Compliance Theatre
Governance artefacts exist but don't govern. The forms are filled, the meetings happen, but no decisions get made.
Governance artefacts exist but don't govern. The forms are filled, the meetings happen, the registers are maintained — but no actual decisions get made or enforced as a result.
Recognition signals
- CC culture: everyone is "informed", nobody is accountable. Email threads have twelve recipients and no owner. The distribution list is a substitute for a decision framework.
- The risk register has 47 items. Nobody can name the top 3 without opening the spreadsheet. The register exists to satisfy audit, not to drive decisions.
- Milestone payments are approved without commercial review. The approval workflow runs, signatures are collected, but nobody with contract expertise assessed whether the deliverable met acceptance criteria.
- Meetings occur on schedule but produce no decisions or actions. The governance calendar is full. The decision log is empty.
- Documentation exists but nobody reads it or acts on it. Status reports are written, circulated, and filed. Nothing changes as a result.
Structural cause
Why this happens
Real governance requires someone to say "no" and face the consequences. Theatre lets everyone perform governance without the discomfort. It persists because it satisfies audit requirements without requiring courage.
Compliance Theatre is the path of least resistance. Creating a risk register is easier than making a risk decision. Holding a meeting is easier than making a call that someone will disagree with. Circulating a status report is easier than escalating a problem that makes you unpopular.
The theatre sustains itself because nobody benefits from exposing it. The PM who says "this meeting doesn't make decisions" is the one disrupting the schedule. The auditor who says "your risk register doesn't govern" is the one creating extra work. The organisation optimises for the appearance of governance because the appearance is cheaper than the reality.
Risk mapping
| Risk | Description |
|---|---|
| K3 | Compliance theatre — governance artefacts that don't drive decisions |
| G2 | Escalation as failure — escalation paths exist but are stigmatised |
| G6 | Delegation gap — approving without authority to approve |
| K4 | Audit gap — meetings without documentation, documentation without action |
Self-assessment
When to worry
- Your risk register has more than 30 items and nobody can name the top 3 without looking
- Governance meetings run on schedule but haven't produced a decision in the last month
- Milestone payments are approved as a workflow step, not a quality assessment
- Escalation is treated as failure rather than governance functioning correctly
When you're OK
- Every governance artefact has changed a decision in the last quarter
- Meetings produce actions that someone follows up on
- Escalation is expected and rewarded as a governance contribution
Related reading
- PM Risk Ontology — the full risk taxonomy that maps to all ten patterns
- Entropy Ratchet — when Compliance Theatre + Entropy Ratchet operate together, workarounds get formalised as the "process"
- Information Fog — information exists but has no governance effect
The test is simple: when was the last time a governance artefact changed a decision?
A programme health check separates the instruments that govern from the instruments that perform. 10fifteen — programme governance assessments.