Case Study: Blue Willow

Blue Willow is a high-growth business that was scaling rapidly—new markets, new products, growing headcount, increasing stakeholder complexity. Growth at this pace creates immediate governance tension: the board needs to maintain oversight, manage risk, and provide strategic guidance without slowing business momentum with excessive governance.

The core governance challenge at Blue Willow was timing. Risk governance was reactive rather than proactive—the board was responding to issues after they emerged rather than identifying and managing emerging risks. The board’s oversight rhythm hadn’t evolved with the business’s complexity. Growth was outpacing the governance framework’s capacity to provide meaningful oversight without becoming either a bottleneck or a rubber stamp.

Sirdar conducted a board evaluation with specific focus on risk governance integration and oversight scalability. The question wasn’t ‘does the business have risk governance?’ but rather ‘is risk governance integrated into how the board actually makes strategic decisions?’

The evaluation revealed several patterns common in high-growth businesses: the board was spending time on historical reporting (what happened) rather than forward-looking risk identification (what could happen). Committee structures didn’t exist, or where they did exist, were informal and underutilised. The governance framework was built for a smaller, simpler business—it hadn’t been intentionally scaled. Risk oversight was often siloed rather than integrated into strategic discussion. Board reporting focused on operational metrics rather than emerging risks and strategic assumptions.

The outcome included risk governance integrated into board agenda—not siloed in a separate risk committee, but woven through how the board discussed strategy, market opportunity, operational scaling, and capital allocation. The board’s oversight rhythm was aligned to growth cadence: different issues needed different review frequencies. The governance framework was explicitly scaled to match current and projected complexity—not locked into a small-business model or over-engineered for a large business the organisation wasn’t yet.

Importantly, the engagement identified a practical board development plan. Directors needed to shift from operational oversight to strategic risk thinking. Board processes needed to surface emerging risks rather than only reporting on known ones. The board needed to move from ‘are we executing the plan?’ to ‘is the plan still the right plan?’—forward-looking thinking that’s essential in high-growth contexts where the business’s market and circumstances can shift faster than annual strategy cycles.

A critical lesson from Blue Willow: governance should grow with the business—not chase it once complexity has already emerged, and not over-engineer it before the business is ready for heavier governance structures.

Frequently Asked Questions

How should risk governance scale as a business grows?

In early stage, risk governance might be informal—board conversation about emerging issues. As the business grows, risk governance becomes more structured: formal risk identification, risk committee oversight, integrated risk reporting. The key is intentionality about scaling—building governance structures ahead of need, but not so far ahead that they become bureaucracy.

How does a high-growth business maintain governance without slowing decision-making?

Lean governance and good governance are not opposites. Good governance actually accelerates decision-making by clarifying decision authority, managing downside risk, and building confidence in decisions. The risk is over-governance—governance structures that create process overhead without adding value. Blue Willow’s outcome was streamlined governance that managed risk effectively without slowing growth.

When should a growing business establish a risk committee?

When the board’s agenda is too crowded to give risk adequate attention, when multiple areas of the business carry distinct risks that need specialist oversight, or when stakeholders (investors, regulators, creditors) require formal risk reporting. The answer is ‘when risk oversight becomes too much for full board to handle well’—not on a preset schedule.