ISO 37000:2021

GOVERNANCE OF ORGANIZATIONS - GUIDANCE

ISO Technical Committee 309 THE INTER NATIONAL

STANDAR D ON G OVER NANCE
Governance of Organizations OF OR GANIZATIONS

February 2022 v1
ISO 37000 Governance of organizations - Guidance

ISO 37000 Highlights

• Governance of organizations
Overview
• The Primary and the
Foundational principles
• The Enabling principles

2
 ISO 37000 Governance of organizations - Guidance

Governance of organizations Overview

The ISO 37000 standard
distills governance into 11 core
principles that are at the heart 4 Foundational governance
of any successful organization. principles

1 Primary governance
principle 6 Enabling governance
principles

Key governance outcomes

3
ISO 37000:2021(en), Governance of organizations — Guidance
 ISO 37000 Governance of organizations - Guidance

The Primary and the Foundational principles

1. Purpose

2. Value Generation
1 Primary governance
3. Strategy
principle
4. Accountability
4 Foundational
5. Oversight
governance principles

4
ISO 37000:2021(en), Governance of organizations — Guidance
ISO 37000 Governance of organizations - Guidance
The Primary Principle

1. Purpose
ISO 37000 clarifies that the governing
body is responsible for defining and
elaborating a meaningful, relevant
organizational purpose as the reason the
organization exists and gives detailed
guidance on relevant practice.
It also makes clear that the governing body O rg a n i z a t i o n a l p u r p o s e s t a t e m e n t d e f i n e s ,
should define the organizational values as specifies, and communicates the ultimate value
the compass to guide how the purpose is t h e o rg a n i z a t i o n i n t e n d s t o g e n e r a t e f o r
achieved.
specified stakeholders.

5
 ISO 37000 Governance of organizations - Guidance
A Fo u n d a t i o n a l P r i n c i p l e

2. Value Generation
Organizations don’t generate long-term value
that achieves the organization’s purpose or
avoids harm by chance.
ISO 37000 establishes the responsibility of
the governing body role to clarify the value
generation objectives and to govern so that

A value generation model these objectives are met. This requires the
governing body to define a clear and
p ro v i d e s b a s i s f o r i n n o v a t i o n a n d c o l l a b o r a t i o n
transparent value generation model that
with stakeholders.
defines, creates, delivers and sustains
appropriate value.

6
ISO 37000 Governance of organizations - Guidance
A Fo u n d a t i o n a l P r i n c i p l e

3. Strategy
The governing body should direct and
engage with the organizational strategy , in
accordance with the value generation model ,
to fulfil the organizational purpose.
The governing body sets the strategic
outcomes, establishes governance policies
to guide the strategy development, and
T h e o rg a n i z a t i o n a l s t r a t e g y re f l e c t s t h e g o v e r n i n g
engages in strategic planning.
b o d y ’ s i n t e n t i o n s re g a rd i n g t h e o rg a n i z a t i o n ’ s
The governing body should actively and
achievement of the strategic outcomes within its
dynamically steer the strategy in way that
changing context.
balances value generation in the present
with value generation in the future.

7
 A Fo u n d a t i o n a l P r i n c i p l e ISO 37000 Governance of organizations - Guidance

4. Accountability
ISO 37000 clarifies that the governing body
is responsible for and accountable to the
organization as a whole.
Accountability at all levels is a key aspect of
governance. Accountability is established
through the assignment of, and agreeing to,
Accountability engenders trust and legitimacy, which
responsibility and the delegation of authority.
l e a d s t o i m p ro v e d o u t c o m e s . I t i s d e m o n s t r a t e d The governing body can delegate but should
t h ro u g h re p o r t s , d i s c l o s u re s , e f f e c t i v e s t a k e h o l d e r demonstrate its willingness to answer for the
e n g a g e m e n t , a n d a p p l y i n g i m p ro v e m e n t s . fulfilment of its responsibilities, even where
these have been delegated.

8
ISO 37000 Governance of organizations - Guidance
A Fo u n d a t i o n a l P r i n c i p l e

5. Oversight
ISO 37000 outlines the governing body’s
role and responsibility to effectively
oversee the organization.
For the first time ever, clarity is given at a
global level on the nature, elements of and
integration into organizations of the
internal control system and the assurance Oversight by the governing body includes ensuring
processes .
t h a t a n i n t e r n a l c o n t ro l s y s t e m i s i m p l e m e n t e d
and assuring itself that the governance system is
a p p ro p r i a t e l y d e s i g n e d a n d o p e r a t i n g a s i n t e n d e d .

9
 ISO 37000 Governance of organizations - Guidance

The Enabling principles

6. Stakeholder engagement 6 Enabling governance

7. Leadership principles

8. Data and decisions

9. Risk Governance

10. Social Responsibility

11. Viability and performance

over time

10
ISO 37000:2021(en), Governance of organizations — Guidance
ISO 37000 Governance of organizations - Guidance
An Enabling Principle

6. Stakeholder
engagement
ISO 37000 outlines why and how the
governing body should understand its
stakeholders , engage them in achieving
the organizational purpose through the
strategy, establish clear criteria to
determine the relevance of stakeholder
expectations, ensure effective relation- M e m b e r, re f e re n c e , a n d re l e v a n t s t a k e h o l d e r

ships are established and maintained , e n g a g e m e n t a re k e y.

and that expectations become an
effective part of organizational
decision-making .

11
 ISO 37000 Governance of organizations - Guidance
An Enabling Principle

7. Leadership
ISO 37000 clarifies that the governing body
should be values-driven and lead the
organization ethically and effectively and
ensure such leadership throughout the
organization and its external context . The
governing body should set the tone for an
ethical and values-based organizational
T h e g o v e r n i n g b o d y s h o u l d l e a d b y e x a m p l e t o c re a t e
culture.
a p o s i t i v e v a l u e s - b a s e d c u l t u re , s e t t h e t o n e f o r
others, and engender trust and mutual cooperation
w i t h t h e o rg a n i z a t i o n ’ s s t a k e h o l d e r s .

12
ISO 37000 Governance of organizations - Guidance
An Enabling Principle

8. Data and
Decisions
ISO 37000 outlines that the governing
body should recognize data as a strategic
and valuable resource for decision-
making by the governing body.

The governing body ensures that its own

T h e g o v e r n i n g b o d y s h o u l d e n s u re t h a t t h e
decision-making process and those of
o rg a n i z a t i o n i d e n t i f i e s , m a n a g e s , m o n i t o r s a n d
others in the organizations are ethical,
c o m m u n i c a t e s t h e n a t u re a n d e x t e n t o f i t s u s e o f d a t a .
responsible and effective .

13
 ISO 37000 Governance of organizations - Guidance
An Enabling Principle

9. Risk Governance
ISO 37000 explains that the governing body
sets the tone and shapes the culture for a
proactive and anticipative approach to the
management of risk across the organization.

The governing body ensures the systematic

assessment of risks and defines the risk
criteria , in particular the appetite for risk and
risk limits.
Va l u e i s g e n e r a t e d w h e n a p p ro p r i a t e r i s k i s
The governing body assesses, treats,
t a k e n , t r a n s f e r re d o r s h a re d i n a t i m e l y m a n n e r. monitors, and communicates the nature and
extent of the risks faced when making
This happens when the governing body balances decisions.
risk effectively.

14
 ISO 37000 Governance of organizations - Guidance
An Enabling Principle

10. Social
Responsibility
The governing body should ensure that
decisions are transparent and aligned with
broader societal expectations .
For an organization to act in a socially
responsible way, it needs to operate within
T h e o rg a n i z a t i o n s h o u l d p ro a c t i v e l y c o n t r i b u t e t o the parameters of acceptable behaviour and
sustainable development by generating value in a not allow actions that are legally or locally
m a n n e r t h a t m e e t s t h e n e e d s o f t h e p re s e n t w i t h o u t permissible but not in line with what is
c o m p ro m i s i n g t h e a b i l i t y o f f u t u re g e n e r a t i o n s t o expected of it by its broader stakeholders and
meet their own needs. society.

15
ISO 37000 Governance of organizations - Guidance
An Enabling Principle

11. Viability and

performance over
time
The governing body identifies, describes
and assesses the key resources and value
generation systems the organization
depends on to generate value, how these
W h e re a n o rg a n i z a t i o n f a i l s t o u n d e r s t a n d a n d
interrelate and how they are are used over
re s p o n d t o t h e n e e d s o f t h e s y s t e m s o f w h i c h i t i s a
time. It ensures that the organization
protects and restores the key resources and p a r t , i t i s u n l i k e l y t h a t t h e o rg a n i z a t i o n w i l l re m a i n

systems that it depends on or affects. viable and perform over time.

16
ISO 37000 Governance of organizations - Guidance

Key take-aways

17
 ISO 37000 Governance of organizations - Guidance

Key take-aways

ISO 37000 is the global benchmark for good organizational Governance:

Provides a clear compass is the tool to align all is the global benchmark
in key areas of good organizations world-wide to for good governance by
governance such as fulfil their meaningful all organizations. It
purpose, stakeholder purpose through creates transparency,
engagement, resource engagement with their reduces complexity and
stewardship, stakeholders and contribute builds trust in and across
accountability and to a sustainable world which organizations & society. It
oversight. respects the needs of future is the route to value
generations. generation for all
organizations.
18
ISO 37000 Governance of organizations - Guidance

Further Details
ISO 37000:2021 Governance of organizations - Guidance

Quicklinks: ISO - ISO/TC 309 - Governance of organizations

Committee Website: ISO - ISO/TC 309 - Governance of organizations

19