Once again, excesses in the boardroom are putting a globally recognized organization in the white-hot glare of unwanted publicity. Nissan Motors board Chairman Carlos Ghosn was arrested and fired last week after an internal investigation revealed he underreported his compensation to Japanese authorities by 5 billion yen — about $44 million — over a five-year period.

It didn’t take long for critics to start asking how such misdeeds could happen and speculating as to why the board or internal audit failed to uncover it sooner. Answers may be forthcoming as additional information becomes public, but the simple answer is that there is no simple answer. It is not clear whether Nissan’s internal or external auditors failed to do their jobs. What is becoming increasingly clear, however, is that the company’s governance structure may have failed its shareholders.

Indeed, Nissan CEO Hiroto Saikawa described the “dark side” of placing too much company power in one person’s hands and called the corporate governance structure within the company “weak,” according to Bloomberg. Saikawa went on to blame a lack of transparency in governance structure for keeping the wrongdoing from being detected sooner. And, even as the scope of Ghosn’s alleged misdeeds continue to be unearthed, Saikawa promised governance changes at Nissan.

But the question that isn’t being asked is, why was an admittedly “weak” governance structure allowed to exist in the first place at a Fortune 100 company? And a more fundamental question is, who was charged with assuring good governance at Nissan?

At its core, governance is simply the amalgam of processes and structures designed to protect shareholders’ interests; it helps the organization achieve its objectives. Overseeing governance within the organization is the job of the board, but the board is not solely responsible for ensuring that governance is working as designed or intended. One of the tools at its disposal is a well-resourced, independent internal audit function.

Many still take a narrow view that internal audit’s focus should be limited to assurance on risk management and control. However, by definition, internal audit brings a “systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.” Unfortunately, internal audit is often an afterthought when it comes to assessing the effectiveness of governance. IIA Standard 2110 prescribes that the internal audit activity assess and make appropriate recommendations to improve the organization’s governance process over a number of areas, including promoting appropriate ethics and values within the organization. Yet, boards and management do not always expect or even allow internal audit to undertake audits that might infringe on what they view as their roles in governance.

Whether it is because of a toxic culture, a dominant CEO, a weak or ineffective board, or simply not embracing necessary checks and balances, governance is bound to fail when boards, management, and — yes — internal audit fail to respect the role good governance plays in protecting the interests of shareholders/stakeholders.

Governance, for good or bad, has evolved into a complex balancing act among the board, executive management, risk managers, and internal audit within the organization. Outside players, including external audit, regulators, and investors, contribute to that balancing act by demanding accountability and transparency.

The best-run organizations understand that good governance is a partnership that requires each player to embrace its role without tipping the balance. By its CEO’s own admission, Nissan’s governance structure was out of balance. 

Earlier this year, I wrote a blog post that asked the question, Is there too much civility in the boardroom? In that post, I made the case that boards are not doing their jobs when they fail to hold CEOs accountable.

My examination of high-profile governance failures in recent years has convinced me that, far too often, ineffective board oversight is at the root of corporate scandals. Too many boards are reluctant to question management. Too often, boards are content to say, “We hired a great CEO. We’re going to step back and let him or her do their job.”

I often wonder if there may simply be too much civility in the boardroom. I am not suggesting the boardroom equivalent of a “food fight,” but board members have an obligation to bring professional skepticism to their roles. They must be willing to ask probing questions, challenge management assumptions, rock the boat, if necessary, and frankly, risk their future on the board.

Ghosn and the Nissan-Renault-Mitsubishi alliance appear to have been a textbook example of a flawed governance structure. Although Ghosn was no longer Nissan’s CEO at the time of his firing, he held the powerful position from 2001 to 2017. He also has held the CEO/chairman position at Renault and Mitsubishi.

As risk becomes more diverse and dynamic, organizations cannot afford to have governance structures that seat too much authority in one role. Mechanisms that have been developed over decades of modern organizational management offer checks and balances that promote efficiency and effectiveness, and they provide accountability, independent assurance, and transparency.

But those mechanisms work only when each player is willing to fight for its role in the process and support a truly balanced governance structure.

As always, I look forward to your comments.