Risk has long been part of board strategy discussions. What's changing today is how much sharper, faster, and more integrated conversations need to be. For directors, the question is not whether risk belongs in the strategy, but how effectively the board is turning risk insights into better decisions.
In the 2026 edition of What Directors Think, 47 percent of directors said strategic planning is one of the most pressing topics at their next board meeting, 44 percent cited AI and other digital or technology risks and opportunities, and 32 percent cited financial conditions and macro changes.
Equally noteworthy, 47% said the biggest improvement their board could make in terms of risk oversight was more frequent and structured full-board risk discussions, and 32% said they wanted clearer alignment between risk oversight and strategy setting.
If boards want sharper risk oversight, one of the most important questions they should ask is whether they are adequately supporting those responsible for turning a turbulent external environment into focused insights that inform board decision-making. Increasingly, that means general counsel.
GC as a “risk information communicator”
Diligent Institute's 2026 GC Risk Index shows how the role of GC has expanded. Almost half of legal leaders say they currently spend 21% to 40% of their time coordinating enterprise-wide risk and compliance, in addition to traditional legal responsibilities. In practical terms, this means that many GCs no longer practice solely as legal advisors. They are expected to be corporate coordinators and link governance, compliance, risk, operations and board reporting.
Its evolution reflects the risk environment itself. In our research, legal leaders rate the current level of risk facing their organizations at 7 out of 10, reinforcing the recognition that elevated risk is now the norm. The most common risks shaping that assessment were geopolitical conflict, changing regulatory environment, AI-related risks, and cyber threats, followed by supply chain disruption, workforce, culture, and talent risks. In other words, the risks that keep leaders up at night spill over into legal, operational, reputational, and strategic areas.
What makes the job difficult?
This study also suggests that many GCs are being asked to carry out this extensive mission without having the systems, structure, or authority necessary to carry it out effectively. Only 19% of legal leaders say their organization's governance, risk, and compliance systems are fully integrated. Report lines are also subdivided. For some companies, both risk and compliance are included in legal reporting. In other cases, compliance is legal and the risk lies elsewhere. And in about a quarter, both departments will report to the CEO or board of directors.
Fragmentation is important because it affects board perception. Only 21% of legal leaders say they are very confident that their boards are receiving the right mix of risk information. While boards may want better oversight, many organizations still lack the integrated data, role clarity, and reporting design needed to consistently provide concise, prioritized risk insights.
AI is exacerbating this challenge. In the GC Risk Index, only about half of legal leaders report measurable efficiency gains from AI in the past six months, while many others say their adoption has been exploratory and constrained by concerns about accuracy, illusions, security, governance frameworks, and training.
What the board can do to better support GC
For boards, the meaning is simple. If boards want GCs to help coordinate risk oversight, they need to make that role more viable.
- Drive more integrated systems and more consistent data. When risk and compliance information is scattered across disconnected tools, GCs must spend additional time piecing together fragmented inputs instead of allowing the board to focus on what matters most.
- Work with management and the GC to define the appropriate mix of risk information for the board. This means being clear about what the risk information should actually be, rather than passively accepting whatever material is included in the board packet.
- improve conversation quality. The most powerful boards don't just ask for more information. They are changing the way they interact with risk. This leaves room for the GC to contribute not just as a reporter of issues, but as a strategic interpreter of how those issues are related.
More strategic partnerships
Ultimately, that is the broader change that is underway. Directors are looking for more strategic, continuous and decision-informing risk oversight. GCs are playing an increasingly central role in delivering that outcome, but their success will depend in part on whether boards help create the conditions for this to happen, including integrated systems, clear reporting designs, better role alignment, and stronger board-level dialogue.
If a board wants better risk oversight, one of the wisest starting points is to ask not only what risks it faces, but also how well the GC is able to see around the corner.
