The Governance Gap: When Boards Don’t Ask the Right Questions

The Illusion of Oversight: Framing the Governance Gap

Picture a polished boardroom. Directors lean back, slide decks gleam and nods of agreement ripple around the table. Confidence is high. Fast forward a few months and the company issues a profit warning, reports a cyber breach or faces a regulatory fine. Superficially the board “did its job”. But, as governance thinkers now point out, boards rarely fail through lack of information. They fail because they ask the wrong questions or none at all. Thoughtful governance requires more than compliance checklists and comfortable review cycles. It needs curiosity and challenge at the moment decisions matter most, especially when risks are ambiguous and fast-moving.

The governance gap is this disconnect between formal oversight structures and the ability to anticipate real strategic challenges. In the EU and UK, boards face expanding regulatory demands, intense environmental, social and governance (ESG) scrutiny and novel risks from AI, cybersecurity and stakeholder capitalism. Many governance frameworks demand process rather than insight, leaving boards with paperwork but not clarity on what risks truly threaten value. This article challenges conventional governance wisdom and explores why the right questions, and the courage to ask them, have never been more essential.

STRATEGY | Blindspots in the Boardroom

Strategic blindspots rarely arise from a lack of intelligence. They more often grow from patterns that feel rational. Boards lean heavily on historical metrics, grow comfortable with incremental thinking and sometimes defer too readily to dominant CEOs. The consequence is subtle but dangerous. Directors excel at performance monitoring yet underinvest in future sensing. Risk registers become crowded with compliance items while existential threats receive less scrutiny.

Corporate history offers sobering illustrations. Kodak’s leadership recognised digital photography but hesitated to challenge the economics of its legacy film business. Nokia detected the smartphone shift yet reacted cautiously as platform ecosystems redefined competition. In the UK, the Carillion collapse highlighted how optimistic projections and financial focus obscured deeper strategic weaknesses.

Avoiding these traps requires intentional disruption of boardroom thinking. Progressive boards run pre-mortem sessions, asking how a strategy could fail before committing capital. Others conduct scenario stress-testing that explores technology disruption, regulatory shifts and energy transition risks rather than relying solely on forecasts. Some refresh board composition by appointing directors with digital and transformation expertise, not just sector tenure.

Smart governance depends less on reviewing yesterday’s numbers and more on challenging tomorrow’s uncertainties.

TECHNOLOGY /  AI | Oversight or Overlooked?

Boards often treat AI as a technical detail rather than a strategic risk, intimidated by jargon-rich discussions and deferential to management or IT committees. This leads to blind spots in areas like algorithmic bias and cyber-attack vulnerability, where leadership fails to probe beyond surface assurances. For example, many European companies still lack formal AI policies, with a large proportion not disclosing any board-level oversight of AI risk in 2025 reporting.

The regulatory backdrop under the forthcoming EU AI Act heightens these stakes. High-risk systems will soon require board engagement under its governance mandates, and organisations with poor readiness risk penalties and reputational damage. Boards that skirt detailed data governance discussions also underestimate how digital power shifts business models and competitive dynamics, from AI-driven customer analytics to automated decision-making.

Practical remedies include establishing regular ‘AI risk briefings’ for directors, fostering AI literacy so boards can challenge assumptions, and convening external expert provocateurs to expose hidden vulnerabilities. Boards that treat tech risk as part of the core governance agenda rather than a delegated checkbox are better placed to navigate both opportunity and regulatory compliance.

CULTURE and BEHAVIOUR | The Polite Silence Problem

In many boardrooms the greatest threat to sound governance is not open disagreement but quiet conformity. Groupthink, first identified by psychologist Irving Janis, describes how cohesive groups drift towards consensus while suppressing critical evaluation. Collegial norms, status dynamics and a reluctance to appear negative all reinforce this “polite silence”. Research on psychological safety shows that even highly capable teams underperform when members feel unsafe to speak candidly.

The consequences are well documented. Post-crisis inquiries into the Royal Bank of Scotland highlighted failures of board challenge and excessive deference before the 2008 collapse. Similarly, the Financial Reporting Council has repeatedly warned that effective boards require constructive tension rather than superficial harmony.

Practical countermeasures exist. McKinsey & Company recommends pre-mortems and red-team exercises to stress-test decisions. Rotating a formal devil’s advocate role legitimises dissent, while anonymous decision reviews help surface concerns that hierarchy might otherwise mute. These mechanisms transform challenge from a social risk into a governance discipline.

CRISIS and RISK | Before the Fall

Most boardroom crises do not arrive as lightning bolts. They develop quietly while directors succumb to optimism bias, success-driven complacency and simple risk fatigue. When performance looks strong, uncomfortable questions feel unnecessary. Warning signs are rationalised away. By the time reality intrudes, options have narrowed and reputations unravel quickly.

The downfall of Carillion showed how aggressive revenue recognition, rising debt and fragile cash flows were visible long before collapse. Parliamentary inquiries concluded that risks were evident yet insufficiently challenged. The Boeing 737 MAX tragedies similarly revealed how safety, governance and production pressures combined over time rather than emerging from a single shock. Subsequent investigations highlighted failures of oversight, escalation and challenge. Research reinforces a crucial insight…. corporate disasters are typically slow-burn failures. They stem from accumulating cultural and operational weaknesses.

Stronger boards rehearse for trouble. Crisis simulation labs expose decision gaps under pressure. Directors can ask, “What are we pretending not to know?” Tracking leading indicators such as staff turnover, near misses and customer complaints helps surface risks before they become headlines.

FUTURE of GOVERNANCE | From Box-Ticking to Real Accountability

Modern governance demands more than immaculate compliance. Regulatory adherence does not guarantee effective oversight, just as independence does not ensure courage, and expertise does not automatically produce curiosity. Too many boards still confuse process with performance.

Recent corporate failures underline this gap. Wirecard met numerous formal requirements yet concealed fraud for years, exposing how checklist governance can coexist with catastrophic blind spots. Reviews of Carillion reached similar conclusions, criticising superficial challenge despite extensive reporting structures.

Fresh thinking reframes the board as a learning system rather than a supervisory ritual. The Financial Reporting Council increasingly emphasises outcomes, culture and stakeholder engagement in its Board Effectiveness Guidance. Meanwhile, governance analytics and behavioural audits are gaining traction, helping boards measure decision quality, cognitive bias and information flow. Stakeholder intelligence loops, where employee, customer and supplier signals inform strategy, are moving from theory to practice.

This shift aligns with evolving UK and EU expectations. Expanding ESG and sustainability duties, alongside sharper executive accountability regimes, require boards to demonstrate judgement, foresight and adaptability, not simply procedural compliance.

Synthesis — The Real Governance Gap

Governance breakdowns are rarely caused by missing committees or inadequate policies. Post-crisis reviews repeatedly show that failures stem from cognition, behaviour and culture rather than structure. Boards often possess the data, expertise and formal independence required. What is absent is the willingness to challenge assumptions, confront discomfort and test optimistic narratives. The gap is not between regulation and compliance but between knowing and asking. Between awareness and intervention. Between polite agreement and constructive tension.

Closing this gap demands experimentation. Better questions. Different conversations. Less performance, more intellectual friction. Directors must treat doubt as diligence and disagreement as governance in action, because the lesson from corporate collapses and strategic misfires is stark: The most dangerous question in the boardroom is often the one never asked.

And what about you…?

• When did your board last change its mind? If you struggle to recall a recent reversal or significant reframing, is challenge genuinely happening or is consensus being assumed?

• Are you measuring governance quality or merely activity? Do you track decision effectiveness, cognitive bias, and leading indicators of trouble, or just compliance milestones?