As noted in my most recent LinkedIn post, 2025 turned out to be an unexpectedly big year for these conversations, with more than one million views and over 200,000 reactions. That level of engagement doesn’t happen by accident. It suggests there’s a deep and growing frustration across the risk, audit, and governance community that something fundamental still isn’t clicking inside corporate boardrooms.
In my recent post, I suggested that risk management and internal audit would better serve management, boards, and stakeholders if they operated from a shared purpose. The idea is straightforward: both functions should focus on ensuring leadership receives reliable, decision-useful information about the uncertainties that affect the organization’s mission critical objectives. If they did that consistently, organizations would make better decisions and achieve better outcomes.
The conversation began with a question posed in a recent post, “Are professional institutes and regulators rejecting AI research and logic because they don’t want to change?”
When Delaware’s Chancery Court reminds directors that they have a fiduciary duty to oversee mission critical risks, it’s diagnosing a deeper governance disease, not just offering abstract legal theory.
In a recent social media post, I laid out what I see as the joint purpose of risk groups and internal audit. The response reinforced what I’ve long believed—that governance works best when accountability is simple, logical, and aligned with fiduciary duty.
In my recent post, the central question was posed with disarming clarity. If mission critical objectives (MCOs) define the very survival and long-term performance of an organization, why don’t regulators require boards to focus their oversight on them? It seems like the most direct way to strengthen governance.If boards were explicitly tasked with monitoring risks to MCOs, they would naturally direct management, risk teams, and internal auditors to align their assessments and reporting accordingly. Instead, regulators continue to emphasize processes and disclosures that often miss the mark, leaving businesses exposed and stakeholders carrying the weight of failures that cumulatively amount to staggering losses.
In my previous piece, Why Boards Still Don’t Ask the Hard Questions About Mission-Critical Risk, I explored why so few boards demand reporting on the risks and uncertainties that threaten an organization’s most important objectives. Like that piece, this one began with a social media post that sparked a strong reaction, because it points to a governance reality many know but rarely admit.