Social posts push broader oversight

Board advisers are telling directors to widen the agenda: oversight now reaches beyond classic audit and compliance work into data governance, enterprise risk management, and audit quality. (weaver.com) Weaver published an April 7, 2026 board update that listed data governance, enterprise risk management, deal activity, board composition, and audit firms’ responses to Public Company Accounting Oversight Board inspection findings as themes shaping boardroom risk discussions in 2026. The firm said boards and audit committees should use targeted questions to test preparedness, accountability, and response capacity. (weaver.com) BDO’s Center for Corporate Governance says directors now oversee “purpose, strategy and risk” amid emerging issues, material risks, heavier regulation, and stakeholder demands, and it promotes board tools, surveys, and practice aids built around those pressures. Its 2024 board survey of nearly 250 directors found 31% expected to spend the most time on enterprise risk management in 2025. (bdo.com) (businesswire.com) The shift reflects how risk categories have piled up at once. Deloitte says boards in 2024 and beyond are facing more technology, cyber, regulatory, customer, activist-investor, and geopolitical risks, while PwC says the number and types of risks under board oversight continue to grow as businesses become more interconnected. (deloitte.com) (pwc.com) Data governance has moved into that mix because it is broader than cybersecurity alone. KPMG says it covers the integrity, protection, availability, and use of data, including privacy-law compliance, data ethics, and “data hygiene,” such as deleting information a company does not need. (assets.kpmg.com) Weaver’s checklist pushes boards to ask who owns critical data, whether formal policies and tested controls exist across key systems, how third-party and artificial-intelligence data use is governed, and whether management measures data’s value for growth and efficiency. The firm says boards should treat data governance as a strategic oversight priority, not only an information-technology control issue. (weaver.com) Enterprise risk management, or enterprise-wide risk mapping, is also being framed as a strategy tool rather than a separate compliance exercise. PwC says effective programs use one risk language, one assessment framework, integrated data and analytics, coordination across business, compliance, and internal audit teams, and a clear risk owner such as a chief risk officer. (pwc.com) Deloitte says audit or risk committees should oversee a risk matrix of the company’s most significant risks and challenge management each quarter to add new threats and reassess older ones. It also says boards should connect enterprise risk management to strategy through scenario planning and risk-tolerance decisions. (deloitte.com) Audit quality remains part of the same expansion. Weaver specifically pointed directors to audit firms’ responses to Public Company Accounting Oversight Board inspection findings, a sign that boards are being urged to look past the year-end audit opinion and into how the outside auditor is addressing regulator-identified weaknesses. (weaver.com) The practical message in these posts is that boards are being handed question lists, dashboards, and risk frameworks to make oversight more structured. The common thread across the guidance is that directors are expected to connect risk, data, controls, and strategy before problems surface in earnings, disclosures, or inspections. (weaver.com) (bdo.com)