Trends in Board Concerns and Expectations: What Ethics and Compliance Leaders Must Know
On a recent Ethicast, Bill Coffin and I discussed the trend of boards asking more of their E&C teams, as well as increased scrutiny, driven by a variety of internal and external pressures.
- Data Integrity and Risk Reflection: Boards are questioning how CECOs collect and present data, whether it accurately reflects organizational risks and ethical standing, and what measures are taken to identify and mitigate top risks.
- Reputational Harm: Recent high-profile cases of executive misconduct and incidents amplified by social media have heightened board sensitivity to reputational damage.
- Global and Regulatory Issues: Boards are anxious about global economic instability, geopolitical tensions, trade and tariff changes, cyber threats, and the continuous evolution of regulations, particularly in the U.S. They worry about the impact of U.S. regulatory changes on global compliance programs.
- Program Skepticism: There is skepticism about the effectiveness and longevity of various compliance programs, especially as some are being scaled back or eliminated (e.g., DE&I/DEIB).
- Budget Considerations: Some boards believe E&C budgets should be reduced due to regulatory changes.
- AI: Boards are keen to understand the role of artificial intelligence and agentic AI in compliance, seeking guidance from E&C professionals.
These concerns are an invitation for E&C to step up and evaluate their board relationship.
Building a More Robust Relationship with Your Board
The importance of having a strong and direct relationship between E&C and the board can’t be overstated. While many E&C leaders still report to a General Counsel or another executive, having a direct line to the board facilitates open, honest dialogue about compliance, risk, and ethics matters.
Meanwhile, boards should know what to expect each quarter in terms of reporting. When they receive credible reporting in a consistent format, they are better equipped to engage in productive dialogue, empowering E&C professionals to provide deeper insights.
Where to Start: Assessing Tools and Processes
A good first step in determining metrics used in board reporting is to step back and evaluate the organization’s existing tools and processes, including:
- Evaluating efficiencies and inefficiencies
- Testing data quality, including where data is transferred among multiple systems or reformatted for different reports
- Questioning the validity of audit trails
- Identifying silos
- Understanding the organization’s Enterprise Risk Management (ERM) capabilities and processes
This should uncover gaps, inefficiencies, and areas for improvement as well as a clear idea of which metrics can be reliably tracked for effective board reporting.
Moving Beyond Basic Metrics and Enabling Unified Data Needs Across Functions
Consistent, insight-driven data enables a shift from transactional reporting to strategic partnership. However, it’s common to see metrics such as “5,000 employees completed antitrust training” featured in board reports. While easy to track and report, metrics like this might not tell the story of the compliance program’s effectiveness and progress or provide the board with any actionable insights.
E&C, Finance, Legal, IT, and other functions may rely on the same core data, even if they require it in different formats or levels of detail. An emerging trend is the integration of E&C professionals into the ERM process, which can provide more meaningful metrics for board reporting.
The Importance of Interconnected Reporting and Systems
Interconnected reporting and systems have become essential given the complexities of compliance today. The only viable way to ensure appropriate visibility for the board is through tools and processes that seamlessly share information. Foundational elements at the heart of compliance programs are:
- Policy Management: Having a system to manage, update, and communicate policies.
- Training and Metrics: Ensuring employees are properly trained, and tracking completion and effectiveness.
- Monitoring and Reporting: Operating hotlines, conducting surveys, and managing disclosure processes.
- Case Management and Investigations: Tracking investigations, setting metrics, and closing the loop on compliance issues.
When integrated effectively, these solutions allow organizations to extract and analyze data easily, enabling a reliable and comprehensive narrative.
From Systems to Relationships: The Path to Integrity
Shared data and integrated reporting unlock the ability to tell a story of continuous improvement and ethical leadership. Ultimately, this holistic approach—combining the right tools with strong relationships and values—ensures compliance programs are not only effective, but also contribute to a culture of integrity and trust.
The Role of Ethics and Compliance in Strategic Planning
Ethics and compliance are often assumed to be central to an organization’s strategic planning, but in practice, their involvement varies widely. Since every strategic decision inherently involves risk, E&C’s involvement is critical.
The Value of Relationships
Success in ethics and compliance is not just about technical expertise or credentials. It’s about ongoing curiosity, relationship-building, and a commitment to understanding the business from multiple viewpoints.
Leading an E&C program inherently involves working across functional boundaries and requesting information from various employees. This is an ideal opportunity to explain the rationale behind the request and acknowledge the crucial role employees play in protecting the organization. This is also potentially a time to learn what drives other areas of the business, gauge their risk awareness, and observe how well organizational values are being practiced.
Looking Forward
Understanding the board’s perspectives, establishing baseline reporting with reliable data insights, and learning the business have created a clear path forward for E&C leaders:
- Understand the board’s perspective. Clarify what decisions the board is trying to make, how they prefer to consume information, and their current risk appetite. Align on what “good” looks like, including thresholds for escalation on issues like AI use, reputation risk, and regulatory change.
- Evaluate processes, tools, and silos. Map key data flows end to end, identify the system of record for each metric, and eliminate manual rework that distorts data. Document owners and SLAs, tighten audit trails, and close gaps between E&C systems and ERM so insights travel without friction.
- Establish metrics and build reporting on a foundation of credible, consistent data. Shift from activity counts to outcome and effectiveness measures tied to top risks. Standardize definitions, show trendlines and benchmarks, and set clear thresholds and remediation timelines so the board can see progress and residual risk at a glance.
- Establish cross-functional relationships. Create a simple governance cadence with Finance, Legal, HR, IT, and ERM that includes shared dashboards and data handoffs. Co-own select metrics, embed E&C reviews in product and strategy gates, and maintain two-way feedback loops to surface emerging risks early.
- Learn the business. Understand the revenue model, customer journey, and where value and risk concentrate across geographies and third parties. Use site visits and shadowing to translate ethics into operational choices, then tailor controls, training, and reporting to what actually drives performance.
By embracing these practices, E&C professionals can move beyond the role of reporters and establish more strategic relationships in their organizations and with their boards.
Laura Jacobus is Vice President, Strategic Advisory Services, with global technology organization Mitratech.
