The five governance mistakes I watched kill a promising company — and how to spot them before it's too late
I have been inside a company while it died.
Not suddenly. Companies rarely go that way. Slowly, then all at once. You watch the warning signs accumulate. You raise them. You document them. And at some point you realise that what you thought was a management problem is actually a governance problem, and that governance problems are harder to fix because the people who need to fix them are usually the ones causing them.
The company I am writing about was a technology startup with genuine potential. It had customers, a capable team, and a potentially world-changing product. It failed for reasons that had nothing to do with the market, the technology, or the timing. It failed because of how it was run, and more precisely, because of how it was governed.
I want to be careful here. This is not a post-mortem designed to apportion blame or settle scores. What I saw unfold maps almost perfectly to patterns that governance researchers, insolvency practitioners, and company directors have documented across hundreds of failed companies. The names don’t matter but the patterns do.
Here are the five mistakes I watched play out in real time.
1. The CEO controlled the information the board needed to govern
Good governance depends on information. The board cannot make decisions, assess risk, or fulfil its legal duties without access to accurate financial data, banking records, and company accounts. This sounds obvious but evidently it’s not obvious to everyone.
In the company I am describing, the CEO controlled access to bank accounts and financial books. Directors who asked for visibility were either delayed, denied, or given incomplete information. This is not just a management failure. It is an active obstruction of directorial oversight. And it is far more common in founder-led companies than most people realise.
The warning sign is not always dramatic. It often looks like a CEO who is just very hands-on with the finances, or who promises reports that are always just a week away. If you are a director and you cannot independently access the records you need to discharge your duties, you have a governance problem, not an admin problem.
2. Risks were acknowledged and then ignored
The company had a risk register. I know, because I helped create it. One of the items on that register (founder relationship breakdown) was rated at the highest possible risk level. It sat there for well over a year. No treatment was ever applied.
A risk register that is not acted upon is worse than no risk register at all. It creates a paper trail that shows the board knew about a problem and chose to do nothing. In this case, the inaction was catastrophic: the unaddressed founder conflict eventually cost the company one of its most critical technical contributors, and the instability it created made it almost impossible to attract the investment the business desperately needed.
When you document a risk without treating it, you’re not managing risk. You are just watching it grow.
There is also a human cost that rarely gets mentioned in governance discussions. Think about what it means for a team member who raised a serious concern, watched it get formally acknowledged at the highest risk level, and then saw nothing change. That experience does not just go unresolved. It tells people exactly how much their concerns are worth to the people in charge.
3. Financial reporting obligations were treated as optional
The shareholders agreement required regular management accounts: monthly financials, cash flow statements, year-end reports. These were almost never produced. When they were produced, they were late, incomplete, or in some cases inaccurate.
The CEO was, by training, an accountant. This made the failure of financial reporting especially stark. But in hindsight, that credential was part of the problem. Call it the Founder's Trap. When a founder or CEO brings obvious professional expertise in a domain, boards tend to defer to it. An accountant runs the finances. A lawyer handles compliance. An engineer owns the tech stack. The expertise becomes a reason not to ask questions, not to demand independent access, and not to hold the process to a standard. The credential substitutes for the system. The trap is that professional pedigree tells you what someone knows. It does not tell you what they are doing, or whether they are doing it in the interest of the company rather than themselves. A board's duty is not to trust the person. It is to trust the process: independent access to financial records, timely reporting against agreed obligations, and verification that is not dependent on the goodwill of the person being verified. The lesson here is not about the individual, it’s about structure. When one person controls both the finances and the information flow, there is no check. The board gets what the executive decides to share, when the executive decides to share it. A CEO's credentials do not change that structural reality. They just make the board less likely to notice it.
The common justification I heard was that revenue and investment were the priority, and that proper financial reporting would follow once the business was funded. This logic has it backwards. Investors need clean, reliable financial records to make a funding decision. The reporting is not a reward for getting funded; it is a precondition for getting funded in the first place. Companies that treat it as a luxury they will afford later rarely get the chance to find out whether they were right.
Institutional investors will walk away from a company that cannot produce clean, timely financial reports. They walk away from the company but the underlying problem that drove them away stays behind.
4. Leadership had no plan, and no one made having one a condition of continued authority
There was no business plan. Not an outdated one. Not a draft. None. Despite this being an explicit obligation under the CEO's employment agreement, and despite repeated requests from directors and shareholders over multiple years, a business plan was never presented to the board.
I raise this not because a document matters more than a strategy. Sometimes a polished plan is just theatre. I raise it because the absence of a board approved plan made it impossible to hold management accountable to anything. Every decision became ad hoc. Every expenditure was justified by whatever the most recent priority happened to be. And every request for clarity was met with promises that were not kept.
Worth noting: an investment pitch deck is not a business plan. I have seen executives present one in place of the other, and the distinction matters. A pitch deck is designed to sell a vision. A business plan is designed to be executed. If your team cannot take the document and use it to make decisions, allocate resources, and hold people accountable, it was built for optics, not utility.
Boards in early stage companies have authority they often do not use. The authority to require specific outputs as a condition of continued executive delegation is one of them. If a CEO cannot or will not produce a business plan, that is not an administrative inconvenience. It is material information about whether that person is capable of running the business.
5. Statutory obligations were deprioritised until they became crises
The company had recurring ATO payment obligations and they were defaulted on repeatedly. Each default was explained at the time as a short-term cash flow issue that would be resolved. Each default made the next one more likely. Eventually, the accumulated liability became a statutory demand, and the statutory demand accelerated the timeline to external administration.
Directors have personal liability exposure when a company continues to trade while insolvent. That liability does not wait for you to notice it is there. The ATO does not forget a default because you had a difficult quarter.
Treating tax obligations as a last resort, something to address after payroll, after rent, after whatever else felt more urgent, is a pattern I have seen in multiple early-stage companies. It’s understandable but it’s also one of the fastest routes to external administration.
This is not a startup problem. I have seen the same pattern in businesses of every description: trades businesses, professional services firms, SaaS companies. The specific obligations differ, the habit of deprioritising them does not.
One more thing worth saying plainly: raising the issue as a director does not protect you from the consequences. If the ATO is owed money and the company cannot pay, it will pursue directors equally — regardless of who escalated the concern internally and who ignored it. The liability is joint. The documentation of your efforts matters for your own defence, but it does not reduce what the ATO is owed, and it does not stop them collecting. There is, however, a constructive alternative to waiting for that outcome. Section 588GA of the Corporations Act (the Safe Harbour provisions) offers directors a legal defence against insolvent trading claims, provided they act early enough and in the right way. To access it, a director must be pursuing a course of action that is reasonably likely to lead to a better outcome for the company than immediate administration or liquidation. That course of action needs to be developed with qualified restructuring advice, not managed internally and quietly. The critical detail is this: Safe Harbour protection requires that the company is meeting its tax reporting obligations. Directors who have allowed ATO late lodgements or defaults to accumulate, as in the example described above, will typically find the protection unavailable to them precisely when they need it most. The provisions reward early, transparent engagement with the problem. They do not rescue companies that have spent months hoping the problem resolves itself. If you are a director and you are starting to question whether the company can meet its obligations as they fall due, that is the moment to seek independent restructuring advice, not after a statutory demand arrives. Safe Harbour is the professional director's emergency brake. Like most emergency brakes, it only works if you reach for it before the situation becomes unrecoverable. (Note: this is general information only. Directors in this situation should obtain specific legal and financial advice.)
What connects all five of these failures is not incompetence, exactly. Some of the people involved were genuinely capable in other respects. What connects them is the absence of functional accountability: accountability at the board level, in the shareholder agreement, and in the culture of the organisation.
In hindsight, there was a structural reason that accountability never functioned. The company’s Chair had originally joined as a non-executive director, nominated by the CEO, then were later appointed Chair. But the terms of their appointment meant the CEO could remove them from the board at any time. The person responsible for holding the executive to account could be dismissed by the executive they were supposed to oversee.
That arrangement is not unusual in early-stage companies. It is also not governance. If your Chair’s independence is contingent on the goodwill of the person they are meant to hold accountable, you do not have an independent Chair. You have a structural conflict dressed up as a governance framework. Every other failure documented in this article becomes more likely, and less likely to be challenged, when that dynamic is in place.
Governance is often described in abstract terms: transparency, oversight, fiduciary duty. Those abstractions are useful until things go wrong, at which point governance is something much more concrete. It is the mechanism that allows a board to know what is actually happening inside a company, to push back on decisions that are not in the interest of stakeholders, and to act before a recoverable problem becomes an unrecoverable one.
The company I am describing is gone. But I am genuinely grateful for the lessons it left behind.
Lessons learned
Information boards cannot access, is a risk boards cannot manage.
A risk on the register with no treatment is documentation of inaction, not governance.
Financial reporting is a precondition for investment, not a reward for it.
An investment deck is not a business plan. If your team cannot execute against it, it was built for the wrong audience.
Statutory obligations deprioritised long enough become statutory demands.
Key takeaways — For founders and CEOs
Your board cannot govern what it cannot see. Give directors independent access to financial records from the start, not once things feel settled.
If you cannot show an investor clean monthly financials, you are not ready to raise. Reporting is not an admin task; it is a credibility signal.
Know your ATO position across every entity, today. Not approximately. Exactly.
Key takeaways — For board members and NEDs
If high-rated risk items sit untreated on your register, that is a board failure, not just a management one. Ask what specific action has been taken, by whom, and by when.
Financial reporting obligations in your SHA or constitution are not aspirational. If they are not being met, the board has both the authority and the obligation to enforce them.
Raising a concern as a director does not insulate you from liability. Document what you raised, when, and what happened next.
Key takeaways — For shareholders and investors
If you are not receiving regular communications from a company you have invested in, that is not an administrative oversight, it is a red flag. Silence is information.
Depending on your shareholding and the terms of your shareholders agreement, you may have formal rights you can exercise, including requesting access to company information or calling a meeting. If you are uncertain what those rights are, find out, many of them are enshrined in the Australian Corporations Act. They exist to be used.
In a liquidation, shareholders are typically the last to receive anything: after employees, secured creditors, the ATO, and unsecured creditors. Waiting passively is rarely a strategy. Acting while you still have standing is.
Frequently asked questions
How do you spot governance failure in a startup? Look for patterns rather than single events. Directors being unable to independently access company records, risk items sitting on the register with no treatment plan, financial reporting obligations going unmet, and statutory debts being deferred repeatedly are all reliable indicators. If a board is consistently receiving information late, incomplete, or only through the CEO, that is not a resourcing issue. It is a governance failure.
What are the signs a startup is failing governance? The earliest signs are often subtle: reports that are always a week away, a risk register that is maintained but never acted upon, a board that avoids being critical in matters regarding Founder/CEO expertise. By the time these patterns produce visible consequences like missed ATO payments or departing key staff, the governance failure is usually well established. The board’s role is to identify and act on these signals early, not wait for a crisis to confirm them.
What is Safe Harbour for company directors in Australia? Safe Harbour (Section 588GA of the Corporations Act) provides directors with a defence against personal liability for insolvent trading, provided they are actively pursuing a restructuring plan reasonably likely to produce a better outcome than administration or liquidation. Critically, the company must be meeting its tax reporting obligations to qualify. Directors who suspect solvency issues should seek independent restructuring advice early.
I'm John Chung, I've spent over 15 years building and running startups and scale-ups as a founder, operator, and non-executive director (GAICD). I write about the gap between how companies are supposed to operate and how they actually operate.
All content is produced by me, reflecting my own experience and judgement. Generative AI tools were used for editorial support, in this case Claude specifically.