When he meets with board members, Donald Sinko, Cleveland Clinic’s chief integrity officer, keeps laser focused on risks because that’s what they need to know about. Sometimes compliance officers are tempted to talk about everything they’re up to, but what matters to the board is strategy and whether risks are identified and mitigated.

“If people are just presenting, ‘Here is what we’re doing,’ that’s boring for board members,” Sinko says. The point is to present “actionable things. Here are issues and concerns. I have seen lots of board presentations in different organizations, and what gets presented is how great everything is. Most board members are CEOs and CFOs. They know there are issues and problems. They’re thinking, ‘What am I not hearing?’ They want to know you’re doing risk assessments and you have plans to address the things you think are potential problems. Because the board’s main focus is risk.”

The quality of the communication between compliance officers and board members has great impact on their oversight of the organization. There’s a tug of war, however, between the time board members have to devote to their clinical, financial and compliance oversight, and the overwhelming amount of material they have to consider. Some compliance officers say board members are asking more thoughtful questions because they’re receiving better education about regulations and risks, and they may speak directly to department managers about risk areas and compliance problems. But board members also may be relying more on shortcuts like consent agendas as meetings last three to five hours and materials run into the hundreds of pages.

Boards are starting to request shorter, more consolidated reports, which puts the burden on managers to select the most salient matters, says Margaret Hambleton, vice president and chief compliance officer at Dignity Health in California. “What it can start to look like is you’re intentionally trying to provide the board with information on paper that shows they are complying with their oversight responsibilities, but it’s not giving them enough information to do that effectively,” she says. “It’s not hiding information from the board exactly, but it’s not highlighting information they need to see and talk about. That’s what I worry about when everything becomes so summarized and brief or done just through consent agendas. I worry management hasn’t given them the right tools they need to do their jobs effectively.”