The AI governance challenge: who owns AI risk in a business?

Bill Smeltzer

As organizations increasingly integrate artificial intelligence (AI) into their operations, establishing robust AI governance has become a critical priority. AI governance involves implementing policies, processes, and frameworks to ensure AI systems are ethical, transparent, and aligned with business objectives. Executive accountability plays a pivotal role in effective AI governance.

When executives take ownership of AI strategies, they drive responsible AI adoption and set the tone for ethical practices across the organization. Without strong leadership, AI initiatives risk becoming siloed, misaligned with business goals, or even exposed to ethical and compliance pitfalls. Clear accountability not only ensures that AI projects contribute to organizational success but also promotes a culture of responsibility where ethical considerations are baked into AI development and deployment.

Another cornerstone of AI governance is conducting comprehensive risk assessments. AI systems, by their nature, can introduce unique risks, including biases in data, unpredictable model behavior, and compliance challenges. A structured risk assessment process allows organizations to identify potential threats early and implement safeguards to mitigate them. This includes evaluating the accuracy, fairness, and security of AI models. Leveraging established AI governance frameworks, such as NIST’s AI Risk Management Framework or ISO/IEC 38507, can guide organizations in assessing and managing AI-related risks systematically. These frameworks offer practical tools and methodologies to assess AI systems’ reliability, transparency, and accountability, contributing to more resilient and trustworthy AI implementations.

However, one of the most significant challenges organizations face today is the lack of visibility into how employees and vendors utilize AI tools. With the proliferation of generative AI platforms and third-party AI solutions, organizations may not always have a clear view of how AI is being used in day-to-day operations. This blind spot can lead to unauthorized data sharing, compliance violations, and the introduction of unvetted AI tools into critical workflows. Effective AI governance frameworks should include policies that monitor and regulate the use of AI by employees and external partners, ensuring that all AI applications align with the company’s ethical and compliance standards. By enhancing visibility into AI use, organizations can better manage risks and fully harness the potential of AI while maintaining control over their digital ecosystem.

To learn more about Navigating the Complexities of AI Risk Ownership and Governance, join Focus for an engaging Virtual Lunch & Learn session on March 27th at 11:00am. As AI continues to integrate into various aspects of operations, companies face the challenge of identifying who should take responsibility for AI risk. This session will explore the struggle companies face in identifying ownership, the importance of risk assessments, and the implementation of AI governance frameworks. Additionally, we will discuss the lack of visibility into how employees and vendors use AI tools and the implications for businesses.

You will hear from industry experts with extensive CISO experience, including Bill Smeltzer and Stan Black from Focus Technology. Bill is known as a customer champion and an industry thought leader with active roles on several technical advisory boards. Stan has led cybersecurity, risk, and compliance initiatives at major companies such as Dell/EMC/RSA/VMware, Citrix, Nuance Communications, and Delinea, and is a trusted advisor to global boards, CxOs, and law enforcement.

Don’t miss this opportunity to gain valuable insights and practical advice on navigating AI governance. Register now to secure your spot and receive your DoorDash gift card. We look forward to seeing you there!

 Bill Smeltzer is the chief information security officer at Focus Technology.