We are willing to wager that, sometime in the last six months or in the six months to come, AI has or will become the top source of angst and opportunity for your business and your employees. Just look at the macro discussion:

• Record venture funding in AI startups
• Record valuations of AI startups
• Record time to revenue traction by AI startups
• Record investment in datacenters
• Reported AI trial failure rates between 60 and 95% 
• Persistent underemployment in tech sectors
• Announcements of future layoffs due to AI efficiency gains

While you might not be in a position to meaningfully impact the AI bubble discussion or the employment numbers, the good news is that you do have recourse and agency when it comes to unaligned projects, unplanned cost overruns and unmanaged risks associated with your company’s AI adoption.

Sponsoring an organizational investment to strengthen AI governance can provide executive leadership and the board with meaningful management and measurement of investments and risk, reduces uncertainty around AI trials, adoption and acceptable use, and at least channels employee angst into purposeful activity. 

Essential AI Governance: Immediate Steps for Success

Many rapidly growing startups and emerging mid-market companies entered the AI era without mature IT and security governance, purely as a function of where they were in their growth and maturity journeys. When these folks start feeling like AI adoption is going right or become concerned about security, it’s tempting to look at the standards and certifications. Standards like NIST AI Risk Management Framework bring a lot of value but if you find yourself without AI governance today, don’t let perfect be the enemy of the good.

As the fractional security and privacy teams for many of our clients, we have been empowered to establish basic AI governance as part of our clients’ security and privacy programs. Here are some actionable steps that can immediately help your organization navigate AI adoption more effectively:

1. Establish cross-functional AI leadership: Identify and activate stakeholders from leadership and relevant functional teams - IT, engineering, security, legal, and finance might be a good place to start depending on your organization. This team should have decision-making authority and clear accountability.
2. Get a handle on AI technology adoption and initiatives: Inventory applications with meaningful AI functionality along with their owners and uses.  Discover and catalog in-house usage and expertise as well as external stakeholders.  Identify current spending and create your organization’s de facto AI budget.
3. Identify or define your AI strategy and risk tolerance: Ideally your organization has developed an AI strategy. However, if no coherent AI strategy is in place, initiating basic governance for the sake of managing costs and protecting the company is a forcing function to conduct the analysis, discussions and debates necessary to produce a cohesive AI strategy and investment plan and to establish risk tolerances regarding AI usage and data. 
4. Define AI policy and procedure.  With AI strategy and at least a preliminary conception of risk tolerance in place, governance can become proactive. The establishment of some minimum AI project and usage observation, measurement and management enables the company to reduce uncertainty and make decisions. The weight and impact of your policy and procedure should align with your strategy and risk tolerance.

Once your organization reaches step four, standards like NIST AI RMF and the pursuit of more formal standards and certifications like ISO 42001 can be considered and adopted. However in the absence of specific business or regulatory requirements, policy and procedure need not be heavy.

Move Forward with Confidence

AI adoption doesn't have to be a leap into the unknown and AI governance does not require adoption of robust standards to get started. By implementing basic governance structures, organizations can harness AI's potential while managing associated risks effectively. The key is starting with clear leadership, defined strategies, and sufficient observation, management and measurement procedures to limit uncertainties. The AI landscape will continue evolving rapidly, but organizations with solid governance foundations will be better positioned to adapt, innovate, and realize meaningful returns on their AI investments.