Loading...
Loading...
The gap between what the organisation knows and what the board knows is the single largest source of unmanaged director liability. Every layer of management filters information before it reaches the boardroom. The result is not an oversight problem. It is a structural one — and it has legal consequences.
The core argument: Directors are personally liable under s180 of the Corporations Act for failing to take “reasonable steps” to be informed. But the information architecture of most organisations makes it structurally impossible for boards to be informed. The solution is not better board papers — it is governance telemetry that bypasses management filters entirely.
Information asymmetry in governance is not about secrecy. It is about structure. In any hierarchical organisation, information originates at the operational level — where work happens, risks materialise, and decisions are executed. That information must travel upward through multiple layers of management before it reaches the board.
At each layer, information is filtered. Not necessarily with bad intent — often through ordinary organisational dynamics: summaries compress nuance, aggregation obscures outliers, narrative framing reshapes facts to fit strategic priorities, and delay erodes relevance. By the time information reaches the board, it has been transformed.
The board does not see reality. It sees management's interpretation of management's interpretation of reality — a derivative of a derivative. This is information asymmetry: the people who govern the organisation know systematically less about what is happening than the people they govern.
The paradox: The people with the authority to govern have the least information. The people with the most information have the least authority. This is not a bug in corporate governance — it is the defining structural challenge.
Each layer of management between operations and the boardroom acts as a filter. Some filtering is necessary — boards cannot process every operational data point. But the cumulative effect is not simplification. It is distortion. By the time information has passed through four or five layers, its fidelity to operational reality has collapsed.
What actually happened — unfiltered, real-time, granular
First filter: minor issues omitted, context lost, numbers rounded
Second filter: aggregated across teams, negative signals softened, timelines compressed
Third filter: reframed for strategic narrative, risks presented as managed, urgency downgraded
Final filter: weeks old, heavily summarised, optimism-biased, detached from operational texture
Cumulative information fidelity loss
The board receives 32% of operational reality. Not because anyone is lying — but because the architecture of information flow guarantees progressive fidelity loss. This is the management filter: a structural feature, not a personnel problem. Replacing individual managers does not solve it. Only changing the information architecture solves it.
Information asymmetry has a temporal dimension. Most boards meet quarterly. Board packs are prepared 2-4 weeks before the meeting, using data collected 2-4 weeks before that. By the time a director reads a board paper, the information it contains is 30-90 days old. In that time, the organisation has moved on. The board is governing a version of reality that no longer exists.
Operational reality stays at 100%. Board information decays as time passes, data is filtered, and reports are compiled.
100%
What the organisation knows right now
~60%
What the board knows at 30 days
~38%
What the board knows at 90 days
The 90-day gap is not about negligent directors or incompetent management. It is about physics: information decays as it travels through hierarchical systems. The gap is widest precisely when boards need the most accurate information — during crises, regulatory actions, and rapid market shifts. The organisations most vulnerable to the 90-day gap are those operating in the most dynamic environments.
Section 180 of the Corporations Act requires directors to exercise their powers and discharge their duties with the degree of care and diligence that a reasonable person would exercise. This includes taking reasonable steps to be informed about material matters affecting the organisation.
The question is: in an era of real-time data, continuous monitoring, and automated reporting — what constitutes “reasonable steps”? Can a director satisfy this standard by reading quarterly board packs that have been filtered through four layers of management? Or does the standard now require something more — direct visibility into operational reality that is independent of management's editorial choices?
Did the board have access to unfiltered operational data?
No — relied entirely on management-prepared board packs
Yes — governance telemetry provided direct visibility independent of management
Could the board detect management filtering?
No — filtering is invisible to the recipient of filtered information
Yes — discrepancies between telemetry signals and management reports would be visible
Did the board receive timely warning of material risks?
Only if management chose to escalate — which is the very problem
Automatic escalation when governance thresholds are breached — management cannot suppress
Can the board reconstruct the basis for past decisions?
Rarely — board minutes capture outcomes, not deliberation or information basis
Always — governance traces record the full decision context at the moment of decision
Did the board take steps to verify management reporting?
Sporadic — occasional deep-dives, but no systematic verification architecture
Continuous — telemetry provides an independent verification channel by design
The evolving standard
Courts apply the reasonable person test in context. When real-time governance telemetry is available, affordable, and widely adopted, the standard of “reasonable steps” will shift. Directors who relied on quarterly board packs when real-time alternatives existed will face the same scrutiny as directors who relied on annual audits when quarterly reporting was available. The standard moves with the technology.
The following composite cases illustrate how information asymmetry operates in practice. In each case, the board was not negligent — it was structurally uninformed. The management filter removed the signals that would have enabled governance action.
A financial services firm discovers systematic AML compliance failures. Internal reports had flagged transaction monitoring gaps for 18 months. Each management layer reassured the layer above that issues were being addressed.
What the board knew
Board papers reported compliance as 'on track' with 'minor remediation items in progress'. Quarterly risk dashboards showed green across all compliance metrics.
What was actually happening
Over 23,000 suspicious transactions went unreported. The compliance team had raised escalations that were absorbed by middle management. The risk dashboard reflected management's assessment, not operational reality.
Consequence
Regulatory penalty. Directors personally named. Defence of 'we relied on management reports' failed under s180 — reliance on filtered information is not a reasonable step when the filtering itself was the problem.
A resources company experiences a catastrophic site failure. Near-miss reports had been escalating for two years at the operational level.
What the board knew
Safety metrics showed a declining Lost Time Injury rate. The board received a safety presentation every quarter showing improvement trends.
What was actually happening
Near-miss reporting had been systematically suppressed by site managers worried about performance reviews. The declining LTI rate reflected less reporting, not safer operations. The board was shown a derivative of a derivative — management's interpretation of managers' interpretations.
Consequence
Fatality. Royal commission. Board members found to have failed their duty of care — not because they ignored safety, but because the information architecture guaranteed they could not see the signals.
A major organisation suffers a data breach affecting millions of customers. The security team had been raising concerns about legacy system vulnerabilities for three years.
What the board knew
The board received annual cybersecurity updates. The most recent presentation described the security posture as 'maturing' with 'investment in key controls underway'.
What was actually happening
Critical patches were 14 months overdue. The security team's risk register classified 4 systems as 'critical' — but the CTO's board paper translated 'critical' to 'high priority for next budget cycle'. The urgency was filtered out at the executive layer.
Consequence
Breach, regulatory investigation, class action. Directors could not demonstrate they took reasonable steps to be informed about cybersecurity risks — because the information they received had been structurally cleansed of urgency.
In every case, the pattern is identical: operational signals existed but were filtered before reaching the board. The board relied on management-prepared information. Management — consciously or unconsciously — softened, delayed, or omitted the signals. When the failure materialised, the board could not demonstrate it had taken reasonable steps to be informed. The information architecture was the liability.
Most organisations respond to information asymmetry with better dashboards — more charts, more KPIs, more visualisations. But dashboards are still management-curated artefacts. They show what management chose to measure, in the format management chose to present, at the frequency management chose to update. Dashboards are the management filter with better graphic design.
Governance telemetry is architecturally different. It is not a report. It is a real-time data feed from operational systems to the governance layer, independent of management editorial control. The distinction is structural, not cosmetic.
Dashboard Governance | Telemetry Governance | |
|---|---|---|
| Latency | F30-90 days. Board papers prepared weeks before meetings, based on data collected weeks before that. | AReal-time to near-real-time. Governance signals flow as events occur, not when reports are compiled. |
| Completeness | DSelective. Management chooses what to include. Material omissions are invisible to the board. | AComprehensive. All material decisions, constraint violations, and risk signals captured automatically. |
| Filtering | FMulti-layer. Each management tier removes context, softens language, and reframes narratives. | AUnfiltered. Data flows directly from operational systems to governance layer. Management cannot edit the signal. |
| Independence | FZero. The people being governed control the information the governors receive. | AFull. Telemetry is architecturally independent of management editorial control. |
| Auditability | DMinimal. Board minutes record outcomes, not deliberation. The basis for decisions evaporates within weeks. | AComplete. Every governance event is traced — who decided, what was decided, on what basis, what resulted. |
| Real-time alerts | FNone. Board learns about problems at the next scheduled meeting — if management includes them in the pack. | AAutomatic. Constraint violations, threshold breaches, and escalation triggers notify the board immediately. |
The shift: Dashboard governance asks “what does management want us to see?” Telemetry governance asks “what is actually happening?” The distinction matters because director liability attaches to what the board should have known, not what management chose to show. When telemetry governance is available, relying on dashboard governance may no longer satisfy the reasonable steps test.
Governance telemetry solves information asymmetry by changing the architecture, not the people. Instead of relying on management to report upward, telemetry streams structured governance data directly from operational systems to the board — in real time, unfiltered, and independently verifiable.
Material decisions, constraint violations, and risk threshold breaches generate governance events immediately. No waiting for quarterly board packs. No dependence on management choosing to escalate.
Telemetry flows from the operational layer directly to the governance layer. Management cannot edit, delay, or suppress governance signals. The architecture makes filtering structurally impossible.
Every governance event is permanently recorded — who decided, what was decided, on what basis, what resulted. Answers the ASIC v Bekier three-question standard automatically, regardless of how much time has passed.
The board defines governance thresholds. When operational reality breaches a threshold, the board is notified immediately — not at the next scheduled meeting, not if management decides to escalate, but automatically.
The analogy
Consider aviation. Pilots do not rely on ground crew to periodically report aircraft status. Telemetry streams continuously from the aircraft's systems to the cockpit. Engine temperature, altitude, fuel levels, and structural stress are all visible in real time. The pilot does not ask a middle manager whether the engine is working — the instrument panel shows it directly. Governance telemetry does the same for institutional oversight: it gives the board an instrument panel that is architecturally independent of the people being governed.
This is not about removing management from governance. Management still operates the organisation, makes operational decisions, and provides strategic context. But the board no longer depends exclusively on management for its understanding of operational reality. Telemetry provides an independent channel — a second signal source that the board can use to verify, question, and contextualise management reporting. The management filter still exists. It just no longer has a monopoly on the board's information.
Information asymmetry is not someone else's problem. It is your personal liability. Under s180, you must take reasonable steps to be informed. If the information architecture of your organisation guarantees that you cannot be informed — because every signal is filtered through the people you are supposed to oversee — you have not taken reasonable steps. You have accepted a structural impediment to your duty of care. The question is not whether you read the board pack. It is whether reading the board pack was sufficient.
The liability surface is structural, not behavioural. Better board papers, more detailed management reports, and additional committee meetings do not solve information asymmetry — they provide more filtered information through the same filtered channel. The legal risk is not that directors are poorly briefed. It is that the briefing architecture is incapable of providing unfiltered visibility. When governance telemetry becomes standard practice, organisations that rely solely on management-mediated reporting will face a higher burden of proof on the reasonable steps test.
Governance telemetry is not an adversarial tool. It protects management as much as it protects the board. When the board has direct visibility into operational reality, management is no longer the sole bearer of bad news. Escalation happens through the architecture, not through a difficult conversation with the CEO. Management that operates within a telemetry framework can demonstrate its decisions were informed, constrained, and traceable — which is the strongest possible defence if things go wrong.
Information asymmetry is the mechanism through which governance failures compound. CBA, Crown, AMP — in every major governance scandal, the board claimed it was not informed. The management filter is the structural explanation for why boards are not informed. Until regulators require governance architectures that bypass management filters, directors will continue to govern organisations they cannot see. The technology exists. The question is whether regulatory expectations will evolve to require it.
Information asymmetry
The structural gap between what the organisation knows in real time and what the board knows when it meets. Not a failure of individual directors — a feature of hierarchical organisations where each management layer filters information before passing it upward.
The 90-day gap
The observation that most boards operate with information 30-90 days old. Quarterly board packs are prepared weeks before meetings, based on data collected weeks before that. By the time a director reads a board paper, the reality it describes may have changed substantially.
Management filter
The progressive loss of information fidelity as data moves up through management layers. Each tier summarises, aggregates, softens, and reframes — not always deliberately, but always consequentially. The board receives a derivative of a derivative.
Governance telemetry
The continuous, real-time flow of structured governance data from operations to the board, bypassing management filters. The governance equivalent of flight telemetry: the board sees what is happening, not what management chooses to report happened.
Reasonable steps
The legal standard under s180 of the Corporations Act. Directors must take reasonable steps to be informed about material matters. In the age of real-time data, relying on quarterly board packs filtered through multiple management layers may no longer satisfy this test.
The case that established three questions every board must answer about material decisions
How the duty of care extends to AI governance — and why most boards have zero visibility
What happens when decision authority exceeds organisational capacity to govern those decisions
How board decisions degrade as they travel down through implementation layers