Regulatory scrutiny is increasing. Climate and ESG expectations are rising. AI is already being used in boardrooms. Cyber risks are no longer hypothetical. And for many NFPs, reporting and compliance requirements are becoming more complex each year.

As outlined in OnBoard’s latest whitepaper, Navigating Climate, AI and Boardroom Change in Australia and New Zealand, governance in 2026 will demand greater structure, greater accountability and stronger digital foundations.

Here are six questions every NFP board should be asking right now.

1. Can we clearly evidence our oversight of climate and ESG issues?

Climate and sustainability reporting has moved firmly onto board agendas. In Australia, mandatory climate related disclosures are being phased in for eligible organisations. In New Zealand, changes to reporting thresholds and liability settings are reshaping the landscape. Even where an NFP is not directly captured by these regimes, expectations flow downstream through funders, donors, regulators and community stakeholders.

Boards are expected to demonstrate clear oversight of environmental and social impact, structured reporting processes and active engagement with risk. This means climate and ESG matters should be visible on agendas, reflected in board papers and documented in minutes. When information is scattered across inboxes or stored inconsistently, proving that oversight becomes far more difficult.

Good governance depends on both sound decision-making and the ability to evidence it when required.

2. Do we have clear guardrails for AI use at the board level?

Artificial Intelligence is no longer a future consideration. It is already part of many governance workflows. According to OnBoard’s 2025 Board Effectiveness Survey, 69 per cent of directors are using AI in some form. In NFPs, that often includes drafting or refining minutes, summarising lengthy board packs, analysing data for funding applications or assisting with policy development.

These tools can save time, but they also introduce risk. AI systems can generate errors or inaccurate outputs, meaning content must always be reviewed carefully.

For NFP boards, this raises important questions:

• Is there a clear policy on AI use?
• Are sensitive board documents being pasted into unsecured tools?
• Who is accountable for reviewing AI-generated content?

AI delivers real efficiency gains when supported by clear policies, review processes and secure systems. If AI is already part of your workflow, our AI Board Policy Checklist outlines the key governance guardrails every NFP should have in place.

3. Are we relying on email and PDFs to manage critical board information?

Many NFPs still manage board information through email chains, shared drives and manually compiled PDFs. While familiar, these processes create avoidable risk.

Fragmented information can lead to version control issues, incomplete records when regulators request documentation and oversharing of sensitive material. Directors may struggle to confirm whether they are working from the most recent board pack. Administrators often spend valuable time managing distribution lists and making last-minute changes across multiple files.

Moving to a digital system of record, a single, governed platform for agendas, board packs, minutes and decisions, reduces this risk significantly.

A secure system of record provides:

• Clear audit trails
• Role-based access controls 
• Strong authentication for directors 
• Structured retention and archiving

In an environment of increasing scrutiny, the ability to demonstrate orderly, well-managed governance processes can make a significant difference.

4. Are our cyber and privacy practices strong enough to protect board information?

Board communications are high value targets for cybercriminals. They often contain sensitive information about finances, beneficiaries, donors, staff and strategic decisions.

For NFPs, the reputational damage from a data breach can be severe. Trust is central to funding, partnerships and community support.

A practical approach to board-level cyber governance can be summarised simply: prepare, protect and prove. Preparation involves understanding your risk exposure and response plans. Protection requires strong access controls, authentication measures and secure information management. Proving governance depends on clear, audit ready records that demonstrate oversight and accountability.

These responsibilities sit squarely with the board. They are part of modern risk governance, regardless of organisational size.

5. Are we confident our governance processes would stand up to scrutiny?

It can be helpful to pause and assess where your board stands today. Consider these questions:

• Have we reviewed our ESG oversight processes?
• Are our data collection and reporting systems adequate?
• Are we up to date on regulatory requirements that affect us?
• Do we have the expertise required to manage emerging risks such as AI and cyber security?

If any of these questions give you pause, it may be time to review your board’s governance infrastructure.

Strong governance protects your mission. It supports funding applications and partnerships. It builds donor and community confidence. It reduces personal risk for directors and officers. Most importantly, it provides a stable foundation for delivering impact.

Take the Next Step

If you would like to understand how your current board processes align with emerging governance expectations, book a strategy call with our team. We will walk through your meeting lifecycle, from agenda creation to minute approval, and identify where time is lost, where risk may be hiding and how a governed digital platform could help.

Prefer to explore independently? Get started with a free trial of OnBoard and experience a secure digital system of record in action.

With 100 per cent board adoption across more than 7,000 organisations, OnBoard is trusted by governance teams that value security, clarity and efficiency. We are pleased to offer special NFP pricing to eligible not-for-profit organisations, making strong governance more accessible without compromising on capability.

Your mission matters. Make sure your governance is strong enough to support it.