Broadly speaking Governance is the system by which companies are directed and controlled. Typically, this involves regulatory frameworks, practices and procedures to ensure accountability, fairness and transparency in a company's relationship with its stakeholders.

Within operational risk management, Governance refers to the structures, processes and practices that ensure effective oversight and accountability across all levels of a financial institution. It establishes the foundation for a sound risk culture, with clearly defined roles and responsibilities for the board of directors, senior management and operational teams.

The board of directors plays a critical role by setting the organization’s risk appetite, approving risk policies and regularly reviewing the operational risk framework. They are responsible for fostering a culture that prioritizes ethical behavior, strong internal controls and proactive risk management.

Senior management is responsible for translating these policies into day-to-day practices by implementing robust systems, assigning responsibilities and ensuring appropriate training for staff. Governance also requires independent internal audit functions to evaluate and report on the effectiveness of the framework.