This article is based on a speech given to the 2019 AIS ICT Leadership and Management Conference at the Gold Coast Convention Centre on 1 Aug 2019 

A Board’s eyeview

Boards are responsible for the school’s performance in ensuring students transform information into knowledge.  A performance-focused board will seek to have oversight and insight into the corporate governance of both information and technology.   A compliance-focused board would only be interested in the size of the IT budget.

The purpose of the paper is to explore how CEOs and CIOs can provide the tools and mechanisms to enable boards to fulfill their responsibilities in governing information and technology without constraining the school’s performance.

What’s so important about information

Educational institutions are in the business of information.

Schools collect information from parents to enable the children to be enrolled as students.

Parents send their children to school to learn.   Teachers are employed to transmit information to the students in such a manner that students develop knowledge. The information is transmitted via a number of channels, including, in the main, humans, but also via technology.  This technology is no longer just about providing access to information depositories; but is utilizing technologies such as VR and AR to deliver the information to students.

Schools periodically gather data on students’ knowledge as evidence of the efficacy of the School’s processes for students to transform this information into knowledge.  This is the essence of school performance – how the school can demonstrate its “value-add”.

The main reason for information and data, is to make evidence-based decisions.

If the Board’s job is, in part, to ensure there is adequate governance of the generation, use and subsequent disposal of information, it is useful to define governance.   The next section answers the question: “What is corporate governance?”

What is corporate governance?

Corporate governance has been defined as the structures and processes that describe how power is exercised and controlled in institutions.[1]

The directors are responsible for the overall management of the educational institution.   Whilst the day to day management is usually delegated to a principal/head/ceo, the board is still ultimately responsible.  A competent director will understand what the school does and how it operates.  

For many school boards, the pool from which directors are drawn is mainly enthusiastic, volunteer parents.  Their knowledge of the business quite often rests on the fact that they too went to school during their childhood.

Information is pivotal to how schools operate. Given that exposure of that information (say via a data breach) can have an adverse effect on the school’s reputation and affect its ability to attract enrolments, IT governance should have greater prominence on the board agenda.

Why IT Governance?

IT governance is a subset of corporate governance.  Effective governance of IT will ensure alignment of IT with business needs.  If you can demonstrate this alignment to your business manager, there is a fair chance next year’s budget request will receivable favourable consideration.

IT is a fundamental business tool. Effective governance IT will ensure business continuity and sustainability. 

IT expenditure is a significant cost centre.   Good governance enhances the efficient allocation of resources, and plans for the actual realization of the expected benefits from each IT investment.

Good governance includes risk management.   Specific IT risks include breach of privacy, malware and ransomware, intellectual property rights.

There are six principles underlying good governance of IT:

  • Responsibility
  • Strategy
  • Acquisition
  • Performance
  • Conformance
  • Human behaviour

This session addresses how the organisation can apply/address these principles in establishing the framework for IT Governance to cover the acquisition of hardware; the use of the hardware; and the creation, use and security of information.  I will be explaining what it is that boards and executive leadership need.   In the second half of the session, Bill as the Manager Information Services, will be explaining how he will deliver it (no pun intended).

Principle 1: Responsibility

Management are delegated the responsibility to ensure that IT delivers value for the organisation.  But to what extent is your management technology-literate?, or are they users who just want it to work; IT should be seen and not heard.  

The data cycle needs to be understood.  The data cycle in any organisation can be broken down into a number of steps:

Create/collect -> store -> process-> interpret -> archive -> delete

Data has no use/value to the organisation unless it is accessible and available when required.

Data is of no use to the organisation unless it is used to enhance the value proposition of the school. 

What processes do you have in place to analyse the data on student achievement and well-being to design interventions that enhance student learning? The main reason for having data, is to make decisions.   The value of the data lies in how it improves the decisions that are made. 

Data accountability ensures that responsibility and authority are delegated to the right level in the organisation. 

For example, there may need to be different levels for the collection and/or creation of the data, other levels for the storage of the data (who is responsible for putting it into the system), for the extraction of the data (the use of APIs), the analysis of the data, the reporting to parents, the design of interventions, and, to “close the loop” the review of the effectiveness of those interventions.

However, no matter the delegation hierarchy, it is important that a culture of trust and transparency exist so that issues can be escalated as required. Making problems visible early will enable remediation to happen prior to them threatening the project or business process.  For example, one staff member of a school with which I am familiar, purchased VR goggles and suggested that IT should enable them on an open network.   After IT raised concerns that they should operate behind the firewall, the offered defence was that there was no porn on Youtube and 14-15 year old males wouldn’t be looking anyway.  I have no doubt this school has probably changed its purchasing delegations. 

With the myriad of responsibilities of the day to day, how can a CEO be across this?  One way is an Information Technology Steering Committee

Should this be a management committee or a board committee?

  • Membership
    • Principal ex officio
    • Chaired by IT Manager or Business Manager?
    • Head of Curriculum
    • Head of e-Learning
    • Business Manager
    • Data Analyst
  • Terms of Reference
    • Advisory committee to the Principal
    • CIO seldom on the Executive Team so ITSC is a forum for their voice to be heard directly by the Principal, if they turn up.
    • Is you CDO on the Committee – how are you using your student assessment and wellbeing data to design the interventions.

Principle 2: Strategy

Strategic thinking should consider the current, ongoing and future trends.  Is your Board, or perhaps more importantly, is management giving information to the board on the potential for digital disruption in schools.  Workflow automation is one thing.   But what about the impact of AI in the delivery of lesson content and even in marking.  To what extent were schools ready to go remote as a result of COVID-19? Livestreaming lessons is not AI.   But parents will have a taste of things to come.   Will schools “snap-back” (a phrase being used by the Australian Prime Minister to speak of life after COVID-19) to talking heads in front of a classroom? 

The difficulty of course, is that management in schools in mainly comprised of educators who need to guard against confirmation bias of the status quo. 

The strategic thinking adopted by the Board will set the priorities for which projects are advanced.   The strategic horizon of school boards can be somewhat stunted where the board is predominately composed of parents, either of current students or past students

The terms “vision”, “purpose”, “mission” and “values” have different meanings depending on your professional paradigm.   The definitions used in this paper are:

  • Purpose – why we do the things we do
  • Mission – the things we do
  • Vision – what will be the impact if we do the things we do, well
  • Values – the way in which we do the things we do

In order to develop an IT Strategic Plan, the School must first establish its own strategic direction.  Common definitions and understanding of these concepts throughout the organisation will help determine the business objectives for IT and to prioritise resource allocations.

According to ISO 38502 Information technology – Governance of IT – Framework and model, the Board should provide leadership and develop strategies for obtaining value from the use of IT.  However, it seems that the only time that the Board regularly gets interested in IT is when there needs to be a server refresh or the like; or of course, if there has been a data breach.

It comes to management to assist the Board in developing these strategies.

IT Strategic Plan

Two major questions need to be answered by the IT Strategic Plan:

  • How does the technical vision support the business vision.
  • How does the technical infrastructure support the business function.

Does the IT renewal programme support the corporate strategy.   For example, if you are a BYOD school, why do you need computer labs. 


Harvard Business Review reckon there are 6 decisions which should not be left to IT management (although they are involved): key questions for ITSC should be involved in.

  • How much should we spend on IT?(the Business Manager needs to be on the ITSC)
    • The spend needs to match the strategy – not industry benchmarks.  A competent Business Manager will know that, while it is about the money, it is not JUST about the money.   How does this expenditure help in delivering students and organisational outcomes?
  • Which business processes should receive our IT dollars?
    • Focus – not hocus pocus
    • Automation can easily replace paper–based business processes.
    • Whilst current technology enables the remote delivery of information (as we have seen through the response to COVID-19), it will be a little while before it reduces the number of teachers.  Two main reasons:
      • The importance of the teacher-student relationship in nurturing the desire to learn;
      • The unions.
  • Which IT capabilities should be firmwide/systemwide?
    • QLD Govt and SAP -v- Director-General responsibility for outcome delivery
    • There are three independent schools in Mackay (that’s ½ way between Rockhampton and Townville for the geographically challenged) – do we need 3 IT managers
  • How good do our IT services need to be?
    • What Dashboard KPIs can you provide
    • Every payday – payroll and internet access (for banking files) are mission critical.
    • Disaster recovery plan
  • What security and privacy risks will we accept?
    • Do you have a Notifiable Data Breach response plan – regardless of the level of security, the reputation implications of a breach require a response plan as the minimal mitigation strategy.
  • Who takes responsibility for an IT initiative failure (sorry – opportunity to learn)
    • Not Me is usually the most productive employee in any organisation
    • However, a functioning ITSC will shoulder the responsibility.

How does the technical infrastructure support the business function?

You don’t have to buy everything in the trade exhibit.It’s not just about the toys – but how does this fit with the vision of the school, the Why we do the things we do question?   How does this contribute to student outcomes? Start with the user in mind – what does it actually need to do.

Although it might be fun, ferreting around in the box, trying to figure out what went wrong and getting it working again – the real client is the human, who, is thumping the keyboard in frustration, or who is working around or outside of the corporate systems.

The data client is the one who wants the data turned into information which they can understand within their professional paradigm.

  • A simplified, unified technology platform
    • If the decision is to be an 0ffice 365 school, to what extent should IT be required to support Google Forms/Classroom
    • Don’t stop and start for the sake of teacher foibles.
    • Do you need an ERP (one system that does the lot), or specialist software, linked through APIs (provided the GUI looks the same – we need to make it easy for teachers to use)

Principle 3 – Acquisition

This section is based on AS/NZS 8016:2013 Governance of IT enabled projects

Effective governance will ensure that investments in IT (whether it be hardware, or software, or the usage thereof) contribute positively to the performance of the organisation.  To reiterate, Technology without business application has no value.

The Board, with the assistance of management, need to ensure that the decision-making processes are in place for proposals for investment in IT and associated changes to business process.  The evaluation should include the expected project outcomes.   Clearly then, before deciding what to go and buy (or rent), start with the end-user in mind.  Will this technology help them in doing their job (whilst ensure compliance with policies such as security of the system (don’t click on that link in the email)).  There needs to be an appropriate balance between benefits and opportunities, and costs and risks.

IT projects can be like construction projects; there are always variations to the original specification.   What processes do you have in place for approving variations in scope.  Greenfield implementations are always easier than decommissioning old equipment and installing new.

Principle 4 – Performance

Post-implementation review is an important part of project management:  did we actually achieve what we thought we would?  The questions that management is going to be asking in post-implementation review should guide the questions that you ask in designing the specifications for the project, as well as the project management methodology that you utilise to monitor milestone achievements.

It has been suggested that end user of the hardware/software is the chief client.   What processes are in place to ensure their needs are understood, clearly articulated, agreed upon, and prioritized.  These needs form the basis for the post-implementation review.

What are the indicators which demonstrate the success of Information Management and Technology.

KPIs for the Information technology and systems:

  • Uptime
  • Complaints
    • By type and frequency
    • Time taken to resolve
  • Security
  • Business process re-engineering (workflow automation)

KPIs for information management

  • Is data being used to design intervention for individualized learning
  • Is the data being used, relevant
  • How effective were the interventions.

Risk Management

Identification and management of risk is a key activity. 

Operational risks are one aspect: technical glitches, service outages

In the long run, some suggest that the greatest IT risk is overspending/investment (notwithstanding Moore’s Law).  IT is a fundamental to most businesses today as electricity is. As stated at the outset, the I of IT, information, is the business that we are in. 

Another aspect of Moore’s Law, is that any competitive advantage from IT innovation will be short-lived, hence it is better to focus risk management on vulnerabilities.

Data security.  ISO 38505.1 Governance of Data addresses the issue of the security of personally identifiable information. The Australian Privacy Principles apply to PII information.

Principle 5 – Conformance

Information management and technology is essential to today’s educational institution.  Some of the obligations with which the governing body must comply, include:

  • Security of the information collected, including for example, bank account details, TFNs of employees, and the converse: procedures if there is a notifiable data breach.
  • Privacy – including information collected from parents about the health and education records of their children
  • Record retention requirements.

Conformance is about compliance – as management doesn’t want to go to jail, you need to enable them to demonstrate to the board that these obligations are being met.

Principle 6 – Human Behaviour

Is the only time that IT comes to the attention of the Principal, when it breaks.   Is your school’s vision for IT such that it should be invisible, it should just happen. 

The principle of conformance includes establish appropriate policies and procedures, as well as training staff in those policies and procedures to not click on the link in that unsolicited email that they are reading at 10pm after the third glass of red wine.  However, human nature being what it is….. 

It must never be forgotten that the end purpose for IT is not about the latest and greatest toy, but about its use.  Part of any change to business processes will necessarily involve training the humans, the end user.  Ultimately, it is the end user who is the client of information technology; given that the technology is just the delivery system for the information required.


It is not the role of the Board to do, but rather to ensure that management does.  The board is responsible for ensuring that the School has strategies and policies to ensure that IT meets the business objectives. Competent directors will be well-read on future trends in the industry (it is part of management’s responsibility to provide them with professional reading).   The directors of Utopia College would be well-read on the current challenges, as well as the future trends in the industry.  Whilst monitoring the existing use of technology (perhaps by receiving the minutes of the IT Steering Committee), the Utopia College board would be asking its Head to investigate the impact of digital disruption on the future operations of the school:  will AI include chatbots to deliver lessons remotely, and cause the demise of the boarding school. 

[1] ASX Corporate Governance Council, 2019, Corporate Governance Principles and Recommendations 4th Edition

School Boards and Culture

What’s the Issue?

The banking royal commission’s final recommendations have application for all entities regardless of sector, in the areas of culture and governance.[1]

The June 2018 issue of Company Director featured an article “Should directors brave a school Board?”  The matter of culture comes up once or twice.

This very matter was the inspiration for my thesis 13 years earlier (  Although the fruit issues were different, the root issues were the same.

This paper will not discuss the validity of your school’s values: that is a matter entirely for the Board.

However, what the paper will provide is, once having established those values, what processes the Board should put in place and what questions should be asked, to ensure that the organization is going to be run in a manner consistent with those values.  This is consistent with Recommendation 5.6 from the Banking Royal Commission; that entities should take steps to assess the culture, identify any problems and determine what needs to change; and then review if those changes have been effective.

What is the purpose of corporate governance?

The compliance paradigm would tell you that staying out of jail is a good idea. Tick a few boxes on a checklist, and it will be alright.

The profit paradigm would tell you that creating value for your shareholders is a good idea; one school of thought (pardon the pun) is this is paramount, to the detriment of other stakeholders.

The management paradigm would tell you that having good systems and procedures in place to ensure that you accomplish your strategic goals would be a good idea.

All of these are right, BUT…. they don’t tell the full story.

  • The compliance paradigm is right – if there is a major data breach, and parents don’t believe that their personal information is safe, it is likely that they will withdraw their children.
  • The profit paradigm is right – although schools are not-for-profit, that just means you don’t have shareholders.  You still have to ensure that you have more money coming in than going out in order to be able to continue running the school.
  • The management paradigm is right – you need to have systems in place to ensure that the students actually learn.

Ultimately, the future sustainability of your school hinges on your reputation.  If you have a poor reputation, parents will not trust you with their children. It is the Board’s responsibility to define the behaviours needed from themselves, staff, students and parents to preserve and protect the school’s reputation in the community and with regulators.[2]

Simon Sinek says you should always start with the why.  It is the “why” that captures the heart.  If the organisational “why” resonates with the personal values of the staff you will find your employee productivity will improve. Values congruence leads to happiness.  And we all know that happy staff leads to happy students, which leads to happy parents.  Happy parents tend to pay their fee accounts!

Culture ought to be a business imperative, as it has a significant impact on profit.

Notwithstanding management speak that the Board has one employee (the Principal), ultimately the Board is responsible for the performance of the school.  However, it is NOT OK to achieve performance by compromising your values.  Such behaviour will lead to reputational damage which will lead to sustainability challenges should society choose to revoke your licence to operate, as demonstrated by parents withdrawing their children and staff leaving. Society will only continue to give us a licence to operate if they trust us to provide goods and services that they want, in a manner consistent with how they believe things ought to be done.

This paper does not attempt to tell you what your values ought to be. Instead it provides you with processes to put in place, and questions that should be asked to ensure that the organization is going to be run in a manner consistent with those values.

Why is this important?

The Korn Ferry Institute issued a report “The tone from the top – taking responsibility for corporate culture”.  This was a series of conversations with businesses and advisors about corporate culture. 

David Crawford (a former KPMG partner) in his conversation with the Korn Ferry Institute said:

 “I believe culture is fundamentally important to the success or lack of success of corporations.  Unless an organisation has a set of fundamental principles by which it operates, then all the people in the organisation will not know how they should behave and what is necessarily in the interest of the organisation, and the community in which they operate.”[3] 

He goes on to say that culture should be part of your organisational DNA.

If culture is in your organisation’s DNA, this paper argues that the values are the nucleotides that make up the DNA: that is the organisational values will shape the facets of the diamond that is your culture and helps customers set you apart from your competitors.

Almost all definitions of culture include people and behaviours[4].

(A former chairman of ASIC has said that “Culture is a set of shared values, or assumptions.”  It is the unwritten rules that govern how things actually work.[5] Other definitions include “culture as the values attitudes and norms that set the stage for action, belief and policy”.)[6]

Values are the foundation of a culture as they shape attitudes and practices.[7] 

What counts is the actual behaviour of people – that is performance!

The Board has a central element of establishing the culture of the organisation, maintaining the ethics and values against which the organisation should operate. The purpose (the why) and values equip the organisation to be focused and consistent[8].

Clearly, values should inform behaviours.  However, values statements only provide the espoused values; the expected behavioural norms.

The question then is how do we align the core values through the Board and the management committee to facilitate a healthy corporate culture?

Align core values at the very top of the organisation, embed desired behaviours across the Board and apply a values lens to Board decision processes.  Focus on trust as an enabler of positive and productive cultures[9]

Value congruence is a significant indicator of person-organisation fit.  Recruitment is the initial gate where we can catch value incongruence and mitigate the toxic effect on productivity and staff morale in the rest of the team where there is no value congruence?

  • Ask questions about the applicant’s personal values.
  • Assess how their values align with corporate values.
  • Make sure you include values and attitudes in roles descriptions, as well as aptitude and ability.
  • During the induction process, provide training in depth about the types of expected behaviours that would characterise those values.
  • During feedback sessions during the probation periods, ask staff for specific examples of how they have “lived out” the organisational values.

Once staff are made permanent, then:

  • Specific values-related questions should be included in the annual appraisal process
  • Rewards mechanisms (eg employee of the week) should be targeted to behaviours which exemplify the desired values.

You can’t write a set of rules that cover absolutely every situation that employees will come across.  However, if there is greater value alignment, then you can be reasonably assured that they employee’s response to the particular situation they are facing will be broadly consistent with the culture and the policies.

A lot of independent schools are companies limited by guarantee, so we would probably talk about ASIC.  No doubt ACNC will take a similar view.

ASIC has ramped up its interest in corporate culture.  In a speech on 24 May 2016, Mr Medcraft (then ASIC chairman) was heard to say (yes, you’ve guessed it) “we are at an exciting time in history”.  He also noted that “good culture is critical for organisations that want to be around for the long term”.  And indeed, ASIC have spoken at this conference.

ASIC believes there are seven key drivers of good culture:

  1. Tone at the top – the Board and senior management should set the values and principles of an organisation’s culture and ensure they are reflected in the organisation’s strategy, business model, risk appetite etc.
  2. Cascading values to the rest of the organisation
  3. Translating the values into business practices
  4. Accountability that those values are happening
  5. Effective communication – an open culture where if the values are not being adhered to, then it can be reported
  6. Recruitment training and reward – you hire for culture and character, you can always train competence
  7. Governance and controls

Good culture is good for business:

  1. It improves customer loyalty, brand and reputation
  2. Helps attract and retain staff.

Corporate integrity (reputation) requires the alignment of values with actions[10]. The culture is effectively the personality of the organisation that your customer/clients and employees experience.  Although the company is a separate legal entity to the owners and the managers, it has no soul /character in and of itself – the espoused values mean nothing, without people to put them into practice.  It is the people who govern the organisation and manage it and work there who give life to those espoused values – well at least that’s what it would be like at Utopia College

At the launch of the inaugural Governance Institute Ethics Index, the ASIC Chairman said that it is a matter for the Board and the CEO to ensure there is a values-led culture that can be implemented by frontline staff. He said in an earlier speech, that “it is not enough to talk the talk. You’ve got to walk the walk too.”[11]

It is important to take the values statement off the wall. In the book, The Corporate Culture Handbook[12], the author analyses the espoused values of Enron, Arthur Andersen and few others and the reasons for their demise.  It would seem that although the espoused values were exemplary, their values in practice were perhaps somewhat less than exemplary. Let’s not make the same mistake.

Now ASIC is not trying to dictate what kind of culture a company should have, neither am does this paper tell you what values are suitable for your organisation.  What it does do is suggest a framework that, once you have selected the values, you could implement to ensure that those values are practised throughout the organisation.

Planning for Performance

Are values used as a primary filter in strategic planning? If a proposed strategy conflicts with a value, does that mean you no longer consider that strategy (or amend it so it does align with the value)?

Sir Winfried Bischoff, Chairman of the UK Financial Reporting Council suggests that strategy should reflect the values and culture of the company and should not be developed in isolation.[13]

How do you ensure that values are explicitly considered at the Board level? 

Cabinet submissions for the Queensland Government had to include an Environmental Impact Statement and a Regulatory Impact Statement.  Why not have a Values Impact Statement in your Board papers? 

Boards should assess how effective is the fit between purpose, values, culture and strategic goals.  What are the barriers, enablers, risks and opportunities?

Closer to home, in their book Driven by purpose, Stephen Judd, Anne Robinson and Felicity Errington asserted that the Board is responsible for the who and the why of the organisation.[14] They are also responsible for the how. 

The purpose is one thing, how we achieve that purpose, the boundaries that we will not cross, are also of significance.  Indeed, they are of value to the employees.  They are watching the Board and the senior executive. It is the behaviour of the Board and the senior executive that gives life, or suffocates, the espoused values on the wall and on the website.

Accountability for Performance

Can Board members and leadership team raise constructive challenges about behaviours that are inconsistent with the organisation’s values?

Can the CEO’s direct reports raise an issue with the Board where they have a contrary view?

Reporting on Performance

The periodic reports from the CEO should include Cultural Health Indicators – this is the tricky bit – what KPIs should you put in place to evaluate the values in practice. 

The Board is entitled to receive information it considers it needs to effectively govern the organisation.  One mechanism to mitigate the CEO filter is to have other members of the senior leadership team attend Board meetings from time to time. 

Talk about your values in your annual report.  If they are important to you, brag about them.  In this way, you demonstrate to society that they are right to provide you with a licence to operate.  Of course, you may not want to be quite so forthcoming if your actual behaviour does not align with your espoused values.


The rights skills get you to the table, but the right fit gets you into the organisations[15]

At all levels of the organisation, the best person for the job has a combination of capability and skill, along with personality and fit.

Clearly articulated values can be used in both staff and Board recruitment: to assess for value congruence

Some organisations have a cultural custodian on the interview panel whose express brief is to asking the probing questions to assess cultural fit.

It is my contention that if an organisation focuses on recruiting people whose values are aligned with the organisation, then there is a reduced chance of behaviour that is contrary to the goals of the organisation. This if course must be done in a manner that is compliant with relevant laws.

The most powerful way in which a Board influences culture, other than through its own behaviour, is through its selection and management of the chief executive.

One of the interviewees in the FRC report suggests that internal promotions are less risky because the individual is well known and would have already demonstrated adherence to the organisation’s values.

Of course, the relationship between chair and CEO is critical.  If trust is missing then they are competitors rather than the chair being available as a sounding Board for the CEO.

Board Evaluation

David Crawford, in his conversation with the Korn Ferry Institute: When you appoint Board members, you look for people who have similar values and similar view about those fundamental things.

Values can be used to provide a structure for the Board evaluation process.

Summary and Conclusions

Key strategies from the FRC

  1. Embed and integrate your organisation’s values so that everybody is clear about the expected behaviours: employees, contractors, clients
  2. Don’t let your performance management and reward system skewer your values
  3. Assess, measure and engage – values ought to be important, so brag about them. Demonstrate that society is right to give you a licence to operate.

Key recommendations from CIPD

  1. Value alignment
  2. Board champion
  3. Develop Leadership and people capacity – embed values
  4. Make it safe to speak up – Board committees and employees should be able to challenge behaviour that is not consistent

Why we should care:

  1. ASIC’s interested in culture, so let’s make sure our house is in order
  2. It’s good for business – reputation management – happy customers
  3. Value congruence with staff is good for productivity

Some of the things you can do about it:

  1. Take your values off the walls
  2. Talk about them in staff meetings/toolbox meetings (safety first etc)
  3. Board members get out of the Board room and get to know your senior leadership.
  4. Check for value alignment at recruitment stage.

[1]  Accessed 29 March 2019

[2] ASX Corporate Governance Council, 2019, Corporate Governance Principles and Recommendations, 4th edn.

[3] Conversation with David Crawford in The Korn Ferry Institute, The Tone from the top – Taking Responsibility for Corporate Culture, 2016

[4]CIPD A duty to care? Evidence of the importance of organisational culture to effective governance and leadership, July 2016

[5] Medcraft, G “Why Culture Matters” speech to BNP Paribas Conduct Month, 24 May 2016

[6] Fredrick, W.C. (1995), Values, Nature and Culture in the American Corporation

[7] Medcraft, G ibid

[8] City Values Forum, 2016 Governance Culture – Risk & Opportunity – a Guide to Board Leadership in Purpose, Values and Culture

[9] CIPD A duty to care? Evidence of the importance of organisational culture to effective governance and leadership, July 2016 p35.

[10] Scott, S. 2004 Fierce Conversations, Berkley Books, New York

[11] Medcraft, G Why culture matters Speech given on 24 May 2016 to BNP Paribas Conduct Month , Sydney

[12] O’Donovan, G, 2006 The Corporate Culture Handbook, The Liffey Press, Dublin

[13] Bischoff, W., 2016 Corporate Culture and the role of Boards, Financial Reporting Council UK p.3

[14] Judd, S. Robinson, A. Errington, F 2012, Driven by Purpose, Hammond Press, Sydney

[15] Conversation with Vivek Bhatia in The Korn Ferry Institute report “The tone from the top, taking responsibility for corporate culture”