Sure, we’ve got economic uncertainty and the AI revolution to contend with. But let’s not lose sight of the fundamentals—good governance is always in style, especially as we approach year-end. As someone who spends their days (and sometimes nights) in the governance trenches with clients across industries, here’s my Top 10 list of essential governance topics for anyone in the governance world, from board members and executive leaders to chief audit executives and corporate secretaries.
1. Define Your AI Strategy
From mom-and-pops to global enterprise, every business needs an AI strategy, yet most of my clients still don’t have one. Your employees are asking questions like: Is it okay to use AI for work? Am I cheating if I use AI? (You’re not). You need to address this proactively.
Is your company prioritizing security or innovation? Are you going all-in on one platform or experimenting with multiple tools? Is your team chasing cost savings, process efficiencies, or service enhancements? Pick your battles, communicate your point of view, and empower your people.
Communicate with your board and create alignment with your priorities. Your plan doesn’t need to be perfect or carved in stone, which is exactly where most organizations get stuck.
Keep it simple. A one-pager outlining your vision, governance approach, objectives, controls, and expected benefits. One of our clients nailed their entire AI adoption strategy on a single visual slide. It worked beautifully. The goal isn’t perfection—it’s giving your team clear guidance on what’s acceptable when it comes to AI.
What to do: Have an AI discussion at the board and leadership level, define your strategy and communicate to your team (even if it’s not perfect).
2. Navigate the Minefield of AI-Powered Meeting Minutes
To transcribe or not to transcribe, that is the question. I recently facilitated a lively debate on this topic with corporate secretaries and paralegals, and opinions were all over the map. I believe the subject deserves the same airtime at your leadership committees and boards.
AI can dramatically improve the efficiency and comprehensiveness of minutes. No more waiting weeks for drafts or relying on sparse notes that fail the “business judgment rule” test.
However, there are valid concerns. We’re recording some of the most sensitive conversations in an organization. Transcriptions capture far more than we need for minutes, which can lead to extraneous information or details that could put you at risk. A litigator’s dream, in other words. My take? It depends.
For routine committee meetings—the Pension Committee or non-controversial Audit Committee sessions—AI transcription can be a huge time-saver. For strategy sessions, M&A discussions, or executive performance reviews? Maybe not. The key is weighing pros and cons and getting buy-in from your board and leadership team.
What to do: Discuss the appropriate use of AI transcription for different meeting types, develop guidelines, and get board and leadership alignment.
3. Nail Your CEO Reviews & 360 Feedback Plans
Conducting a robust CEO review is one of the most basic (and important) fiduciary duties of a board. Yet you’d be surprised how often this falls through the cracks, sometimes with disastrous consequences. I’ve seen firsthand how CEO performance issues fester and explode when the review process is weak or nonexistent.
Common mistakes? Outsourcing the whole thing to HR. (The process should be owned by the Board and delegated to a committee, not handed off to Human Resources.) Another mistake is failing to solicit 360 feedback from direct reports like the CFO, COO, and other key executives who work with the CEO day-to-day.
What to do: Ensure your CEO review process is independent and includes 360 feedback. Then DO the review. (You’d be amazed how many boards skip this entirely!)
4. Give Information Management Systems Some Love
With the rise of AI, information management is more important than ever. When tools like GitHub Copilot can see everything in your codebase, make sure you don’t have skeletons in your digital closet. I’ve worked with clients who’ve uncovered sensitive data—payroll records, anyone?—lurking in places it shouldn’t be during AI-driven data cleanup efforts.
Even if you’re not planning a major information management overhaul this year, do a quick assessment of current practices and identify areas for improvement in 2026. And if you’ve already got squeaky-clean data, congrats—you’re well-positioned to take a portfolio approach to AI and really leverage those investments.
What to do: Assess your current information management practices or make a plan for the upcoming year. Review your IM policies, guidelines, tools, and programs and identify gaps for 2026.
5. Reimagine HR Oversight in the AI Age
Between layoffs, the gig economy, and AI disruption, business as usual is officially over. It’s time to reimagine your talent strategy and HR practices through the lens of an AI-powered future.
Board and HR committee discussions need to move beyond compensation packages and stock options. You need a bigger, bolder strategy for getting the right people and maximizing the power of people, process, and technology. In many cases, you’ll need fewer people for certain roles. Accounting departments (and other departments) are shrinking. “The way we’ve always done it” is dying off.
On training, generic seminars are out. AI demands a more personalized, hands-on approach. The folks accelerating their AI journeys are actively experimenting and discovering new use cases. It’s not about hours of training, it’s about strategy and applications. How can you shift to peer-to-peer knowledge sharing and learn-by-doing?
What to do: Evaluate your talent needs and consider how AI can augment or replace certain roles. Rethink training programs to emphasize experimentation and peer learning.
6. Put Some Oomph in Your Board and Committee Planning
‘Tis the season for board and committee planning. But let’s be real—this exercise often feels like checking a box. To make it meaningful, build a proper workplan for the year that maps to your mandates and plans for meaningful discussions. This gives you a tool to do a year-end look-back and connect the dots between what you planned and what actually got done.
Use committee meetings to handle operational and administrative topics while reserving 60-70% of board meetings for strategic discussions.
Hot topics like AI may not be in your charters, but they should be in your plan. Get input from both Leadership and the Board to ensure you’re covering the right topics and maximizing meeting efficiency.
What to do: Develop committee workplans tied to charters/mandates; use committees for governance topics, board for strategy; do a year-end review to close the loop.
7. Give Your Policies the AI Sniff Test
The AI revolution is the perfect excuse to dust off your policy binder. But before you draft a 100-page manifesto on responsible AI use, take a breath. In theory, many AI risks and guidelines should already be covered by your existing policies on acceptable use, information management, and security. We shouldn’t need to tell people not to upload payroll data to ChatGPT any more than we need to ban printing counterfeit money on the office printer, right?
That said, an AI gut-check of your current policy suite is extremely useful. I’ve been working with clients to identify AI-related gaps in areas like:
- Acceptable use—is shadow AI happening on your watch?
- Cloud policy—are you protected against rogue data uploads to AI tools?
- Information governance—can you handle the data deluge from generative AI?
- Information Security—are your AI deployments and access controls up to snuff?
- Privacy—are you considering implications of AI-powered surveillance and profiling?
What to do: Review existing policies with an eye for AI risks, identify and address gaps, and create AI-specific guidelines if needed.
8. Level Up Your Board’s Tech Savvy
Having someone on the board who is “financially literate” has been a requirement for as long as I can remember. Looking for board members who are “digitally literate” is still relatively new, and many boards still don’t have an IT expert.
As digital transformation accelerates, boards can’t afford to be tech illiterate. For most of my clients, especially smaller ones, it’s about being intentional—keeping the board up to speed on key issues like cybersecurity, AI, and the overall IT roadmap. Where needed, bring in an expert to attend a board or committee meeting. Or assign someone with IT responsibility to keep the board informed.
Some tactics you might consider include: cyber training for board members, especially retirees who may not be getting ongoing training; annual board review of your IT strategy and roadmap; regular IT updates with KPIs at the board or committee level; formal board discussion of disaster recovery and continuity plans.
What to do: Assess your board’s IT fluency and implement an education and reporting cadence. Engage experts as needed and engage the board on IT strategy and risk management.
9. Embed Risk Management in the Business
Risk management sometimes gets a bad rap as a check-the-box paperwork drill. I’ve seen this too many times—clients have a risk matrix that gets dutifully updated, but there’s no action, no learnings, no accountability, and no value from the exercise.
When done right, even simple risk management is a powerful tool for achieving objectives, making better decisions, and staying out of trouble. The key is going beyond a generic list of risks in the AIF and embedding risk management in day-to-day operations.
That means taking a more granular approach, like having honest conversations with people in the trenches to find out what’s really keeping them up at night. It means implementing close coordination across operations, finance, internal audit, and compliance to connect the dots and drive continuous improvement.
What to do: Map enterprise risks to objectives and controls. Ensure risk management is driving action, discussions, learnings, and value and partner across risk and control functions to share insights and drive action.
10. Bring on the Bold (and the Different) in the Boardroom
The world is changing fast, and boards need to change with it. The traditional formula of Board membership comprised of ex-Big-4 partners, retired execs, lawyers, and bankers has its place, but it’s not enough in an age of disruption. We need bold, entrepreneurial voices at the table—folks who’ve put their own skin in the game and aren’t afraid to challenge the status quo.
I’m not saying we should kick all the accountants and attorneys to the curb. But we do need to make room for more diverse perspectives, even if it feels uncomfortable at first. We talk a lot about diversity on boards, but I’m not just talking about gender and ethnicity (although those matter). I’m talking about diversity of thought, background, and experience.
We need the disruptors, the innovators, the mavericks. We need people from different industries, different geographies, and different stages of life. We might even need a few friendly troublemakers.
Because let’s face it—the biggest risk is staying in your lane and playing it safe while the world passes you by. It’s time to peek outside our industry boxes and invite some friendly troublemakers to the party.
What to do: Identify opportunities to add entrepreneurial and non-traditional voices to the oard; encourage respectful debate and “what if” thinking in the boardroom.
And there you have it! Your not-so-typical top 10 list of governance topics to noodle on as we head into the home stretch of the year. Embrace the bold, get after the fundamentals, and let’s show 2026 who’s boss!
Because at the end of the day, good governance isn’t about crossing items off a list. It’s about creating sustainable value, building trust with stakeholders, and leaving things better than you found them. And in my book, that’s always in style.
*************************
At Risk Oversight, we help organizations turn governance from a checkbox exercise into something that actually creates value. Whether you’re building internal control programs, strengthening your internal audit function, or navigating board governance challenges (including all those AI questions that keep popping up), we bring practical, relationship-focused expertise to the table.
If any of these topics resonate with you—or if you’re wrestling with governance challenges as we head into year-end planning—I’d love to hear from you. To discuss, please email me at adrienne@riskoversight.ca.