In many organisations critical functions such as Risk, Legal, Compliance, HR, and IT are designed to protect the enterprise. Their role is to enforce standards, prevent missteps, and uphold integrity. Yet often these departments are experienced not as partners in value creation but as obstacles, policing business activity rather than managing it.

This distinction between policing and management is not semantic. It cuts to the heart of whether a company views its governance functions as enablers of business value or as veto powers that stifle innovation.

The Policing Trap

The policing stance emerges when a department holds authority without shared accountability. It can say “no” to proposals but it carries no responsibility for the lost opportunities that result. The function becomes a gatekeeper rather than a collaborator.

This policing mode typically has three hallmarks:

1. Rigid enforcement: Rules are applied without nuance or consideration of business context.
2. Separation from outcomes: Decisions are framed in absolutes detached from commercial consequences.
3. Adversarial dynamics: Business units see the function as an obstacle to be worked around rather than a partner to be engaged.

The net effect is organisational drag. Instead of enabling growth under controlled conditions these functions slow decision-making and breed frustration.

The Management Alternative

By contrast, an effective management approach integrates authority with accountability. Governance functions do not just say what cannot be done. They actively explore howsomething can be done safely and profitably.

A management mindset is characterised by:

1. Solution framing: Problems are presented alongside alternatives.
2. Shared responsibility: Functions recognise their role in business outcomes and not just compliance.
3. Collaborative posture: They work side by side with business units to balance risk, efficiency, and innovation.

This is the difference between being a blocker and being a builder.

Illustrative Examples

The policing versus management lens applies across departments. Consider these examples.

• Risk
  • Policing: A credit committee rejects a loan outright because the structure is unconventional.
  • Management: Risk officers work with the deal team to adjust terms, add covenants, or secure guarantees, preserving both prudence and revenue.
• Legal
  • Policing: A lawyer halts a contract because a clause is non-standard.
  • Management: Legal proposes alternative language that protects the company while keeping the deal viable.
• Compliance
  • Policing: A compliance officer rules out a product line citing regulatory uncertainty.
  • Management: Compliance designs controls that address regulator concerns, allowing the product to launch responsibly.
• HR
  • Policing: A candidate is rejected because they do not perfectly match the job description.
  • Management: HR recognises the candidate’s distinctive strengths and works with managers to reshape the role.
• IT
  • Policing: The IT department says a system cannot be built within current infrastructure.
  • Management: IT outlines feasible alternatives and recommends phased solutions that address user needs.

In each case the shift is subtle but transformative: from “no” to “how.”

Why This Matters

The costs of policing are not merely cultural. They are strategic. Organisations that allow functions to drift into policing mode experience:

• Slower innovation cycles: Ideas stall while waiting for approval.
• Talent frustration: High performers leave when they cannot get things done.
• Lost opportunities: Deals, hires, or products are abandoned unnecessarily.

Conversely, organisations that adopt a management approach benefit from:

• Agility: Faster, better-informed decision-making.
• Resilience: Risks are mitigated through thoughtful design and not blanket prohibition.
• Trust: Business units view governance as allies, not adversaries.
• Value creation: Constraints inspire innovation, producing competitive advantage.

Authority Without Accountability

The common thread across policing functions is the misalignment of authority and accountability. Authority is exercised through veto power while accountability for lost growth remains elsewhere. This asymmetry is unsustainable in dynamic markets.

Boards and executives must ask hard questions:

• Does this department hold authority without accountability?
• Are its performance metrics limited to compliance or do they include business outcomes?
• Does it measure success by how many activities it prevents or by how many it enables safely?

The Leadership Imperative

Shifting from policing to management requires deliberate leadership action. Four moves can make the difference:

1. Embed functions in business units: Instead of central silos, position risk, legal, compliance, and IT staff alongside frontline teams. Proximity builds understanding and trust.
2. Redesign incentives: Move beyond narrow compliance KPIs. Reward functions for enabling safe growth, not just for avoiding mistakes.
3. Develop commercial acumen: Governance staff need training in business strategy and value drivers, not only rules. A risk officer who understands return on equity is better positioned to structure win-win deals.
4. Foster a solution culture: Encourage a norm where every “no” is accompanied by a “how.” Make creativity in constraint management a celebrated skill.

Reframing the Narrative

The broader point is not to weaken governance. Rules and controls are essential. The point is to reframe governance as a strategic enabler and not a bureaucratic brake.

Risk management should not only protect capital but direct it toward the best risk-adjusted opportunities. Legal should not only limit liability but enable smart deals. Compliance should not only prevent sanctions but build regulator trust. HR should not only enforce policies but unlock talent. IT should not only safeguard infrastructure but power innovation.

When functions embrace this mindset they cease to be the “police” of the business. They become true management partners, protecting the enterprise while enhancing its capacity to create value.

Conclusion

Organisations today operate in environments of rapid change and heightened scrutiny. Governance functions are more important than ever. The choice is whether to run them as police, wielding authority without accountability, or as management, integrating control with collaboration.

The leaders who make the shift will discover that governance, when practised as management, is not just about preventing harm. It is about unlocking value. The real measure of success is not how much risk, cost, or uncertainty was avoided but how much opportunity was captured safely and wisely.

For a concrete example, see my article on rethinking RACI: a practical case of shifting governance from policing to true management. Link: