#United States #Los Angeles #AI Governance #risk management #AuditBoard

New Research on AI Governance Implementation

A recent study conducted by AuditBoard has highlighted a troubling trend in the adoption of artificial intelligence (AI) governance among organizations. Although many companies are actively incorporating AI into their operations, an alarming only 25% have established a fully implemented governance program. This lack of robust governance structures can leave companies exposed to significant risks as they navigate the rapidly evolving landscape of AI technology.

Key Findings of the Research

The report, titled From Blueprint to Reality: Execute Effective AI Governance in a Volatile Landscape, shows that while a large number of organizations have created policies regarding AI usage, these policies are often not woven into the daily workings of the business. In fact, many companies are still struggling to turn these documented policies into practical, actionable governance measures.

AuditBoard, in partnership with Panterra Research, surveyed over 400 professionals from the governance, risk, and compliance (GRC) and audit sectors across countries like the United States, Canada, Germany, and the United Kingdom. The results highlight critical insights regarding the challenges these organizations face in embedding effective AI governance.

One of the most concerning findings is the gap between confidence and action among firms. While 92% of respondents expressed confidence in their understanding of third-party AI systems used in their organizations, only about two-thirds reported having conducted formal risk assessments specifically related to AI. This oversight suggests that companies may be relying on external AI solutions without fully comprehending the potential risks they might carry. Such overconfidence can lead to complacency, hindering proactive measure development such as comprehensive audits and internal education on AI usage risks.

Additionally, 86% of those surveyed acknowledged an awareness of existing and forthcoming AI regulations. However, this awareness does not translate to effective governance practices—only a quarter of respondents indicated that their organization has fully implemented an AI governance program.

Cultural Barriers to Effective AI Governance

The main hurdles to implementing effective AI governance appear to stem more from cultural challenges than technical ones. In the survey responses, 44% cited a lack of clear ownership as the primary obstacle to proper governance, while 39% pointed to insufficient internal expertise. Moreover, 34% mentioned that resource constraints impede effective AI governance measures. Only a small fraction of respondents (less than 15%) considered the absence of necessary tools to be a significant issue.

These findings indicate that while policies provide a framework for what should happen, it is the organizational culture and structure that ultimately determine whether those policies are effectively executed. As Michael Rasmussen, CEO of GRC Report, states, "This report validates the critical need for a more integrated, operational approach to AI risk."

The research underscores that merely drafting policies is insufficient without a dedicated effort to ensure they are integrated into organizational processes and practices. Recognizing the importance of governance as a fundamental capability rather than a mere regulatory checkbox is key to managing risk effectively in an AI-dominated landscape.

Moving Forward: Striving for Enhanced AI Governance

Rich Marcus, Chief Information Security Officer at AuditBoard, emphasizes that the challenges surrounding AI governance today revolve around clarity, ownership, and alignment within organizations. He points out that organizations willing to establish governance as a core competency will be better equipped to manage risks, foster trust, and adapt to an ever-changing regulatory environment.

In light of these findings, AuditBoard commended a selection of Chief Information Security Officers who exemplify strong AI governance practices. This recognition aims to encourage security professionals who are proactively addressing AI risks to create robust governance structures within their companies.

Ultimately, organizations must not only recognize the significance of embedding AI governance into their operational frameworks but also take meaningful steps toward this goal. The full report provides guidance on strategically integrating AI policies into a company’s infrastructure for those looking to bolster their governance capabilities in the age of AI.

For further insights and strategic recommendations, visit AuditBoard's full report [here]().