Most major governance failures were not caused by a lack of information. They were preceded by silence. Information existed, but it was softened, filtered, delayed, or never escalated.

In June 2017, Carillion paid a final dividend of £55 million to shareholders. One month later, the company issued a profit warning. Six months after that, it collapsed with liabilities approaching £7 billion.

The post-mortem was damning. The joint parliamentary inquiry found that the board had been receiving financial information that was “misleading, incomplete, or both”. But here is the detail that haunts me: there were people inside Carillion who knew the situation was far worse than the board papers suggested. The concerns existed. They simply never reached the boardroom in undiluted form.

This is not an isolated case. From Enron to Thomas Cook, from Patisserie Valerie to NMC Health, governance failures share a common feature: the board did not hear what it needed to hear until far too late.

The question every director should be asking is not “Do we have adequate reporting?” It is “What is not reaching us, and why?”

The Difference Between Reporting and Voice

Every competent board has reporting mechanisms. Monthly management accounts. Risk registers. Audit findings. Compliance dashboards.

But reporting mechanisms measure what someone has decided should be measured. They surface what someone has determined is important. They operate within parameters set by those who control them.

Voice is different. Voice is the capacity for anyone in an organisation, regardless of seniority, to raise concerns that may not fit neatly into existing categories. Voice is the willingness to say “something feels wrong” before the data confirms it.

Research from Harvard Business School has consistently shown that organisations with strong “speaking up” cultures identify problems earlier and respond faster than those where concerns are suppressed. This is not sentiment. It is an operational reality.

Yet boards frequently confuse the existence of reporting channels with the presence of genuine voice. A risk register can show green across every metric while existential concerns go unspoken. A whistleblowing policy can exist while employees correctly calculate that using it would be career suicide.

The Psychology of Silence

To understand why concerns do not reach boards, you must understand what silence costs and what it buys.

Speaking up, genuinely speaking up, about something that challenges established narratives, is personally risky. Research by Morrison demonstrates that employees mentally calculate the expected costs of voice against expected benefits before deciding whether to raise concerns. When costs appear high and benefits uncertain, silence becomes rational.

At executive level, this calculation is even more weighted toward silence. Senior managers have more to lose. Raising concerns that implicate colleagues or contradict the CEO’s preferred narrative carries professional risk. Research published by Wowak et al. in the Strategic Management Journal found that executives systematically under-report bad news to boards, particularly when their own compensation or tenure is potentially affected.

This creates what organisational theorists call “filtered communication, a progressive softening of information as it travels upward through hierarchy. The shopfloor complaint becomes a “minor operational issue” at departmental level, an “item for monitoring” at divisional level, and a reassuring footnote in the board pack.

Power Gradients and the Escalation Trap

Consider the structural challenge facing anyone who wishes to escalate a serious concern to board level.

First, they must believe the concern is genuinely significant, not merely their own misunderstanding. Self-doubt is the first filter.

Second, they must identify an appropriate channel. Formal whistleblowing procedures typically exist for fraud or illegality, not for concerns about strategic misjudgement or cultural problems.

Third, they must trust that the recipient will act appropriately and protect them from retaliation. Research by Near and Miceli demonstrates that fear of retaliation is the primary reason employees do not report concerns.

Fourth, they must overcome the power gradient. Telling a Chief Executive that their flagship project is failing requires considerable courage. The power differential between the person raising concerns and those being implicated creates structural barriers to truth-telling.

The FRC’s Guidance on Board Effectiveness acknowledges this challenge, noting that boards “should consider carefully how they obtain information about workforce views and concerns”. But most boards remain structurally distant from the workforce, receiving information exclusively through management filters.

The Risk Register Fallacy

I want to address directly one of governance’s most dangerous illusions: the belief that risk registers capture organisational risk.

Risk registers are useful tools. They provide structure for identifying, categorising, and tracking known risks.

But risk registers have fundamental limitations. They capture risks that have been identified, articulated, and deemed worthy of inclusion. They do not capture risks that nobody has yet recognised or that someone has decided not to raise.

A study by the Institute of Risk Management found that over 70% of major corporate failures involved risks that were either not present in the risk register or were rated at levels that did not trigger board attention. The register said one thing. Reality was different.

More troubling, risk registers can create false confidence. A board that reviews a comprehensive risk register may conclude that risk is being properly managed, precisely because the document appears thorough.

The Carillion board reviewed risk registers. The BHS board reviewed risk registers. The Thomas Cook board reviewed risk registers. The registers did not save them because the registers did not contain the truth.

Managed Messaging: When Information Becomes Performance

Every experienced attendee at board meetings has witnessed managed messaging, the careful curation of information provided to boards.

This curation takes many forms. Presenting negative developments alongside positive ones to create balance. Using technical language that obscures rather than clarifies. Burying significant details in dense appendices. Framing setbacks as “challenges” that are “being addressed.”

None of this is necessarily dishonest. Some curation is necessary and appropriate.

The governance risk arises when curation becomes manipulation, when the purpose shifts from enabling board understanding to managing board perception.

Research by Westphal and Graebner examined how CEOs influence board decision-making through impression management. They found that boards receiving carefully framed information consistently underestimated risks compared to boards receiving the same information presented neutrally.

The UK’s Walker Review on bank governance failures observed that boards were often presented with information that was “technically compliant but failed to convey the true magnitude of risks being undertaken”. Managed messaging had become so normal that directors did not recognise what they were not being told.

What Silence Costs

The consequences of boardroom silence are tangible, measurable, and often devastating.

Consider the reputational cost when suppressed concerns eventually surface through investigation or failure. The damage is always worse for having been concealed. Stakeholders who might have tolerated problems addressed openly become unforgiving when they discover deliberate obfuscation.

Consider the financial cost of delayed action. Problems that could have been corrected with modest intervention become expensive crises when left to develop. Research by McKinsey found that companies addressing compliance failures proactively incurred costs 50% lower than those addressing failures after they became public.

Most fundamentally, consider the governance cost. A board that does not hear the truth cannot make good decisions. Every strategy approved, every risk accepted, every executive remunerated on incomplete information is potentially flawed.

Building Conditions for Voice

If you accept that silence is a governance failure, and I would argue it is impossible to view it otherwise, then the question becomes practical: how do boards create conditions where truth reaches them?

Direct workforce access. Some boards designate non-executive directors to meet with employees at multiple levels without management present. The International Corporate Governance Network (ICGN) recommends this practice specifically to create unfiltered information channels.

Multiple information sources. Boards receiving information exclusively from the CEO are structurally vulnerable to filtering. Effective boards ensure they receive direct reports from the CFO, Chief Risk Officer, and Head of Internal Audit, with genuine independence.

Psychological safety at board level. Research by Edmondson demonstrates that psychological safety is the single most important factor in enabling voice. Non-executives who feel unable to challenge management cannot be effective governors.

Anonymous concern mechanisms. Research by the Ethics and Compliance Initiative found that whistleblowing hotlines work only when employees trust that concerns will be investigated fairly and that retaliation will genuinely not occur. This trust must be earned through demonstrated practice.

Questions over answers. Directors who arrive at board meetings with questions rather than conclusions are more likely to surface suppressed information. The practice of asking “What are we not discussing?” creates space for uncomfortable truths.

The Audit Committee’s Special Responsibility

Within board structures, the Audit Committee holds particular responsibility for information integrity.

The FRC’s Guidance on Audit Committees states clearly that the committee should “monitor and review the effectiveness of the company’s internal audit function” and “review arrangements by which staff may raise concerns about possible improprieties” (FRC, 2016).

In practice, this means Audit Committee chairs must actively seek evidence that filtering is not occurring. They must ask internal auditors, directly, outside management’s presence, whether concerns exist that have not been escalated.

The CIIA’s guidance is explicit: “The internal audit function should have unfettered access to the Audit Committee chair, without management presence”. This access means nothing if it is not exercised.

An Uncomfortable Question

I want to conclude with a question that requires honest self-reflection.

Every director believes their board receives accurate, complete information. This belief is necessary for directors to fulfil their duties with confidence.

But belief is not evidence.

The directors of Carillion believed they were informed. The directors of Enron believed they were informed. The directors of countless failed organisations believed they were informed right until the moment they discovered they were not.

Governance frameworks focus heavily on what boards must do: approve strategies, oversee risk, set remuneration. But all of them depend on a prior condition that receives far less attention: that the board actually knows what is happening.

So here is the question every director should ask themselves:

If something were going wrong in your organisation, something significant, something that would make powerful people look bad, how confident are you that your board would hear about it?

If the answer is anything less than certain, that gap between confidence and certainty is where governance fails.

Until next time, if everything seems too good to be true, it probably is. Keep asking those challenging questions.

Erika