Portiko
← All insights

Practice notes

Why most governance failures are failures of cadence, not intent

Practices don't fail to write a complaints policy because they don't care. They fail at re-reviewing it on time, three years in, when nobody's tracking the date. The fix isn't more intent.

Portiko

Spend any time in clinical governance work and a pattern shows up within the first hour. The team cares. The lead is competent. The policies exist. The audits have been done. And yet, against every framework anyone might apply, there are gaps. The risk register is out of date. Two SEAs from last quarter were never closed out. The complaints log shows three items in “in progress” status that the lead is fairly sure were resolved, but the closure didn’t make it into writing.

This is not a failure of intent. The lead is not the problem. The problem is that nothing in the operational environment makes last-quarter’s unclosed items visible next quarter. The information exists, distributed across an inbox, a SharePoint folder, a desktop spreadsheet, and a clinical lead’s memory. Nothing aggregates it into a question that has to be answered before the next governance meeting opens.

That gap is what we mean by a failure of cadence. It is the operational rhythm — the weekly, monthly, quarterly review pattern that surfaces the things which would otherwise quietly drift — that breaks. Fix the cadence and most apparent governance failures disappear, because the items are already known; they just weren’t being asked about at the right time.

Three patterns we see repeatedly

The unclosed item. An action is agreed in a governance meeting. It has an owner. It has a due date. The next meeting’s agenda doesn’t open with a roll-call of last meeting’s actions, so the action quietly migrates to “ongoing” status and is never closed. Six months later, nobody remembers the original commitment.

The lapsed policy. A policy is written, reviewed, and ratified. Three years pass. The annual review schedule nobody is formally tracking quietly slips. When the inspection arrives, the policy is dated 2023.

The disconnected register. Risks are logged in one spreadsheet. Incidents are logged in another. The clinical meeting’s minutes are in a Word document. None of the three cross-references the others, so the question “has this risk materialised as an incident?” is unanswerable without an afternoon of forensic comparison.

The operational fix

The fix isn’t more diligence. The fix is making the cadence visible. The next governance meeting’s agenda opens with last meeting’s open actions. The policy library’s currency is on the dashboard. The risk register is the same artefact the incident log writes into.

That’s a software question, not a willpower question. It is the question Cadence is built around.