Home About Team Newsletter Insights Contact Login

Redefining the Line Between Board and Management Policy

enterprise value governance Jun 19, 2026

By Darren Rawson

Darren Rawson is the chair of five private companies including AltaML and Chandos Construction. He’s a former CEO of three different private companies and has done business internationally for over 25 years in numerous industry sectors.

If you look at the annual work plan of many corporate boards, you will likely find a recurring, time-consuming ritual – the policy review. Directors spend hours squinting at redlines, debating the phrasing of employee handbook updates, and formalizing guidelines for office expenses. 

I recently worked with a board that had over 30 board policies. Their annual work plan broke these policy reviews into quarters. The majority of the board’s work was reviewing, editing and approving policies.

While well-intentioned, this ritual exposes a systemic flaw in governance. Many boards spend far too much time acting as the organization's "policy police" and “grammar correctors” rather than its “strategic navigators”.

The simple truth is a board’s greatest value lies in foresight, not oversight. When an agenda is choked by operational oversight and policy approvals, the board is essentially driving looking through the rearview mirror. To shift the focus to forward-looking strategic discussions, boards must establish a clear, sophisticated boundary between board-level policy and management policy.

This doesn’t mean that oversight is wrong. It remains a core fiduciary responsibility, necessary but not sufficient for a board to be high-performing.

The key is understanding the line.

The Trap of "Policy Creep"

It is incredibly easy for a board to slip into operations. Reviewing a 20-page operational policy feels tangible, safe, and easy to cross off off a checklist. It’s also addictive and an easy trap to fall into. Board members have experience and insights and will happily provide insights on any topic when asked.

Conversely, debating long-term market disruption or geopolitical risk is ambiguous and challenging. It’s also critical.

When a board insists on approving purely operational policies, it inadvertently micro-manages the executive team. This "policy creep" causes two major issues:

  1. It dilutes executive accountability: If the board approves a granular operational policy that later fails, management can rightly claim they were just following the board's mandate.
  2. It steals precious bandwidth: Every hour spent debating internal corporate procedures is an hour lost on discussing strategic possibilities, technological shifts, and long-term capital allocation.

The goal is not for the board to abandon its fiduciary duties, but to elevate them.

The Policy Continuum: Approve, Review, Aware

In reality, there is no hard, immovable line separating board matters from management matters. What constitutes a board policy for a startup might be a mid-level management guideline for a multinational enterprise.

For example, one could make the argument that the board should review and approve a social media policy. Reputational risk is elevating for many boards, and one negligent post could send an organization into a tailspin. At the other end of the spectrum, one could make the argument that a social media policy is management’s responsibility. Once the board has set the strategy, assessed strategic risks, and empowered the CEO, the board should get out of the way and enable management to deliver the strategy knowing management will elevate issues to the board when necessary.

Instead of searching for a rigid boundary, boards should consider the Governance Continuum. Every policy can be categorized into one of three buckets based on risk, materiality, and strategic impact: Approve, Review, or Aware.

Mapping Key Policies Across the Continuum

To visualize how this works in practice, let us look at where common organizational policies typically land on this spectrum, understanding they will be different for each organization.

The "Approve" Bucket: Driving the Culture and Trust

Policies in this category define the ethical and legal North Star of the organization. Because they directly tie to the board's fiduciary and legal liabilities, the board must fully own them. Examples might include:

  • Code of Conduct & Conflict of Interest: These documents outline the foundational expectations for integrity for the board and senior leaders. The board must approve these to set the tone at the top and lead by example.
  • Whistleblower Policy: To ensure a culture of transparency and protection from retaliation, the board must oversee and approve the mechanism by which wrongdoing is safely reported and how the board and organization will respond.

The "Review" Bucket: Overseeing Systemic Risk

Here, management does the heavy lifting, but the board retains a strong oversight role because the operational risk intersects with reputational or cultural health. The board needs to be aware of the policy and the key terms, but they do not specifically need to edit or approve. They should weigh in and provide input, in particular where it relates to major risks. Examples might include:

  • Harassment & Discrimination Policies: While management executes training and handles daily compliance, the board should review and understand the policy framework to ensure the organization maintains a safe, legally compliant workspace that protects human capital.
  • Broad Employee Relations Frameworks: The board reviews macro-level talent philosophies to ensure they align with long-term strategic growth goals.

The "Aware" Bucket: Navigating Modern Risk Without Micro-Managing

This is where boards most frequently stumble by demanding approval rights when they should simply demand awareness. Examples might include:

  • Work From Home (WFH) Policy: The board does not need to vote on how many days a week an accountant sits at home, or what the stipend is for an ergonomic chair. However, the board should be aware of the policy’s terms because remote work fundamentally shifts the company’s cybersecurity posture, physical real estate footprint, and talent engagement strategy.
  • Social Media Policy: A rogue tweet can wipe out millions of dollars or create a reputational hazard overnight. The board shouldn't be proofreading the brand's Instagram guidelines, but they absolutely must be aware that a robust social media policy exists, understand its parameters, and know how management plans to mitigate a digital public relations crisis. 
Summary

Ultimately the board should be navigating a key trade-off between: (1) navigating their fiduciary duties overseeing the affairs of the company and (2) treating time as a scarce resource to be invested intentionally on creating lasting value.

By explicitly categorizing policies into Approve, Review, and Aware, the board frees up the intellectual bandwidth required to look out the front windshield. In a fast-moving business environment, the board's time is far too valuable to be spent editing the employee handbook. Safeguard the organization's future by focusing on where the company is going, not just how it is behaving today.

Categories

All Categories

board chair

board design

capabilities

culture

design

diversity

enterprise value

governance

high-performance

inclusion

mindsets

private company board design

risk management

strategy

Close

50% Complete

Two Step

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.