Man raising his hand to ask a question in a meeting

IESE Insight

Risk should be the language of the boardroom, not a compliance ritual

June 9, 2026

In business, what looks like a productive conversation about risk isn’t always the one that best serves your firm or your strategy.

For many corporate boards, a discussion of risk follows a discussion of strategy. The one is an offshoot of the other — important, but not on the same level. And the questions that are asked about risk, even when directors are prepared to dig, often focus on costs, timings or supply chains. In short, they are mostly operational.

But risk shouldn’t be seen as an add-on to strategy, it needs to be a part of the strategy. Meetings should include open-ended questions that go further: “What if the technology behind our product evolves or is displaced? What if a certain decision is based on faulty assumptions?”

These are the real risks that can determine whether an investment succeeds or fails. When they aren’t addressed, it’s rarely because the board is negligent; in fact, it’s a common scenario. Nonetheless, good risk governance requires exercising judgment and humility about when to go deeper, knowing when the room feels not so much settled, as complacent.

What boards consistently miss in conversations about risk

Choosing to enter a market, acquiring a company or locking in a supplier creates assumptions about uncertainty on a board level. If those assumptions aren’t challenged at the time the decision is made, a separate risk assessment will rarely bring them up.

The best boards look at strategy and risk as a single question. But for this to happen, you need people who are fluent in strategic risks, experienced and empowered in challenging management assumptions.

Some risks that are typically taken less seriously by boards include:

Strategic and technological risk. Boards engaging with technology tend to ask operational questions like, “Are costs within budget?” It’s a legitimate question, but not the first one that should be asked. More important questions might be, “Is this technology the right one? What will happen if it is obsolete in five years? Are we creating dependencies we don’t fully understand?”
Time horizon. Median CEO tenure in the S&P 500 has fallen by 20% over the past decade, meaning CEOs are now in control for less than five years on average. Even those who aren’t short-termist by nature must respond to the pressures of their situation. Boards are meant to provide a longer-term view, but many drift.
Corporate culture. Seen as intangible, culture is often left unaddressed. But cultural signs, like management teams that are never wrong or an absence of internal dissent, are a sure sign of real risk. Many of the corporate governance fiascos of the past two decades showed these early warning signs.

The board’s evolving role, from oversight to ownership

Most boards already have risk on the agenda, but the most resilient are those who ask real questions, especially when performance looks strong.

If you chair a board or sit as a nonexecutive member, remember you are ideally placed to ask these questions, the ones that get to the underlying assumptions about the market, the technology and the landscape three to five years into the future.

This article was adapted from one published in the Center for Corporate Governance newsletter. To sign up to the newsletter, click here.