Risk has long been part of the board’s strategy conversation. What is changing today is how much sharper, faster and more integrated that conversation needs to be. For directors, the question is not whether risk belongs in strategy, but how effectively the board is turning risk insight into better decisions.

In the 2026 edition of What Directors Think, 47 percent of directors said strategic planning is one of the most pressing topics for their next board meeting, 44 percent cited AI and other digital or technology risks and opportunities, and 32 percent pointed to financial conditions and macro shifts.

Just as notably, 47 percent said the biggest improvement their boards could make to risk oversight would be more frequent and structured full-board risk discussions, while 32 percent said they want a clearer linkage between risk oversight and strategy setting.

If boards want sharper risk oversight, one of the most important questions they can ask is whether they are adequately supporting the people responsible for turning a turbulent external environment into focused, decision-useful board insight. Increasingly, that means the general counsel.

The GC as the “Conductor of Risk Information”

Diligent Institute’s 2026 GC Risk Index shows how much the GC role has expanded. Nearly half of legal leaders say they now spend 21 percent to 40 percent of their time on enterprise-wide risk and compliance coordination, on top of their traditional legal responsibilities. In practical terms, that means many GCs are no longer operating only as legal advisers. They are becoming enterprise coordinators, expected to connect governance, compliance, risk, operations and board reporting.

That evolution reflects the risk environment itself. In our survey, legal leaders rated the current risk level facing their organizations at 7 out of 10, reinforcing the sense that elevated risk is now a baseline condition. The risks most frequently shaping that assessment were geopolitical conflict, changes in the regulatory environment, AI-related risks and cyber threats, followed by supply chain disruption and workforce, culture and talent risks. In other words, the risks keeping leaders up at night spill across legal, operational, reputational and strategic lines.

What Makes the Job Harder

The research also suggests that many GCs are being asked to carry this broader mandate without the systems, structures or authority needed to do it effectively. Only 19 percent of legal leaders say their organization’s governance, risk and compliance systems are fully integrated. Reporting lines are fragmented too: in some companies, both risk and compliance report into legal; in others, compliance sits with legal while risk sits elsewhere; and in roughly a quarter, both functions report to the CEO or board instead.

That fragmentation matters because it affects what the board sees. Only 21 percent of legal leaders said they were very confident their board receives the right mix of risk information. Boards may want better oversight, but many organizations still lack the integrated data, role clarity and reporting design needed to consistently deliver concise, prioritized risk insight.

AI is amplifying this challenge. In the GC Risk Index, only about half of legal leaders reported measurable efficiency gains from AI in the last six months, while many others described adoption as exploratory and constrained by concerns about accuracy, hallucinations, security, governance frameworks and training.

What Boards Can Do to Better Support GCs

For boards, the implication is straightforward: If the board wants the GC to help orchestrate better risk oversight, it needs to make that role more executable:

1. Push for more integrated systems and more consistent data. If risk and compliance information is scattered across disconnected tools, the GC must spend additional time stitching together fragmented inputs instead of helping the board focus on what matters most.
2. Work with management and the GC to define the right mix of board risk information. That means clarifying what risk information should look like in practice, rather than passively accepting whatever materials arrive in the board packet.
3. Improve the quality of the conversation. The strongest boards are not just requesting more information; they are changing how they engage with risk. That creates space for the GC to contribute not merely as a reporter of issues, but as a strategic interpreter of how those issues connect.

A More Strategic Partnership

Ultimately, that is the broader shift underway. Directors are asking for risk oversight that is more strategic, more continuous and more useful in decision-making. GCs are increasingly central to delivering that outcome, but their success depends in part on whether the board helps create the conditions for it: integrated systems, clear reporting design, better role alignment and stronger board-level dialogue.

If boards want better risk oversight, one of the smartest places to start is by asking not only what risks they face, but how well they are enabling the GC to help them see around the corner.