Many SMEs in Malaysia mistakenly view corporate governance as something only large, public-listed companies need to worry about. This often leads to governance being overlooked, exposing businesses to unnecessary risks and costly, avoidable mistakes.
In this article, we highlight some of the most common corporate governance mistakes SMEs make, and how you can address them to build a stronger, more resilient business.
Mistake #1: Treating governance as a compliance burden
In simple terms, corporate governance refers to the framework of policies, processes, and practices that guide how a business is directed and controlled.
Beyond mere compliance, good governance means implementing practical measures like:
- Clear approval limits — to control who can approve payments and sign contracts within defined authority levels. This reduces the risk of unauthorised spending or financial mismanagement, and reassures shareholders that controls are in place to protect the company’s assets.
- A whistleblower channel — to give employees a safe and confidential way to report misconducts such as fraud or bribery. This helps detect problems early, protects your company from legal or reputational damage.
- Proper record-keeping — to keep accurate and up-to-date documentation of decisions and transactions. This ensures transparency, simplifies audits, and provides evidence if disputes arise.
Mistake #2: No clearly defined roles and responsibilities
Many SMEs operate with directors, managers, and employees wearing multiple hats, which is normal in a lean business. But without clearly defined roles and accountability, decisions get delayed, tasks are overlooked, and risks go unchecked.
How to address it:
- Define roles and responsibilities — clearly document who is responsible for what decisions and outcomes at every level of the organisation. This prevents overlaps, avoids gaps in accountability, and keeps operations running smoothly.
- Adopt a Board Charter — to formalise the duties and expectations of directors and establish a clear, structured process for board decisions. This helps the board focus on strategic oversight and ensures decisions are made consistently and in the best interest of the company.
- Implement a Code of Conduct — to set clear standards of behavioural expectations, ethics, and integrity for everyone in the company. A well-communicated code guides day-to-day decisions, reinforces your company’s core values, and helps prevent misconduct that could harm your reputation and stakeholder trust.
Mistake #3: Overlooking conflicts of interest
In many SMEs, it’s common for directors, managers, and employees to have overlapping personal and business relationships. Failing to disclose and manage these conflicts can damage a company’s credibility, create the perception of bribery or corruption, and even expose you to legal risks.
How to address it:
- Implement a Conflict of Interest Policy — clearly define what counts as a conflict, covering both personal and professional relationships. Require all employees and directors to declare potential conflicts and establish a review process to decide on next steps.
- Promote transparency as part of your culture — communicate regularly that disclosing conflicts is not punished but encouraged as part of good governance. Train top management to spot potential conflicts and guide employees on how to report them.
Mistake #4: Missing or outdated key policies
Many SMEs operate without any formal governance policies, relying instead on informal practices and assumptions. This leaves the business exposed to risks and makes it harder to enforce standards when issues arise.
How to address it:
- Start with the essentials — depending on your business, begin by putting in place core governance policies. Common examples include a proper Code of Conduct, a Conflict-of-Interest Policy, and a Whistleblowing Policy. These create a strong foundation for accountability and ethical behaviour.
- Review and update regularly — revisit your governance policies at least annually, or whenever there are major organisational or regulatory changes, to ensure they remain relevant and effective.
- Seek expert guidance — engage professional advisors to help you identify compliance gaps, align policies with industry best practices, and stay current with changing laws and expectations.
Mistake #5: Ignoring legal compliance risks
Some SMEs overlook the fact that poor governance can lead to serious legal consequences, including hefty fines, lawsuits, and even imprisonment of company directors or management.
This risk isn’t just theoretical. Malaysian laws are increasingly strict on corporate accountability, and areas where SMEs often fall short include:
| Area | SME Shortcomings |
| Anti-Bribery & Corruption | Lack of internal controls, anti-bribery policies, staff training, or monitoring mechanisms, leaving the company vulnerable to liability under the MACC Act (Section 17A) |
| Personal Data Protection | Collect and store personal data without adequate procedures or safeguards. This mishandling risks data breaches, customer complaints, and non-compliance with the PDPA |
| Workplace Safety | Overlook safety assessments, proper equipment, or written procedures, creating unsafe conditions and leaving the company exposed to OSHA inspections and fines |
| Audited Financial Statements | Delay or fail to engage auditors or maintain proper records for audit purposes, resulting in late or incomplete financial statements, contravening the Companies Act 2016 |
How to address it:
- Identify key compliance areas — start by assessing the legal and regulatory landscape relevant to your business and industry. Map out which compliance areas are most critical and where your biggest risks lie, so you can address them systematically.
- Adopt core policies and train employees — put in place clear policies (like an Anti-Bribery & Corruption Policy, a Personal Data Protection Policy, and others as needed) and ensure everyone understands their obligations.
- Stay proactive — don’t treat compliance as a one-off exercise. Regularly review and update your policies and practices, conduct internal audits, and stay informed on regulatory changes to ensure your business remains compliant and ahead of emerging risks.
Strengthen your business with good governance
Good governance is more than a compliance exercise, it’s a strategic advantage. By avoiding these common mistakes and putting the right policies and practices in place, you can build a more resilient, ethical, and trustworthy business that inspires confidence among stakeholders.
If you are ready to strengthen your governance framework, our team is here to help.
We can work with you to draft, review, and implement practical, tailored policies that fit your organisation’s unique needs and protect your business long-term success.
