Businesses, Beware AI Governance Theater
AI-infused tools are proliferating across the enterprise, with AI assistants writing code and answering customer questions. Business intelligence applications are mining vast troves of data for strategic insights, and emerging AI agents are beginning to make decisions autonomously.
Amid these innovations, enterprises are rightly turning their attention to AI governance – the processes, standards, and guardrails that help ensure AI systems are safe and ethical.
AI governance allows businesses to monitor AI systems for performance, latency, and security issues. It helps mitigate serious AI risks like bias, drift, and hallucinations. It also helps businesses remain compliant at a time when AI regulations and standards are growing in number, complexity, and severity. Compliance violations with regulations, such as the EU AI Act, can invite fines of up to seven percent of annual turnover. In short, AI governance allows businesses to scale and innovate with AI responsibly.
Despite the urgent need for AI governance, actual investments often do not match investments in the AI technology itself. In a recent survey, just 21% of executives stated that their organization’s AI governance efforts are systemic or innovative. Meanwhile, only 29% of Chief Risk Officers (CROs) and Chief Financial Officers (CFOs) said they are sufficiently addressing AI regulatory and compliance risks.
This dissonance can be termed AI governance theater, and it has serious consequences.
Informal Governance
Many organizations take an informal approach to AI governance. In lieu of detailed policies and tangible technology, businesses often create high-level charters citing values and principles but provide little detail on how to operationalize them. Some companies convene ethical review boards or committees but fail to equip them with mechanisms to take action.
While outlining core values like fairness and explainability is an important first step, it is not the end result. Businesses must transform those values into action, implementing, enforcing, and measuring them. For example, organizations need technology to determine whether AI is generating relevant, faithful answers. They require tools that can automatically restrict AI outputs that are hateful or profane and can identify the root causes of such issues.
Informal AI governance fails to apply responsible AI adoption best practices consistently across the enterprise, resulting in a culture of inadequate AI adoption. This creates risks, as inadequately governed AI systems can make incorrect and unfair decisions, harming both businesses and customers.
Ad Hoc Governance
Some organizations adopt an ad hoc approach to AI governance. While they may have policies and tools, these are deployed inconsistently and reactively, lacking a larger strategy. Ad hoc governance often means applying policies to only select AI use cases, using a siloed approach. A small group of staff typically crafts the AI governance strategy rather than involving a diverse range of stakeholders who can provide unique perspectives.
Technical staff are often left juggling a fragmented and incomplete set of tools, resulting in manual and as-needed tracking of AI performance rather than an automated and perpetual process. This inconsistency leads to human error, wasted time, and missed opportunities.
Ad hoc approaches also heighten vulnerability to shadow AI, which refers to unsanctioned AI systems that can operate within an enterprise, increasing the likelihood of compliance violations.
The Right Approach: Formal Governance
A formal AI governance approach combines a comprehensive framework enforced by automated workflows to propagate best practices across the enterprise. This approach is further strengthened by regular, automated monitoring and enforcement.
Businesses need to connect their high-level goals with tools that excel at AI risk and compliance assessments and integrate AI governance with related domains, such as AI security.
A formal governance strategy employs a multistakeholder approach, involving various disciplines such as legal, engineering, security, risk management, compliance, IT, data privacy, and HR. All members of an organization, from executives to interns, should be trained in AI governance: understanding what tools to use, when to use them, and how to escalate potential issues.
Formal governance accelerates rather than impedes AI innovation. It enables businesses to scale AI responsibly while equipping developers with rich insights into how their AI systems behave and why.
AI is becoming increasingly pervasive and powerful within enterprises. According to predictions, by 2028, AI agents will be responsible for making 15% of businesses’ day-to-day decisions. This means that without proper governance, a significant portion of business decisions could entail unnecessary risk.
More than ever, businesses must move away from AI governance theater and towards genuine governance practices.
