Why is it so hard to see that Strategy Delivery needs fixing?
October 9, 2025
“Does your board receive reliable information on risk linked to your Mission Critical Objectives?”
Some would argue that Most boards would struggle to answer “yes.”
The reason? Most governance frameworks focus on compliance and controls, not the objectives that determine whether the organisation succeeds or fails.
The Root Cause: Don’t Tell / Don’t Ask Governance
Tim Leech calls it the “Don’t Tell / Don’t Ask Governance Syndrome.”
Boards avoid asking probing questions about risk to mission-critical objectives; management avoids volunteering uncomfortable truths.
The result: mutual avoidance, information asymmetry, and oversight blindness.
Boards discuss generic “Top 10 Risks,” while uncertainty around the most vital objectives — safety, reputation, resilience, profitability — goes unseen until it’s too late.
OCRUM: Managing Uncertainty Where It Matters Most
Tim’s Objective Centric Risk and Uncertainty Management (OCRUM) approach reframes risk management around ISO’s definition of risk — “the effect of uncertainty on objectives.”
OCRUM makes Mission Critical Objectives (MCOs) the anchor point of governance:
- Each MCO has an Objective Owner/Sponsor accountable for achieving it.
- Risks and uncertainties are mapped to these objectives, not to abstract categories.
- “Uncertainty ratings” express confidence levels in achieving each objective — clear, actionable, and measurable.
As Tim notes, this transforms risk and internal audit from police functions to performance enablers — linking their work directly to strategy and outcomes.
His real-world examples are diverse and striking: from preventing post-surgical infections and ensuring nuclear safety to managing pandemic readiness and financial reliability. The message is the same: objectives first, uncertainty second, compliance last.
More about OCRUM here
BIG: The Governance Spine That Makes It Work
Business Integrated Governance (BIG) provides the complementary governance architecture..
Developed by The BIG CIC and c 150 contributing volunteer colleagues, BIG integrates purpose, strategy, performance, risk, and assurance into a unified operating model.
Where OCRUM focuses on how to assess and manage uncertainty around objectives, BIG defines how to structure accountability, reporting, and decision-making around them.
Its principles of fair accountability and strategy-to-execution alignment ensure:
- Objectives are cascaded and owned throughout the organisation.
- Information flows to the board are timely, integrated, and relevant.
- Governance oversight is proactive and purpose-driven, not reactive and compliance-bound.
Together, BIG and OCRUM create the foundation for true objective-centric governance.
More about BIG here
Why Regulators (and Insurers) Aren’t Forcing the Issue
Tim points out that regulators remain reluctant to require boards to oversee MCO-related risks — fearing they’d expand director liability or expose gaps in existing frameworks like COSO and ISO.
He even suggests that if D&O insurers began asking one simple underwriting question —
“Does your board receive reliable information on risk linked to Mission Critical Objectives?”
— it could revolutionise corporate governance.
But since most boards couldn’t yet answer “yes,” change will likely come from within:
forward-looking boards adopting frameworks like BIG and OCRUM to strengthen oversight voluntarily.
A Call for Professional Transformation
In another post, Tim challenges every profession — from engineers and auditors to clinicians and credit managers — to teach members how to assess and report the effect of uncertainty on objectives.
That, he argues, is how risk and assurance can finally improve decision-making rather than tick boxes.
BIG and OCRUM provide the structure and methodology to make that shift tangible.
The Future of Governance Is Objective-Centric
The combination of Business Integrated Governance and Objective Centric Risk and Uncertainty Management offers boards and executives a clear, practical path forward:
| BIG | OCRUM |
|---|---|
| The governance system connecting purpose, strategy, risk, and assurance. | The risk and assurance method focusing on achieving Mission Critical Objectives amid uncertainty. |
| Board-level integration and accountability. | Management-level clarity and measurable uncertainty. |
| Framework for sustained value creation and protection. | Engine for informed, objective-driven decision-making. |
Together, they enable what current frameworks avoid:
uncertainty-led governance — where boards oversee not just what could go wrong, but how confident the organisation really is about achieving what matters most.
Summary of Tim’s recent posts which inform this article
These links go to the BIG CIC LinkedIn Group – you are welcome to join.
Post 1 → informs the opening framing, regulatory & insurance context, and accountability gap.
Post 2 → underpins OCRUM’s methodology, real-world examples, and call for professional training.
Post 3 → supplies the governance-culture critique (Don’t Tell / Don’t Ask Syndrome).
Join the Discussion
Governance needs more than compliance reform — it needs integration and courage.
Join the conversation at the BIG CIC Conference on 5 November 2025
#Governance #OCRUM #BusinessIntegratedGovernance #BoardOversight #Assurance #RiskManagement #MissionCriticalObjectives #BIGCICConference
