01
Can you articulate your board's cyber risk appetite in plain English, right now, without referring to a document?
Director Advisory
For Directors
Personal accountability cannot be delegated. I work with individual directors, in confidence, to understand their obligations, identify their gaps, and strengthen their governance position.
Start a Confidential Conversation
Strictly confidential. Fixed fee. Delivered as a formal written report.
The Director's Dilemma
Three Questions Every Director Should Be Able to Answer
If any of these give you pause, that pause is worth addressing.
02
If a breach occurred tomorrow, could you demonstrate to ASIC that you exercised due diligence, and point to the evidence?
03
Do you know which AI tools your organisation is currently using, and who approved them?
Your Obligations
Personal Accountability, Not Just Organisational
Under the Corporations Act s180, directors owe a duty of care and diligence. ASIC has made clear that cyber risk sits within that duty. The question is not whether you are obligated. You are. The question is whether you can demonstrate that you have discharged those obligations.
Duty of Care & Diligence
Section 180 of the Corporations Act requires directors to exercise the care and diligence that a reasonable person in their position would exercise. Cyber and AI risk fall squarely within this duty.
Active Oversight, Not Passive Acceptance
Regulators expect directors to actively challenge management reporting on cyber risk, not simply receive and accept it. Passive acceptance of a green dashboard is not sufficient.
Personal Liability, Not Just Organisational
In a serious breach scenario, ASIC can pursue individual directors, not just the organisation. Your personal conduct at the board table is what comes under scrutiny.
Two Engagements for Individual Directors
Choose the Engagement That Fits Your Situation
Both engagements are confidential, fixed-fee, and delivered as formal written reports. The Director Readiness Assessment is a personal engagement: just you and me. The Masterclass is a private session for you and up to three fellow directors, built entirely around your board and sector.
Personal Assessment
Director Readiness Assessment & Personal Briefing
A formal, independent assessment of your personal governance position, across all your board appointments.
This engagement examines what you are specifically required to know and do as a director, where your current knowledge and practice fall short, and what steps will strengthen your record of oversight. It produces a written report addressed to you, not your board, and is followed by a one-on-one debrief session.
Who This Is For
person
You have never had your personal governance obligations independently assessed and want to understand exactly where you stand.
gavel
You are joining a new board, or a regulatory interaction has raised questions about your personal exposure, and you need clarity before your next meeting.
shield_person
You want a formal written record that you sought independent advice, evidence of due diligence that would be relevant in any post-incident investigation.
What You Receive
check_circle
Personal Obligation Summary: what you are specifically required to know and do, referenced to each board you sit on and the regulatory regime that applies.
check_circle
Knowledge Gap Assessment: the specific areas where your current understanding or practice falls short of what active oversight requires.
check_circle
Board-Ready Question Bank: 25–30 questions tailored to your specific boards and sectors. Use three at every board meeting to demonstrate active oversight.
check_circle
Red Flag Guide: what to look for in management reporting that signals a problem the board is not being told about directly.
check_circle
Personal 90-Day Action Plan: five specific, sequenced actions. Achievable without outside technical help.
check_circle
Director Declaration of Oversight : a signed template you retain as evidence of due diligence. In a post-incident investigation, this is your first line of defence.
check_circle
One-on-One Debrief: 90 minutes with me to walk through the report, discuss findings, and confirm your action plan.
$15,000 AUD
Fixed fee. Strictly confidential. Delivered as a formal written report.
Start a Confidential ConversationPrivate Group Session
Director Cyber & AI Masterclass (Private, Bespoke)
A private advisory session built entirely around your board, your sector, and your real governance gaps.
This is not a training course. It does not use generic case studies or off-the-shelf content. I prepare specifically for your organisation and regulatory environment, then deliver a half-day private session covering personal liability, how to read and challenge board reporting, AI governance obligations, and live crisis scenarios. Everything is tailored, with no generic content.
Who This Is For
groups
A board that wants to strengthen director capability collectively, privately, without a public training program or external facilitator who doesn't know your organisation.
fact_check
A newly constituted board or one that has recently added new directors who need to understand their obligations and sharpen their challenge capability quickly.
shield
A risk or audit committee preparing for an upcoming audit, regulatory interaction, or board review who wants to go in with their governance position clear.
What You Receive
check_circle
Session Summary Report: a written summary of the key findings from the session and their governance implications for your specific board.
check_circle
Bespoke Question Library: 30+ questions tailored to your board and sector, organised by topic, ready to use at your next board meeting.
check_circle
Director Reference Card: a concise one-page reference you can bring to every board meeting. What to ask. What to look for. What good looks like.
check_circle
Post-Session Structural Recommendations: three to five specific changes to how your board handles cyber and AI governance, based on what emerged in the session.
Andrew Roberts Advisory does not sell software, resell vendor products, or take referral fees. I have no relationship with any technology vendor or managed service provider. My only obligation is to you.
My Commitment
Why Independence Matters
verified_user
No vendor relationships. No referral arrangements. My advice serves your interests, not a product, not a platform.
lock
Every engagement is conducted under a formal NDA. What you share remains strictly between us.
person
I advise from the director's seat, not the IT department's. The framing, the language, and the output are designed for the boardroom, not the server room.
Ready to Understand Your Position?
Every engagement begins with a confidential conversation. Obligation-free and on your terms.
Start a Confidential ConversationOr email: hello@aradvice.com.au