Rethinking the Evaluation of Corporate Governance

A review of the lecture “More Than Compliance: Rethinking How Corporate Governance is Evaluated” by Prof. Lauren Cunningham on 6th March 2025.

When we talk about corporate governance, we often default to a checklist mindset: board independence, audit committee charters, meeting attendance, and regulatory disclosures. But what if the true effectiveness of governance lies not in form, but in substance? In the latest lecture hosted by the Kelley School of Business and ECGI, Professor Lauren Cunningham of the University of Tennessee urged the audience to move beyond compliance and ask deeper, more uncomfortable questions: How do we know governance is working? And how should it be evaluated?

Drawing on more than 20 years of experience as a CPA, audit manager, and academic, Cunningham made the case that corporate governance isn’t just about legal requirements or boardroom formalities—it is a dynamic system of corporate culture, accountability, responsiveness, and alignment. And it should be measured accordingly.

Cunningham began by questioning the very definition of corporate governance. It’s a deceptively slippery term. Some define it narrowly—focused on shareholder rights or regulatory obligations. Others draw the boundary at the board of directors. Cunningham’s view, reinforced by extensive interviews with chief audit executives, is more expansive: governance is the overarching set of policies, procedures, and relationships that affect how objectives are set and achieved across the entire organization.

Her fieldwork reveals that internal auditors regularly cite the importance of strong corporate governance, yet many companies view governance evaluations as a compliance exercise. In a multi-year survey conducted with The Institute of Internal Auditors (IIA), only 16% of chief audit executives said their companies evaluate the full system of corporate governance on an annual basis. Over half admitted they evaluate corporate governance by informally keeping an eye on trends in various governance components. This gap between recognizing the importance of corporate governance and formally evaluating it, Cunningham argued, is problematic.

So how should companies approach the evaluation of governance? Cunningham and her collaborators propose a four-step framework:

1. Define company-specific governance objectives. Governance is not one-size-fits-all. Companies must consider their unique risk profile, stakeholder expectations, and strategy.

2. Select an appropriate evaluation framework. In the absence of a single U.S. governance standard, evaluators often draw from COSO, IIA standards, enterprise risk frameworks, and peer benchmarks.

3. Conduct a structured audit plan. This involves both quantitative evidence (e.g. incident reports, whistleblower activity) and qualitative insight (e.g. interviews about culture, tone at the top, and boardroom dynamics).

4. Draw conclusions and report findings. Governance audits should not shy away from identifying failures—but the true test is whether the system detects and responds to those failures effectively.

One of Cunningham’s core insights is that effective governance often manifests not in the absence of failure, but in how an organization responds to it. Failures are inevitable in any system involving human judgment. What matters is whether employees feel safe reporting issues, whether managers listen, and whether governance structures allow timely remediation. In the field, companies can assess the “mood in the middle” or “buzz at the bottom” to evaluate how governance culture is permeating beyond the C-suite. Interviews with internal auditors revealed that many governance problems arise when tone at the top does not translate into daily practice.

While audit committees and boards often rely on internal audit for oversight, Cunningham found that most internal audit teams are not fully empowered to evaluate governance holistically. Reasons include insufficient time, budget constraints, or concerns about political fallout. Many audit executives said they feared backlash from senior leaders or boards resistant to hearing bad news. One particularly poignant comment came from an experienced chief audit executive who noted, “If you’re doing this right, you should be ready to update your résumé at any time.” Audit leaders who are not willing to do so can contribute to a lack of transparency and follow-through.

Moreover, the administrative reporting line—typically to the CFO or CEO—can undermine the chief audit executive’s independence, even though the chief audit executive functionally reports to the board. Unless boards set the tone that governance failures must be surfaced, evaluations remain superficial.

What, then, is the path forward? Cunningham highlighted the potential role of audit committees, especially given their independence under Sarbanes-Oxley and their increasing involvement in risk oversight. But she cautioned that these committees are already overloaded—tasked with cybersecurity, financial reporting, global sustainability reporting, and more. If they are to lead governance evaluations, they must be given adequate support.

The lecture concluded with a call to action: governance should not be left to compliance officers and checklists. It must be championed by boards, embedded into culture, and evaluated with the same rigor we expect of any other enterprise risk. As Cunningham reminded the audience, “You can’t talk about governance without talking about culture. It’s embedded in everything.” In an era of heightened stakeholder scrutiny and accelerating risks, rethinking how we evaluate governance is not just a best practice—it’s a necessity.

-----------------------------------

This lecture is part of the Indiana University - ECGI Online Series, a public lecture series on corporate governance. The Kelley School of Business Institute for Corporate Governance (ICG+E), in partnership with Ethical Systems, collaborates with ECGI to deliver this ongoing initiative. As part of this public lecture series, distinguished speakers share insights on the evolving landscape of governance, finance, and market regulation.