Governance Theme

Every organisation makes decisions, and typically where matters for decision are within a controllable domain, we can make them well. However, to achieve business purpose, decision making will need to be cross domain. There needs to be effective cascade of implications down, and performance / progress up. Most organisations have infrastructure and support functions within domains – but Governance operation across domains can appear like each piece in a jigsaw set trying to align with other pieces.

The BIG BoK offers a clear definition of Components and Enablers to build / sustain Business Integrated Governance.
The Governance Theme therefore seeks to engage the Governance, Strategy, Change and Operations Professions to communicate what BIG has to offer, listen to their needs and support organisations adopting the BIG framework to operationalise Business Integrated Governance.

The BIG CIC has had input from many Governance Professionals in our journey so far, and we offer links to the APM Governance Interest Network and the Good Governance Academy in our Professional Links.

The Governance Theme aims to surface content from the BoK and highlight activity from our Members, Sponsors and Professional Links – sharing ideas, calling for review or offering events.

The following sections offer some pains the Governance, Risk and Compliance Community share, and the BIG response to them. We hope they provide insights that will help GRC professionals connect the value in Business Integrated Governance to their situations – and therefore seek to use the BIG BoK, our supplementary materials, membership, exams and partners.

1. Fragmented view of risk, performance and delivery

GRC functions rarely lack data – they lack coherence. Risk registers sit in one place, project portfolios in another, operational metrics somewhere else. The result is that nobody can see how risk actually affects delivery, or how delivery affects objectives.

The practical pain is constant reconciliation and interpretation.

BIG addresses this by creating a single, connected model where:

objectives, risks, obligations, and initiatives are explicitly linked
information is sourced once and reused across governance contexts
relationships between elements are visible rather than inferred

It turns “joining the dots” from a manual exercise into something structural.

2. Governance that reviews rather than decides

Many governance forums drift into passive review cycles:

status updates
RAG ratings
retrospective explanations

GRC professionals know this doesn’t reduce exposure – it just documents it.

BIG shifts the focus to decision-enabling governance:

information is structured around decisions, not reports
trade-offs and implications are explicit
the link from decision to objective and risk is clear

This changes the role of governance from oversight theatre to active control.

3. Weak line of sight from obligations to execution

Regulatory obligations, policies, and controls often sit at a high level, while delivery teams operate several layers below. The mapping between the two is either:

superficial (“this project supports compliance”), or
buried in documentation nobody maintains

This creates anxiety for GRC teams – they can’t confidently show how compliance is being achieved in practice.

BIG introduces traceability:

obligations → controls → objectives → initiatives → delivery activity
accountability is attached at each level
evidence can be pulled, not assembled ad hoc

That “golden thread” is what most GRC frameworks aspire to but struggle to operationalise.

4. Manual, meeting-driven information assembly

A lot of governance still runs on:

slide packs built for each meeting
manual data extraction
last-minute alignment of numbers

GRC professionals spend a disproportionate amount of time validating information rather than analysing it.

BIG replaces this with systematic information sourcing:

data is connected to governance objects (objectives, risks, etc.)
updates flow through the model continuously
governance consumes live, traceable information

This reduces both effort and argument about “whose numbers are right”.

5. Cultural tension - control vs delivery

GRC teams are often seen as slowing things down, while delivery teams feel they are being second-guessed. This tension is usually not about intent, but about lack of integration:

controls feel external to delivery
risk feels like an overlay, not part of decision-making

BIG reframes this by embedding governance into how the organisation runs:

objectives, risks, and constraints are part of the same structure
decision-making naturally incorporates GRC considerations
accountability is shared rather than imposed

Done well, this reduces friction because governance stops being “something extra”.

Governance Blogs

BIG, OCRUM & the Mission-Critical Oversight Gap December 4, 2025
From Risk Lists to Uncertainty: How BIG and OCRUM Close the Mission-Critical Oversight Gap Webinar: 3/12/25 – event report – David Dunning Introduction This session brought […] The post BIG, OCRUM & the Mission-Critical Oversight Gap first appeared on big-cic.org/blog.
Inspiring GRC professionals into a role in strategy delivery? November 20, 2025
Strategy delivery and the curse of “don’t ask don’t tell” syndrome 3rd December 2025, 12.30 PM UK time Many organisation boards receive performance reports, compliance-reports, risk-lists […] The post Inspiring GRC professionals into a role in strategy delivery? first appeared on big-cic.org/blog.
FRANKENORG! November 13, 2025
FRANKENORG! On the 12th November, the BIG CIC presented a session which described the use of integrated governance in a selection of organisations. Instead of explaining […] The post FRANKENORG! first appeared on big-cic.org/blog.
Operationalising strategy delivery – the priority perspective October 16, 2025
Operationalising strategy delivery – the priority perspective Executive summary Strategy development and delivery is a mature discipline (see IASP Body of Knowledge v3.0), yet many organisations […] The post Operationalising strategy delivery – the priority perspective first appeared on big-cic.org/blog.
From Risk Lists to Certainty: How BIG and OCRUM Can Close the Mission-Critical Oversight Gap October 10, 2025
“Does your board receive reliable information on risk linked to your Mission Critical Objectives?” Some would argue that Most boards would struggle to answer “yes.” The […] The post From Risk Lists to Certainty: How BIG and OCRUM Can Close the Mission-Critical Oversight Gap first appeared on big-cic.org/blog.
Purpose to Performance: Embedding Risk, Governance & Strategy for Impact May 23, 2025
Purpose to Performance: Embedding Risk, Governance & Strategy for Impact Enabling accountable, risk-aware and purpose-driven leadership at every level. On Wednesday 21st May, David Dunning (from […] The post Purpose to Performance: Embedding Risk, Governance & Strategy for Impact first appeared on big-cic.org/blog.
Connecting Project & Strategy Management through Integrated Governance October 4, 2024
Effective strategy delivery is essential for organizations to thrive and fulfil their purpose. However, it’s widely acknowledged that many organizations struggle with this process. Within the […] The post Connecting Project & Strategy Management through Integrated Governance first appeared on big-cic.org/blog.
The Role of Business Integrated Governance in Strategy Delivery June 5, 2024
Using Business Integrated Governance to improve Strategy Delivery – Strategy Perspective and Deep Dive June 5, 2024
Why, What, and How you can improve Strategy Delivery using fit-for-purpose integrated governance May 15, 2024