institutional investors have been calling on boards to better oversee the purpose of the entity they oversee, as well as the objectives key to long-term success.

However, none that I am aware of have been calling for the major governance changes needed to drive real change. Some do drive change by replacing the current CEO with a CEO loyal to powerful investors and one willing to share the real state of risk with the board.

 

18. Mission-Critical Governance shifts the board’s attention from monitoring risks to achieving mission-critical objectives. In practical terms, what should boards stop doing, what should they continue doing, and what entirely new governance practices should they adopt over the next five to ten years?

Your question goes to the main subject my book addresses, step by step.

You can review the Table of Contents on the book’s launch site here:
https://www.routledge.com/Mission-Critical-Governance-Focusing-on-What-Matters-Most/Leech/p/book/9781041166658

Terms and Conditions

  • The Good Governance Academy nor any of its agents or representatives shall be liable for any damage, loss or liability arising from the use or inability to use this web site or the services or content provided from and through this web site.
  • This web site is supplied on an “as is” basis and has not been compiled or supplied to meet the user’s individual requirements. It is the sole responsibility of the user to satisfy itself prior to entering into this agreement with The Good Governance Academy that the service available from and through this web site will meet the user’s individual requirements and be compatible with the user’s hardware and/or software.
  • Information, ideas and opinions expressed on this site should not be regarded as professional advice or the official opinion of The Good Governance Academy and users are encouraged to consult professional advice before taking any course of action related to information, ideas or opinions expressed on this site.
  • When this site collects private information from users, such information shall not be disclosed to any third party unless agreed upon between the user and The Good Governance Academy.
  • The Good Governance Academy may, in its sole discretion, change this agreement or any part thereof at any time without notice.

Privacy Policy

Link to the policy: GGA Privacy Policy 2021

The Good Governance Academy (“GGA”) strives for transparency and trust when it comes to protecting your privacy and we aim to clearly explain how we collect and process your information.

It’s important to us that you should enjoy using our products, services and website(s) without compromising your privacy in any way. The policy outlines how we collect and use different types of personal and behavioural information, and the reasons for doing so. You have the right to access, change or delete your personal information at any time and you can find out more about this and your rights by contacting the GGA, clicking on the “CONTACT” menu item or using the details at the bottom of the page.

The policy applies to “users” (or “you”) of the GGA website(s) or any GGA product or service; that is anyone attending, registering or interacting with any product or service from the GGA. This includes event attendees, participants, registrants, website users, app users and the like.

Our policies are updated from time-to-time. Please refer back regularly to keep yourself updated.