Governing AI: From Paradox to Performance
AI is transforming the way organizations operate, offering the promise of greater efficiency, deeper insights, and new opportunities for innovation. Yet alongside this promise comes uncertainty. Business leaders are confronting difficult questions about data security, operational disruption, and the impact on jobs, with no easy answers.
Most companies still lack foundational elements critical for successful AI implementation, such as strong data and clear governance policies. According to Workiva’s 2025 Global Practitioner Survey, those confident in their organizations’ ability to utilize AI were more likely to have AI governance policies and were roughly twice as likely to have high-quality data and role-specific training.
Establishing Purpose-Driven Governance
Creating an effective AI governance framework must strike a balance between protecting the organization and giving employees the freedom to use AI effectively. Policies that are too restrictive can limit innovation and push employees towards risky, unregulated shadow AI tools. According to KPMG, approximately half of workers use AI tools without clear authorization, and more than four in ten admit to knowingly using them improperly at work.
Governing innovation isn’t about stopping progress; it’s about balancing speed with risk. Every step must be secure and aligned with strategic business objectives. The main purpose of establishing AI governance should be to enable it, making the secure path the easy path.
An effective governance structure relies on several critical elements. It begins with a steering group of leaders across IT, security, legal, HR, audit, and procurement, ensuring that all relevant perspectives are represented. Everyone needs clearly defined roles, shared accountability, and leadership aligned on priorities. This cross-functional group is essential to ensure that governance facilitates the effective use of tools.
Building on a Foundation of Trusted Data
A strong AI strategy is fundamentally linked to a strong data strategy, as AI is only as good as the data it relies on. If data is random, governed poorly, or sitting in silos, taking action on it will just give organizations a faster way to be wrong. The old principle of “garbage in, garbage out” still holds, regardless of how advanced the models become.
Organizations that overlook this risk will likely find that AI adoption exposes existing weaknesses in their data, from gaps in completeness to general inconsistencies. By investing in dedicated data stewardship and gaining a deep understanding of data origin, flow, and usage, organizations can strengthen AI outcomes and improve overall business functions. Data quality initiatives have to be foundational, not just supportive, for AI success.
Data security is equally important. While AI can accelerate business operations, it also amplifies potential vulnerabilities. Companies need to evaluate how data is handled by both internal systems and how their external vendors are managing their data. Key questions include whether data will leave the platform, if it is used to train external or vendor models, and if it can be fully deleted when needed. The answers will impact regulatory compliance, risk, and operational resilience.
Embedding AI capabilities into core operational platforms offers significant advantages. By keeping data within a secure environment, organizations maintain auditability and traceability, essential for finance, governance, risk, and compliance (GRC) functions.
Driving Measurable ROI
Organizations must shift their focus beyond simply adopting the latest technology. Rather than asking which AI tool is needed, business leaders should start by looking at the problems they are trying to solve and the outcomes they want to achieve. Often, problems can be solved with better processes or existing automation without requiring brand-new AI solutions.
Instead of rushing to adopt the latest technology, the first step is to conduct a strategic audit of current operations and pain points. This requires a thoughtful and pragmatic approach grounded in clear business outcomes. Organizations should look for solutions that are either purpose-built AI for highly specific, high-value tasks or tools that enable collaboration by connecting different teams and breaking down data silos.
By prioritizing existing platforms with embedded AI, organizations can build on a foundation that aligns with their core priorities. This enables organizations to drive efficiency through user familiarity and maintain rigorous security standards already vetted by the organization. This approach is also often more cost-effective and utilizes built-in domain expertise, ensuring the AI understands specific regulatory or governance frameworks from the start.
Ultimately, this integration helps prevent an inefficient collection of isolated, single-point solutions and ensures the AI strategy is aligned with the broader technology ecosystem and strategic goals.
Measuring success also requires setting realistic expectations for ROI. Leaders should begin by formulating a value hypothesis for the use case they are testing, define how they will assess that hypothesis, and measure the value. The initial focus should be on incremental wins, such as productivity gains, time savings, and freeing up employees for higher-value activities. Clear metrics should be defined based on the specific use case, like the number of hours saved or the time it takes to complete a process.
Because the landscape changes rapidly, organizations must be prepared to pivot and adapt to new technologies as they become available and prove their value. The final step is to pilot, measure, validate, and scale successful initiatives. If the expected value is realized, they can then build out their deployment at scale.
Bridging the Gap
The strategic benefit of AI is generating better, faster insights for business decisions. The future of efficiency lies in role-specific AI built into platforms employees already trust. This is about unleashing talent for analysis, not replacing them.
The change management and reskilling required across every company may be underestimated. Change management is crucial for navigating the tension between the fear of obsolescence and the opportunity to leverage new tools. Organizations have to clearly communicate why AI is being adopted and how it will support both business goals and employees’ work.
Investing in AI literacy is also essential. Employees should start with a solid baseline understanding of AI, which can then be built upon with role-specific or advanced training, such as prompt engineering or using specialized AI tools. Alongside these technical skills, critical thinking, data analysis, and the ability to evaluate AI outputs are becoming increasingly important as models become more sophisticated. Throughout all AI processes, human judgment remains essential to ensure the technology is used reliably, responsibly, and ethically.
A pragmatic, enablement-focused AI strategy that is built on trusted data and oriented toward clear outcomes is the key to turning AI potential into real, sustainable value. Organizations should start this journey now, even with small, incremental steps. Early action creates learning opportunities, builds momentum, and positions teams to maximize the benefits of AI as the technology evolves, without being left behind.
