The Battle Over Audit Reform Reveals the Essence of “Defense”
Reports are surfacing again about a tug-of-war over reform between Japan’s Financial Services Agency (FSA) and audit firms. A Nikkei article titled “Why ‘Defensive Governance’ is Weak: The FSA and Audit Firms Clash Over Reform Again” depicts the regulator’s push to enhance audit independence and quality, and the industry’s resistance to it.
This dynamic brings a fundamental question to the surface: “What is governance for in the first place?” The “defensive governance” highlighted in the article likely refers to a state where preventing fraud and violations is the top priority, sometimes at the cost of business agility and growth potential. This is not just a large corporation problem; it manifests more acutely in small and medium-sized enterprises (SMEs) with limited resources.
It’s premature to think, “We’re not listed,” or “We don’t have an audit firm involved.” This “defensive governance” mindset is deeply ingrained in management decision-making, regardless of company size or industry.
The Vicious Cycle of Making “Non-Violation” the Goal
Many SME owners and administrative departments face this dilemma daily.
“We want to adopt new digital tools, but we can’t decide due to security and privacy concerns.”
“We want to expand overseas transactions, but local regulations are complex, so we put it off, starting with a legal check.”
“We want to use cloud services for operational efficiency, but concerns about potential data leaks keep us stuck with paper-based systems.”
These seem like cautious, responsible decisions. However, the hidden pitfall is that “not violating rules” becomes the goal itself. Laws and rules are translation devices to make business “feasible,” not devices to “halt” the business itself. Yet, business decisions that should move forward get frozen because “it might be legally NG” or “the risk isn’t zero.” This is the reality of “defensive governance.”
Rather than seeing the FSA-audit firm battle as someone else’s problem, we should view it as a mirror reflecting our own decision-making processes. We must ask ourselves: Are we being overly swayed by external audits and regulatory compliance, causing our intrinsic growth strategies to recede?
Design Thinking with “1-99 Risk”
So, how do we shift our thinking from “defense” to “design”? The key is to stop thinking of risk as an “either 0 or 100” binary choice. In real management decisions, there is no option with completely zero risk. What’s important is to set an acceptable risk level as a continuous scale from “1 to 99” and design the optimal solution within that range.
Let’s consider the earlier example of “introducing new digital tools.”
Option A (Status Quo): Continue with existing inefficient methods. The risk is low, but it contains other significant risks like loss of competitiveness and missed opportunities.
Option B (Full-scale Implementation): Roll out the tool company-wide simultaneously. The efficiency gain is high, but the impact of internal pushback or unexpected trouble is significant.
Option C (Pilot Implementation): Test the tool only in a specific department (e.g., the new business division). Measure effectiveness, identify issues, and expand gradually.
With a “defensive” mindset, we tend to overestimate the risk of Option B and end up stuck with Option A. However, a “design” mindset actively seeks a third way like Option C, which allows progress while keeping risks within a manageable range. This “pilot” concept is precisely the practical risk design methodology even large corporations employ, as shown in another recent news item about “JPMorgan’s ‘JPM Coin’ pilot project.”
Three Steps for SMEs to Start “Design Governance” Today
Understanding the concept is meaningless without practice. Here are concrete steps you can apply starting in tomorrow’s management meeting.
Step 1: Swap the “Subject” of Your Judgment
Pay attention to whether statements like these are flying around in meetings or reports.
“Legally, this seems difficult.”
“From a tax perspective, this structure is risky.”
“Under accounting rules, the processing becomes complicated.”
In all these, “means” like legal, tax, and accounting have become the subject, pushing the true subject—”the business”—aside. First, create a rule to forcibly rephrase such statements into the following form:
“What conditions are necessary to make the business ‘XX’ we want to do legally feasible?”
“What structure can we design to realize this ‘YY growth strategy’ while keeping tax risks within an acceptable range?”
Ask experts not for a “yes/no” but for “feasibility conditions.” This small shift changes the foundation of discussion from “defense” to “design.”
Step 2: Always List “Three Options” for Important Decisions
The binary choice of “do it or don’t” is the most typical pattern leading to a “defensive” mindset. For important management decisions (new market entry, major investment, reorganization, etc.), mandate that stakeholders present at least three options.
Option A: Maintain Status Quo (No change)
Option B: Full Implementation (Maximum change)
Option C: Gradual/Partial Implementation (Controlled change with managed risk)
The very process of thinking about this “Option C” trains the mind to design risk on a 1-99 scale. For each option, note the expected pros and cons, and most importantly, the “point where retreat or course correction is possible (checkpoint).” This frames the decision not as an “all-or-nothing gamble” but as a constantly adjustable “experiment.”
Step 3: Elevate “Operational Monitoring” to “Decision Support”
A news item from Vietnam, “Improving Operational Monitoring Systems Enhances Digital Governance Effectiveness,” is instructive. Monitoring and control, when they become ends in themselves, lead to rigidity and become tools of “defense.” However, redefining them as “data collection and analysis devices for decision-making” changes the game.
For example, reposition a sales activity management system from “a tool to monitor laziness by forcing daily reports” to “a data foundation for analyzing which customer approach has the highest conversion rate and optimizing the company-wide sales strategy.” Reframe an expense reimbursement system from “a tool to monitor misuse” to “a management information system that visualizes which departments/projects incur costs, aiding resource allocation decisions.”
This shift in perspective transforms the role of administrative departments from “police officers” to “navigators,” guiding the entire governance framework toward a “design” that underpins business growth.
Governance is the Most Powerful Growth Engine
The FSA-audit firm battle shows that as long as governance is viewed as “surveillance and control imposed from the outside,” it will be an endless fight. However, from a different perspective, governance is the most powerful “design freedom” granted to management.
Instead of lamenting rules and risks as given constraints, think about how to arrange, combine, and contain them within manageable limits to realize your business vision. This is the essence of governance as a “higher-order management design concept.”
In your company’s next important decision, try changing the first words spoken from “Is this legally possible?” to “How can we legally and efficiently implement the business we want to create?” That single step should be the first move to break free from the shackles of “defensive governance” and unlock your company’s vast potential.
Comments