Why Boards Can't Outsource Ethics
I finished the Australian Institute of Company Directors' Ethics in the Boardroom certification this week, and it's had me thinking about a question that doesn't get asked enough in governance conversations: whose job is it, really, to keep a company honest about what it says it stands for?
The instinct in most organizations is to hand that question to someone else. Legal owns compliance. HR owns culture. The audit committee owns risk. Somewhere in that division of labor, ethics becomes everyone's job in theory and no one's job in practice. It gets folded into a code of conduct that people sign once during onboarding and never think about again.
That's a mistake, and it's one boards are especially prone to making.
Fiduciary duty was never just financial
There's a version of board oversight that treats the job as basically financial: watch the numbers, approve the budget, ask hard questions about the strategy, sign off on the audit. Ethics shows up as a line item, usually as a report from the compliance officer, usually near the end of the meeting when everyone's already checked out.
That framing misses something. A board's duty of care and duty of loyalty were never meant to stop at the balance sheet. They extend to the decisions that shape whether a company actually behaves like the organization it claims to be, especially when behaving that way is inconvenient or expensive. Financial oversight tells you whether a company is solvent. It doesn't tell you whether the way it got there is something the company can stand behind.
That's where the board and the CEO share something no one else in the organization does: the standing to ask "should we" and not just "can we," and the authority to make that question stick.
The hard part isn't knowing right from wrong
Most ethical failures I've read about, and most I've seen up close, weren't cases where anyone sat down and decided to do something wrong. They were cases where a series of individually defensible decisions added up to something the organization wouldn't have chosen if it had looked at the whole picture at once. A sales target that quietly incentivizes corner-cutting. A vendor relationship that's technically arm's length but practically isn't. A culture where raising a concern reads as not being a team player.
Why this is a board-level problem, not a department-level one
A compliance team can catch violations. It's much worse at catching drift, the slow accumulation of decisions that never break a rule but gradually pull an organization away from what it says its mission is. Drift is invisible from inside a department because each individual decision looks reasonable in isolation. It's only visible from a vantage point that sees the whole organization over time, which is exactly the vantage point a board has and an operating team usually doesn't.
That's the case for why this sits with the board and the CEO specifically. Not because they're better people than anyone else in the company, but because they're the only ones positioned to see the pattern and the only ones with the authority to correct it before it becomes the culture.
It also means the board has to actually understand the ethical pressure points specific to its own industry and business model, not a generic list of governance best practices. A fintech board and a healthcare board are watching for different things. The pressures that show up in a high-growth company chasing a fundraise look different from the ones in a mature company managing a legacy workforce. Generic ethics training doesn't prepare you for that. Understanding your own company's actual risk surface does.
Where I've landed
Certifications like this one are useful less for the credential and more for the forced slow-down. Sitting with case studies, arguing through frameworks, being asked to defend a position instead of just having an opinion about it, that's the part that sticks. I came out of it more convinced that ethical oversight isn't a subset of governance. It's close to the whole point of it. The financial oversight exists to protect the thing worth protecting, which is an organization that does what it says it does, for reasons it's willing to defend in the open.
That's the standard I'm holding myself to at the board table going forward. Reach out to me to discuss further.