GRIA Review

Menu

GOVERNANCE

Governance Beyond Compliance: Why Integrity Is a Strategic Imperative

By Dr Zamda Mutamuliza· 11 May 2026· 9 min read 

the integrity gap

In Brief

Most governance failures are not due to a lack of rules. They arise from decisions that follow the process, but which cannot be justified.

 

This week, you are preparing to approve decisions that may be legally admissible and practical, but which still involve hidden human rights, ethical, or reputational risks.

 

The question is not whether you can do it. It is whether you should do it.

 

Before approving an important decision, ask yourself the following questions:

 

  • Could we clearly explain and justify this decision?
  • Who stands to gain or lose from this decision?
  • Could this decision cause harm, however unintentional?
  • Are stakeholders most affected by this decision being considered?
  • Would we be ready to stand by the decision if it became known to the public?

If any answer is less clear, governance has not yet done its job.

 

Most governance failures are due to non-compliance. They are integrity failures. 

The most damaging decisions in organisations are usually the ones that are legally sound, practical, and adopted within an organisation, but which are morally questionable, hard to publicly justify or fail to take into consideration foreseeable harm. For this reason, governance can no longer be treated as a compliance mechanism solely. It is a decision system under pressure.


For many years, governance was generally believed to be about rules, approvals and control. While these functions continue to be relevant, they are no longer sufficient in today’s rapidly changing world of technological development, global uncertainty, heightened stakeholder scrutiny and heightened accountability pressures.


Compliance indicates to an organisation what it could do. Integrity defines what an organisation should do.

 

Consider a familiar pattern: a cost-driven outsourcing decision that moves work to a lower-cost supplier with weak workers’ protection. In theory, the contract is valid and profit-maximising. However, when scrutinised by investors, workers or regulators, it can be hard to defend once labour rights violations emerge within the supply chain. 


Most governance failures stem precisely from this gap between what is legal and what is justifiable, without anyone realising it.

Integrity is strategic

High-performing organisations do not consider integrity as a simple statement of values appended to their annual report. They embed it within their decision architecture.

When it is embedded from the very beginning, accountability is clearer, risks emerge earlier, trade-offs are explicitly defined, and trust strengthens under pressure.

In its absence, the pattern is predictable: short-term optimisation predominates, diffusion of responsibility is common within teams, uncomfortable questions are postponed, and risks accumulate at a rate that has not been yet assessed by the organisation.

The warning signal is often subtle. A decision may seem acceptable inside the room where it was decided, but very hard to justify outside it.

Human rights are a governance anchor

Human rights are frequently considered as a mere compliance obligation or a specialised subject. In practical terms, human rights are one of the most efficient tools for assessing how effective the governance is.

The UN Guiding Principles on Business and Human Rights clearly state that respect for human rights involves more than just legal compliance. It demands organisations to evaluate existing and future impacts, use the findings in their decision-making, monitor what happens, and communicate openly about how those impacts are being dealt with.

This has practical importance as it compels organisations to ask questions they often deliberately ignore – who could be harmed by ourdecision, where could harm go undetected across the organisation, and who is responsible for addressing harms when there is a legal vacuum?

The OHCHR Interpretive Guide on the Corporate Responsibility to Respect Human Rights translates this framework into operational and governance decisions, making it immediately applicable not only to legal or sustainability departments, but also to boards and senior management teams.

When observed correctly, human rights due diligence (HRDD) does not make governance complicated. It reinforces it by identifying human-centred risks that are often disregarded by traditional risk management frameworks.

Intelligence is the governance engine

Artificial Intelligence (AI) is accelerating the speed, the rate and the scope of decision-making processes within organisations. However, governance maturity is not keeping up with this pace, creating a structural integrity issue. Decisions are made more quickly, responsibility becomes harder to establish, and undesirable consequences are likely to become the norm before a clear line of responsibility is established.

The UNESCO Recommendations on the Ethics of Artificial Intelligence consider protection of human rights and human dignity as the cornerstone of AI governance. The Recommendation encourages ethical impact assessment, accountability, transparency, explainability, traceability, auditability and meaningful human oversight during the entire AI lifecycle.

This is not a question of whether AI is technical. Rather, it is whether organisations can effectively govern delegated judgments, particularly where the underlying system is sophisticated, managed by the vendor or hardly understood by individuals who approve its use.

Governance fails when no one can explain how a decision was reached, when accountability is dispersed among teams and suppliers, when oversight comes after deployment, or when no priority is given to affected individuals.

If intelligence develops without accountability, governance does not cease to exist. It becomes a mere formality.

Culture determines whether governance works

The failure of most governance systems is not caused by poor design, but by poor implementation. When employees are not allowed to challenge decisions, voice their concerns, or expect sanctions for non-compliance, then governance is purely symbolic. 

Culture takes on a crucial role in precisely these moments when governance is most challenged, i.e., periods of intense pressure when internal alignment and certainty are rewarded over challenging management decisions. It is these moments that prove whether governance is effective. 

It is not a question of whether policies exist. Rather, it is whether the organisation is comfortable slowing down, discussing the compromises and addressing convenient but hard to justify decisions.

The shift ahead

The most well-positioned organisations for the decade to come will not just be the ones with more rules. They will be those that have more straightforward rules for decision-making when it really matters. This requires

a shift from governance as compliance to governance as strategic stewardship.

Practically, this translates to the ability of leaders to demonstrate that before they take a decision, they consider possible harm, accountability and defensibility in depth, before consequences spiral out of control. 

This is the benchmark that is becoming clear in all regulatory systems, investor demands and societal scrutiny. It’s also, quite honestly, what responsible leadership has always needed.

Global Standards Brief

 
 
 
 
 
What regulators now expect

The OECD Due Diligence Guidance for Responsible Business Conduct establishes a risk-based due diligence framework that applies across the operations, supply chains and business partnerships at large. It is not a compliance checklist of items to be done. It is a method of governance, and requires organisations to proactively identify adverse impacts, take steps to prevent and mitigate them, monitor the implementation and report on outcomes.

This is a game-changer in terms of enforcement. The EU’s Corporate Sustainability Due Diligence Directive (CSDDD), the rise of mandatory reporting frameworks and litigation risks associated with supply chain harms clearly establishes that organisations that approach due diligence as a mere disclosure exercise, rather than a governance discipline, are inviting risks instead of mitigating them. 

The most resilient organisations will not be those that file a good report at the end of year but those that will embed these principles into their investment decisions, their procurement approvals, their product launches and their market entry.

Intelligence Note

 
 
 
Current weaknesses in AI governance

Today, most organisations are already leveraging AI-driven systems in various capacities, including recruitment, fraud detection, credit scores, pricing, or decision-making. Very few have governance mechanisms that are adapted to the pace and scale of those deployments. 

This is not a technical gap, in most cases. It is accountability-based. When an AI system generates erroneous outcomes that harm people, the organisation is generally not able to indicate who made the decision, how the decision was made, or if there was human oversight. This is not an AI issue. It is a failure of governance.

The UNESCO Recommendations on the Ethics of Artificial Intelligence require organisations to establish due diligence and oversight mechanisms to enable the identification, prevention, mitigation and accountability for the impacts of AI systems on human rights and the rule of law. This benchmark is establishing itself quicker than most governance frameworks are being updated. 

The short-term practical problem is this: if your organisation is unable to explain an important AI-influenced decision to the people it affects, then there is a gap in your governance that policy documents will not be able to bridge.

Responsible Practice Diagnostic

The Integrity Alignment Test

 

Before approving a significant decision, ask:

      • Could we clearly explain and justify this decision?
      • Who stands to gain or lose from this decision?
      • Could this decision cause harm, however unintentional?
      • Are stakeholders most affected by this decision being considered?
      • Would we be ready to stand by the decision if it became known to the public?

If answers to these questions are less clear, the decision is not ready.

Closing Reflection

Governance is not put to the test in moments of clarity. It is put to the test in high-pressure situations, when there is ambiguity, and compromises must be made – when the business case is obvious, the legal basis is solid, and the most difficult question is whether the decision is truly defensible.

If you are to change just one thing this week, pick a pending decision and put it through the “Integrity Alignment Test” before approving it.

 

GRIA Review publishes analysis on governance, human rights, responsible business, and institutional accountability. If this piece raised questions relevant to your organisation, explore our other articles or write for us.