HomeInsightsgovernance handover checklist
    governance handover checklist

    The Governance Handover Test: Could a New CFO Reconstruct Your Group in One Day?

    A governance handover checklist is a practical test of whether your organisation can transfer control of its entities, registers, obligations, approvals and evidence without depending on one person's memory. For a multi-entity group, the question is simple: if your CFO, General Counsel, Company Secretary or external ad

    NC
    Nathan Carroll
    8 July 2026
    11 min read

    A governance handover checklist is a practical test of whether your organisation can transfer control of its entities, registers, obligations, approvals and evidence without depending on one person's memory. For a multi-entity group, the question is simple: if your CFO, General Counsel, Company Secretary or external adviser changed tomorrow, could the next person reconstruct the group's governance position in one working day?

    If the answer is no, the issue is not just administration. It is corporate memory risk.

    Most governance failures do not begin with a major breach. They begin with small gaps: an outdated register, an unsigned consent, a missing solvency resolution, a share transfer saved in the wrong folder, or a board decision that never made it back into the entity file. Over time, those gaps become harder to explain during audit, due diligence, refinancing, a board transition or a change of adviser.

    This article gives governance teams a practical handover framework for testing whether their entity records are current, complete and defensible.

    Why Governance Handover Matters

    Every group eventually faces a handover event. It may be planned, such as a new CFO joining, a Company Secretary going on leave, or an external CoSec provider being replaced. It may also be unplanned, such as a resignation, acquisition, audit request or urgent board query.

    Governance information is often distributed across:

    • ASIC portals and annual statements
    • spreadsheets maintained by finance, legal or external advisers
    • board packs and minute books
    • shared drives and document management systems
    • email threads containing approvals and filing instructions
    • e-signing platforms
    • accounting systems
    • structure charts, UBO workbooks and adviser files

    Each source may be useful on its own. The risk appears when no single person can prove which source is current, who approved the last change, what evidence supports the record, and whether public registry data and internal records match.

    ASIC's own guidance reinforces the point that companies must keep records, keep company details up to date, and maintain evidence that can be produced when needed. ASIC notes that company records can be digital, but they must be capable of being produced in hard copy, and financial records generally need to be kept for at least seven years. ASIC also says companies must keep officeholder details current and notify most changes within 28 days. Sources: ASIC company record keeping, ASIC company officeholders and ASIC annual review.

    The handover test is not legal advice. It is an operational control: can the organisation find, verify and explain its governance position without relying on tribal knowledge?

    The One-Day Governance Handover Test

    Use this scenario: a new CFO, General Counsel or Company Secretary starts tomorrow with no verbal briefing from the previous owner. They have one working day to reconstruct the group's governance position from existing systems and records.

    By the end of that day, they should be able to answer these questions:

    • What entities exist in the group?
    • Which entities are active, dormant, trustee entities, SPVs or no longer needed?
    • Who are the current directors, secretaries, shareholders, members and key officers?
    • Which records are internal source-of-truth records, and which are external registry records?
    • What ASIC annual reviews, change notifications, solvency resolutions or other filings are due?
    • What board or member approvals are pending?
    • Which registers, minutes, resolutions and supporting documents are missing or outdated?
    • Who is responsible for each open governance obligation?
    • What changed recently, who approved it, and where is the evidence?
    • What should be escalated to the board, CFO, GC, auditor or external adviser?

    If the new owner can answer those questions from a central system, the group has a functional governance operating layer. If they need to search inboxes, ask advisers, compare spreadsheets manually and reconstruct decisions from memory, the group has a handover risk.

    The Governance Handover Checklist

    The checklist below is designed for Australian multi-entity groups, but the operating logic applies to any organisation managing multiple companies, SPVs, trusts or subsidiaries.

    1. Entity Master List

    Start with the full entity universe: every registered company, subsidiary, SPV, trustee company, holding company and dormant entity the group still needs to track.

    For each entity, confirm:

    • legal name
    • ACN, ABN or equivalent identifier
    • entity type
    • jurisdiction
    • incorporation or registration date
    • ASIC annual review date
    • registered office
    • principal place of business
    • status: active, dormant, project-specific, trustee, divestment candidate or deregistration candidate
    • responsible internal owner
    • external adviser or registered agent, if applicable

    The key question is whether a new owner can distinguish the live operating structure from legacy entities that remain on the register.

    2. Officeholders and Authority

    Next, verify directors, alternate directors, secretaries and other officeholder roles. ASIC says officeholder details must be kept up to date and that most company detail changes must be notified within 28 days.

    For each officeholder, check:

    • current role
    • appointment date
    • cessation date, if relevant
    • residential address records where required
    • consent to act
    • resignation or retirement evidence
    • director ID status where applicable
    • delegated authority or signing authority
    • board or member approval evidence
    • ASIC lodgement evidence, if a change has been lodged

    The common failure is that the board decision exists in one place, the ASIC lodgement exists in another, and the internal register is not updated.

    3. Members, Shareholders and Ownership

    For proprietary companies, member and share records are often where governance drift becomes visible. A group may have ASIC data, an internal register, signed transfer forms and structure charts that do not fully agree.

    Check:

    • members or shareholders
    • share classes
    • number of shares
    • paid and unpaid amounts
    • beneficial ownership indicators where recorded
    • share transfers, allotments, cancellations and buy-backs
    • supporting approvals and executed documents
    • changes lodged with ASIC
    • internal ownership map or group structure chart
    • ultimate holding company details, where applicable

    For CFOs and GCs, this is not just a filing issue. Ownership data supports due diligence, financing, group reporting, beneficial ownership work and board decision making.

    4. Annual Reviews and Solvency Resolutions

    ASIC's annual review process creates a recurring control point. ASIC sends an annual statement and invoice, and the company must pay the annual review fee, check and update company details, and pass a solvency resolution unless an applicable financial report has been lodged with ASIC in the previous 12 months. ASIC states directors must pass the solvency resolution within two months of the annual review date.

    For each entity, confirm:

    • annual review date
    • annual statement received
    • fee paid
    • company details reviewed
    • required changes lodged
    • solvency resolution prepared
    • board or director approval recorded
    • positive, negative or not-passed status
    • Form 485 trigger considered, if relevant
    • evidence saved with the entity record

    This is a useful stress test because annual reviews touch multiple controls at once: data accuracy, payment, director assessment, document evidence and deadline ownership.

    5. Registers, Minutes and Core Records

    A handover-ready group should not need to rebuild its registers from scratch.

    Check whether each entity has current and accessible:

    • register of members or shareholders
    • register of directors and secretaries
    • share or security register
    • minute books
    • written resolutions
    • meeting notices and agendas
    • signed minutes
    • consents to act
    • constitution or replaceable rules reference
    • shareholders agreements or trust deeds where relevant
    • ASIC annual statements, invoices and receipts
    • lodgement receipts and supporting forms
    • key contracts, powers of attorney and delegations where governance-relevant

    ASIC's record-keeping guidance includes company meetings and resolutions among examples of company records that should be kept. The operational question is whether the next person can find the right version quickly.

    6. Open Obligations and Upcoming Deadlines

    A handover that only captures historical records is incomplete. The new owner also needs to know what is coming next.

    For each entity, confirm:

    • upcoming ASIC annual reviews
    • due or overdue ASIC changes
    • financial reporting dates
    • AGM or member meeting dates, where relevant
    • board and committee cycles
    • policy reviews
    • contract or licence renewals tied to entity status
    • project entity milestones
    • deregistration or wind-up tasks
    • responsible owner and escalation path

    The handover should produce an exception list: overdue items, near-term deadlines, missing evidence and issues needing management attention.

    7. Approval and Evidence Trail

    The evidence trail is where many spreadsheet-led governance processes break down. A register can say a change happened, but the organisation also needs to show who approved it, what was lodged, and where the receipt or signed document lives.

    For each material governance event, confirm:

    • source request or trigger
    • approving body or authorised person
    • board, member, director or delegated approval
    • executed document
    • lodgement or registry update, if required
    • confirmation receipt
    • internal register update
    • date completed
    • person responsible
    • follow-up actions

    Examples include director appointments, address changes, share transfers, share issues, changes to ultimate holding company details, annual review completion and entity deregistration.

    Scoring Your Handover Readiness

    Use a simple five-level score.

    Level 1: Person-dependent

    The records exist only because one person knows where everything is. A new owner would need interviews and inbox access to reconstruct the position.

    Level 2: File-dependent

    Most documents exist, but they are spread across folders, spreadsheets and adviser files. There is no reliable status view.

    Level 3: Register-dependent

    Core registers are maintained, but obligations, approvals, evidence and registry updates are not consistently connected.

    Level 4: Evidence-ready

    Each entity has current records, a clear owner, obligation tracking and linked evidence for material changes.

    Level 5: System-of-record ready

    The group has one trusted governance system of record connecting entities, registers, obligations, approvals, filings, documents, ownership and evidence. A new owner can reconstruct the position quickly and identify exceptions.

    The practical goal is to move the highest-risk entities from Level 1 or Level 2 into Level 4 as quickly as possible.

    A Practical 30-Day Cleanup Plan

    If the handover test exposes gaps, use a focused cleanup.

    Week 1: Build the Entity Universe

    Create a complete list of entities and classify each one by status, jurisdiction, ownership, responsible owner and annual review date.

    Week 2: Reconcile Current Facts

    Compare internal records against ASIC data and adviser records. Focus first on directors, secretaries, addresses, members, share structure and ultimate holding company details.

    Week 3: Attach Evidence

    For recent and high-risk changes, attach the approval, signed document, lodgement receipt and register update.

    Week 4: Create the Exception Register

    Document what is missing, overdue, inconsistent or unclear. Assign owners and dates. The output should be a governance control pack: entity list, responsibility map, upcoming obligations, evidence gaps and priority remediation tasks.

    Common Handover Failures

    Common failures include annual reviews handled without saved evidence, board-approved changes that never update the register, adviser-held files with poor internal visibility, spreadsheets that cannot prove their source, and old entities that remain active because nobody owns cleanup.

    Where EntityFlo Fits

    EntityFlo is built as an Australian-first governance system of record for teams managing multi-entity groups. It is designed to connect entity records, registers, ASIC-related workflows, ownership information, obligations, resolutions, documents and evidence trails in one place.

    For a handover scenario, the practical value is straightforward: the next CFO, General Counsel, Company Secretary or governance owner should not have to reconstruct the group from spreadsheets, inboxes and scattered folders.

    • `/governance-system-of-record/` - explain the broader category and why handover risk matters.
    • `/entity-management-software-australia/` - connect the handover checklist to entity management software evaluation.
    • `/company-secretary-software-australia/` - position the checklist for internal Company Secretary teams.
    • `/asic-compliance-software/` - link annual review, solvency resolution and change notification workflows.
    • `/corporate-register-software/` - connect register accuracy to handover readiness.
    • `/beneficial-ownership-software/` - support ownership and UBO-related handover questions.
    • `/book-demo/` or `/demo/` - final CTA.

    FAQ

    What is a governance handover checklist?

    A governance handover checklist is a structured list of the entity records, obligations, approvals, registers and evidence a new governance owner needs to take control of a company group. It helps test whether the organisation can transfer governance responsibility without relying on one person's memory.

    Who should own governance handover in a multi-entity group?

    Ownership usually sits with the Company Secretary, General Counsel, CFO, governance manager or external CoSec provider. In practice, the owner should be the person accountable for keeping entity records current, deadlines visible and evidence accessible.

    How often should a governance handover test be run?

    At minimum, run it before a CFO, GC, Company Secretary, external adviser or auditor transition. Many groups should also run a lighter version quarterly or before annual reporting, refinancing, major transactions, acquisitions or board changes.

    Is ASIC data enough for a governance handover?

    No. ASIC data is important, but it is not a complete internal governance record. A handover also needs internal registers, approvals, minutes, resolutions, signed documents, evidence of lodgements and context about open obligations.

    What is the biggest sign that governance handover risk is high?

    The biggest sign is that the current governance position cannot be reconstructed without asking a specific person. If records are accurate only because one employee, adviser or founder knows where everything is, the organisation has corporate memory risk.

    How does a governance system of record help?

    A governance system of record gives the group one trusted operating layer for entities, registers, obligations, approvals, documents and evidence. It reduces handover risk by making current status, history and exceptions visible without manual reconstruction.

    Demo CTA

    If your governance handover still depends on spreadsheets, shared drives and one person's memory, EntityFlo can help you build a clearer system of record for every entity, obligation, register and evidence trail. Book a demo to see how EntityFlo supports multi-entity governance control.

    We use cookies to improve your experience. Essential cookies are always active. You can accept all cookies or choose essential only.