How Boards can Oversee AI Implementation

To perform their duties responsibly, boards must function as Humans + AI. Adopting new working structures and evolved governance structures incorporating AI can lead to substantial performance improvement. Much of my current work with boards is on strategic framing for AI and in AI-augmented decision-making, but there is considerably more potential. A very nice HBR piece brings real-world insights to bear. The first finding was that directors and chairs largely failed to recognize the value and potential of AI in their work. However still many boards and directors are using AI in useful ways. MEETING PREPARATION Directors who use LLMs reported significantly improved understanding of agenda items and reduced workload. One director across five Danish boards uses AI to structure presentations and run simulations; another in Switzerland uses it to refine board discussion questions from the board book. SCENARIO PLANNING GenAI, used well, can be an excellent tool for rapid scenario planning. One board in Austria used an LLM to analyze geopolitical risk in an acquisition proposal. This led to it rejecting the deal, and resulted in management attaching scenario analyses to future proposals. ADDITIONAL PERSPECTIVES Boards in Finland and the Netherlands used AI to test their own strategic conclusions, finding significant overlap between AI-generated insights and their human decisions. This boosted both their confidence in the decisions and their trust in AI’s utility, particularly for validating or challenging complex judgments. IMPROVING BOARD DYNAMICS AI can offer real-time feedback on boardroom dynamics. For example, a Swiss industrial company uses AI to analyze speaking time, tone, and engagement during meetings, creating recommendations for better group engagement. The article addresses potential risks: 🔐 Information leaks. These stem not from AI itself but from poor data governance, which can be mitigated with proper access controls and security training. ⚖️ Sample bias. Regular audits and user awareness are key to avoiding flawed, discriminatory, or incomplete insights. 🧭 Anchoring in the past. AI can be overly reliant on historical data. Scenario simulations and reasoning models can help boards anticipate and adapt to future shifts. And concludes with recommendations on learning to use AI well: 1️⃣ Create engagement. Chairs should start with one-on-one conversations to assess AI literacy and follow up with tailored training to build confidence and interest. 2️⃣ Practice collective experimentation. Boards should test AI tools together in low-stakes settings, debrief their experiences, and gradually integrate AI into governance processes. 3️⃣ Maintain momentum. Chairs must lead by example, celebrate AI use regardless of outcomes, and embed AI progress into board evaluations. I am currently working on a 'GenAI in the Boardroom' mini-report that I will be sharing soon, addressing these and a range of other issues and possibilities.

AI in the Boardroom: What Charity Trustees Need to Do Now 🚨 Too many boards are sleepwalking into the risks, while missing the opportunities. I've just finished reading the new Institute of Directors (IoD)’s 'AI Governance in the Boardroom report' and it makes one thing clear: trustees can’t delegate this. AI is a board-level issue. Here are the key takeaways from the report every charity board should act on: 🧠 Stay Curious. Stay Learning. Boards don’t need to be technical experts, but they must understand enough to ask the right questions. Build a culture of digital curiosity at board level. ⚖️ AI = Risk AND Opportunity. Don’t just see AI as a shiny tool to save time. Trustees must weigh efficiency gains against bias, privacy, reputational harm, and compliance risks. ❓ Governance Starts with Questions. Who owns AI in your organisation? How is data being used? What safeguards are in place? Boards need simple checklists and regular oversight, not a one-off discussion. 📜 Know the Law. Regulation is tightening. - The EU AI Act is rolling out, with obligations on transparency, risk classification, and human oversight. - The UK is moving towards sector-led regulation, but trustees are still on the hook for data misuse under GDPR and the ICO’s guidance. - Trustees should be clear: ignorance won’t protect your charity from fines, reputational damage or, worst of all, harm to beneficiaries. 🎯 Impact Before Hype. Does this AI tool align with our mission, or is it just a gimmick? Focus on how tech helps people - service users, staff, and volunteers. 🛡️ Build Oversight Structures. Some boards are creating AI subcommittees or ethics groups. At the very least, AI should be a standing agenda item. Oversight isn’t optional anymore. 🔐 Data is Everything. AI governance is data governance. If your board isn’t confident on data protection, cybersecurity, and safeguarding sensitive information, that’s the place to start. The report is blunt: AI governance is now a fiduciary duty. Trustees don’t get a free pass. ✅ If you sit on a charity board, make AI part of your next meeting agenda. ✅ If you’re a Digital Trustee, help your board translate principles into practice. ✅ If you’re a CEO, empower your trustees to ask the hard questions. This is about safeguarding the people we serve, and making sure technology works for charities, not against them. 👉 If you need to find an AI, data or cyber expert for your board check out the funded Digital Trustees programme from Third Sector Lab. 👏 Thanks to all the authors of the report, including: Michael Ambjorn Phil Clare Paul Corcoran Pauline Norstrom LLB (Hons) FRSA FIoD FBCS Niran Olarinde Institute of Directors (IOD), India Institute of Directors (IoD) ❓What's your simple advice for boards looking to start their AI conversation?

7 questions every board should ask before claiming AI readiness. Spoiler: It’s not “Do we have the tech?” Most AI failures aren’t technical. They’re cultural, political, and invisible. Boards have to lead the change, not the tools. 1️⃣ Is our culture ready for AI-scale change? About 70% of transformations stall or underdeliver. AI is even more fragile without cultural readiness. If the middle stalls, strategy dies before delivery. Fund the change, not just the tools and pilots. Reward behaviors that ship AI, not status reports. 2️⃣ Do employees trust our AI intentions? Up to 60% of employees distrust internal AI plans. Fears: layoffs, surveillance, biased decisions, errors. Distrust drains adoption, output, and brand goodwill. Give clear intent, guardrails, and shared upside. Let teams co-design workflows before rollout. 3️⃣ Can we prove our AI data is secure? 78% of breaches trace to weak controls and handling. GDPR and the EU AI Act raise the price of failure. Fines can reach 7% of global turnover. And headlines. Prove lawful data use, retention, and vendor paths. Be audit-ready before the first use case ships. 4️⃣ Will our AI use stand up to ethics tests? 56% of customers walk over perceived unethical AI. Ethics is a market signal, not a press release. Bias and opacity create legal and trust exposure. Build red lines, testing, and escalation paths. Hold the line when targets tempt shortcuts. 5️⃣ Who owns an AI mistake when it happens? Who signs their name to AI decisions that go wrong? Personal liability is moving toward executives. ‘The vendor did it’ will not survive scrutiny. Name owners, forums, and incident playbooks. Run failure drills before the real incident. 6️⃣ Can we explain any AI decision clearly? Explainability is now an investor and regulatory ask. Boards must defend a hard AI call in plain words. If you can’t explain it, you can’t defend it. Log decisions, data, and model versions by default. Practice the briefing before you need the briefing. 7️⃣ Do we control AI risk in our supply chain? About 65% of AI risk rides on third parties. Opaque models and weak clauses become your liability. Audit the stack: data, models, and human review. Contract for transparency, testing, and remedies. Replace vendors who won’t meet your standard. AI readiness is not a project. It’s a habit. Governance is a daily practice, not a deck. Lead before regulators and headlines do. Is your firm AI-ready?

𝐓𝐡𝐞 𝐦𝐨𝐬𝐭 𝐞𝐱𝐩𝐞𝐧𝐬𝐢𝐯𝐞 𝐛𝐥𝐢𝐧𝐝 𝐬𝐩𝐨𝐭 𝐢𝐧 𝐭𝐨𝐝𝐚𝐲’𝐬 𝐛𝐨𝐚𝐫𝐝𝐫𝐨𝐨𝐦𝐬? Not cyber. Not ESG. 👉 It’s AI illiteracy. Boards spent the last decade learning that cybersecurity isn’t just an IT problem - it’s a governance issue. Now the same shift is happening with AI. Here’s what AI-literate directors now ask: 1️⃣ Where are AI tools being used (officially and unofficially)? Who owns them? 2️⃣ Does this system fall into the EU AI Act’s ‘high-risk’ category - and if so, who’s liable if it fails? 3️⃣ What metrics matter? (e.g., accuracy drift, bias test results, override rates, model lineage, audit logs). 4️⃣ Do our contracts protect us on IP, data rights, indemnities, and audit rights? 5️⃣ What’s our incident playbook if an AI tool makes the wrong call? The piece most boards still miss: AI adoption isn’t just about policies. 𝐼𝑡’𝑠 𝑎𝑏𝑜𝑢𝑡 𝑝𝑒𝑜𝑝𝑙𝑒. You need to see how your teams are really using AI - and then make good practice easy, and bad practice hard. Practical moves for this quarter: ✅ Map AI use cases across the business (in-house + vendor). ✅ Define your “red lines” - the AI uses your business will not allow. ✅ Upgrade key contracts with specific AI clauses on IP, data, and liability. ✅ Run a tabletop exercise: simulate an AI failure and test your response. ✅ Build literacy with one dedicated AI board briefing per quarter. ✅ Ask the ROI question: how can we maximise real value from AI (not just experiments)? 💡 If AI misfires, the headlines won’t name the algorithm. They’ll name the board. AI literacy is the new fiduciary hygiene. 👉 Directors know they need to catch up fast. 👉 AI experts - how can directors get AI literate? 𝐃𝐫𝐨𝐩 𝐲𝐨𝐮𝐫 𝐛𝐞𝐬𝐭 𝐭𝐢𝐩𝐬, 𝐫𝐞𝐬𝐨𝐮𝐫𝐜𝐞𝐬, 𝐰𝐞𝐛𝐢𝐧𝐚𝐫𝐬, 𝐞𝐯𝐞𝐧𝐭𝐬 𝐚𝐧𝐝 𝐩𝐞𝐨𝐩𝐥𝐞 𝐭𝐨 𝐟𝐨𝐥𝐥𝐨𝐰 𝐢𝐧 𝐭𝐡𝐞 𝐜𝐨𝐦𝐦𝐞𝐧𝐭𝐬 𝐛𝐞𝐥𝐨𝐰 ���️ #BoardGovernance #AILiteracy #RiskManagement #EUAIAct #CorporateStrategy

AI is being deployed bottom-up and governed top-down. This mismatch is a structural risk. The latest data from McKinsey & Company makes the gap unambiguous: 🔹 88% of organisations use AI in at least one function 🔹 66% of directors report “limited to no” AI experience 🔹 1 in 3 boards still do not discuss AI at all 🔹 AI oversight tripled in 1 year: from 16% to 50% across Fortune 100, but EU boards are lagging. The bottom-up reality Across EMEA, AI is already embedded, often invisibly: ▫️ 70%+ of employees report GenAI use ▫️ 58% admit entering sensitive or confidential data ▫️ 91% of mid-size firms have no monitoring of AI use ➡️ Enterprise infrastructure deployed without governance. Like cloud 10 years ago, it arrives through: 🔹 vendor defaults 🔹 micro-workflows 🔹 plug-ins 🔹 shadow tools Unlike cloud, AI learns, drifts, and evolves. Oversight must be continuous. The top-down illusion Boards believe AI is a corporate strategic initiative. In reality, it’s an operational system they're already accountable for. Across EU: ▫️ Only 33–40% of large firms assign AI oversight to a committee ▫️ Only 12% of UK boards mention AI oversight in disclosures ▫️ Less than 15% of boards globally receive AI metrics ▫️ Only 36% of directors globally feel prepared for AI ➡️ The EU AI Act does not name boards explicitly, but its accountability, risk, and documentation requirements necessitate board-level engagement. The governance gap is widening precisely as regulatory scrutiny intensifies. When bottom-up deployment meets top-down blind spots Same organisation. Different speeds and realities. A recipe for reputational, regulatory, and operational failure. U.S. cases show the pattern: 1️⃣ Enterprise-scale financial risk Zillow relied on an unvalidated pricing algorithm resulting in an $881M loss. An ungoverned model created enterprise-level exposure. 2️⃣ Bias at scale Amazon discarded its AI recruiting tool after discovering it systematically downgraded women’s CVs. 3️⃣ Safety-critical failures and legal exposure Tesla’s Autopilot lawsuits show how insufficient oversight of AI in safety-critical systems can escalate into regulatory scrutiny and major liability. ➡️ These were not technology, but governance failures. The same happened in the early days of cybersecurity, when boards underestimated the scale and speed of digital risk. If you are chairing or sitting on a board, a must do for 2026: 1️⃣ Build AI fluency to challenge, question, and govern 2️⃣ Request an enterprise-wide AI inventory 3️⃣ Define your AI posture and strategic boundaries 4️⃣ Assign oversight to a committee with clear duties + escalation triggers 5️⃣ Require a monthly dashboard: models, risks, incidents, mitigations 6️⃣ Ensure AI risk sits inside enterprise risk management This governance gap is showing up in every boardroom conversation we’re having at StratEdge. Our first task: help boards govern the AI already in use. #AI #AIGovernance #Boardroom #GenAI #RiskManagement

Your board is worried about the wrong AI. While directors debate AGI ethics and philosophical guardrails, your finance team just fed Q4 projections into an AI tool no one vetted. Your developers are shipping code assisted by models they can't explain. Your marketing team is using three different content generators—none approved by IT. The governance gap I see is operational. Two conversations are happening, often with little overlap: → Boardroom: "What's our long-term AI strategy?" → Slack channels: "Which AI tool gets this done fastest?" The disconnect here is dangerous. Teams aren't waiting for enterprise AI policies. They're in a productivity arms race, adopting tools like Fireflies for notes, Jasper for copy, Claude Code for dev. Each one: a new black box. Each one: potential IP leakage, hallucinated outputs, security exposure. The real risks boards should ask about: → Show me every AI tool in use across this organization (you can't govern what you can't see) → What's our process for vetting new AI tools before deployment? → How do we verify AI outputs before they drive decisions? → Who owns the audit trail when AI gets it wrong? AI fluency for boards isn't optional anymore. It's not about understanding neural networks—it's about asking the right operational questions: What data are we feeding these tools? What happens to our IP in their training sets? How do we catch hallucinations before they become forecasts? What's the human verification layer? The AI revolution happening in your company already. And the biggest AI risk is the dozen unvetted tools deployed last Tuesday.

This is the framework I used to present AI risk and governance model. Most AI governance conversations go sideways fast. They get too technical, too abstract, and too disconnected from what the CEO and board actually care about: 𝘄𝗵𝗮𝘁 𝗰𝗼𝘂𝗹𝗱 𝗴𝗼 𝘄𝗿𝗼𝗻𝗴, 𝗮𝗻𝗱 𝗵𝗼𝘄 𝗮𝗿𝗲 𝘄𝗲 𝗺𝗮𝗻𝗮𝗴𝗶𝗻𝗴 𝗶𝘁? You don’t want to walk into a board meeting with a 40-slide deck on AI ethics, model explainability, and regulatory compliance. And lose the audience by slide 5. So I used this approach around what CEOs and boards actually need to see: 𝗧𝗵𝗲 𝟯-𝗣𝗵𝗮𝘀𝗲 𝗔𝗜 𝗚𝗼𝘃𝗲𝗿𝗻𝗮𝗻𝗰𝗲 𝗥𝗼𝗮𝗱𝗺𝗮𝗽 🔶 𝗣𝗵𝗮𝘀𝗲 𝟭: 𝗚𝗲𝘁 𝘁𝗵𝗲 𝗵𝗼𝘂𝘀𝗲 𝗶𝗻 𝗼𝗿𝗱𝗲𝗿 Build the governance foundation. Know what AI you have, every model, every use case, every vendor. Create a consistent way to assess risk before projects go live. Owners: CTO, Legal, Data. 🔶 𝗣𝗵𝗮𝘀𝗲 𝟮: 𝗕𝗮𝗸𝗲 𝗶𝘁 𝗶𝗻𝘁𝗼 𝗵𝗼𝘄 𝘆𝗼𝘂 𝘄𝗼𝗿𝗸 Make governance part of the development and procurement process, not a separate checklist. Form a review board for high-risk use cases. Train the organization. Owners: HR, Procurement, Security, IT. 🔶 𝗣𝗵𝗮𝘀𝗲 𝟯: 𝗠𝗼𝗻𝗶𝘁𝗼𝗿 𝗮𝗻𝗱 𝗮𝗱𝗮𝗽𝘁 Automate the monitoring, model drift, bias, performance degradation. Run regular audits. Build a feedback loop so policies improve over time. Owners: CTO, Data. 𝗧𝗵𝗲 𝟴 𝗔𝗿𝗲𝗮𝘀 𝗪𝗲 𝗧𝗿𝗮𝗰𝗸𝗲𝗱 For each phase, we measured maturity across 8 areas: ▪️ Policies & ethical guidelines ▪️ AI inventory (what do we actually have?) ▪️ Risk assessment process ▪️ Data quality & privacy ▪️ Model lifecycle ▪️ Human oversight for high-stakes outputs ▪️ Security & guardrails ▪️ Regulatory readiness Each area had a current state, target state, and a name next to it. No ambiguity about who owned what. 𝗪𝗵𝘆 𝘁𝗵𝗶𝘀 𝘄𝗼𝗿𝗸𝗲𝗱: The board didn't need to understand prompt injection or model explainability in detail. What they needed to see was: ▪️ We knew what AI systems we had ▪️ We had assessed the risks ▪️ We had a phased plan with clear owners ▪️ We were tracking progress against defined milestones This approach makes the difference between a governance conversation that builds confidence and one that leaves more questions than answers. If you're presenting AI risk to senior management or board, start with the roadmap. Add the technical depth only when asked. What's been your experience presenting AI governance to executives?

Board-level accountability in AI decisions isn’t about understanding the technology. It’s about owning the outcome. Most boards are asking: “Are we using AI?” “Which tools should we invest in?” Wrong questions. The real question is: “What measurable business outcome is this AI decision accountable for?” Because at board level, AI is no longer experimentation. It’s capital allocation. And capital allocation without accountability is risk. Here’s what I see across companies: → AI decisions are delegated too far down → Success is defined as “implementation,” not impact → No single owner is accountable for results So AI becomes activity… not performance. At the board level, this needs to change. A simple shift I push with leadership teams: Tie every AI initiative to a commercial metric Revenue, margin, cost efficiency, not “adoption” Assign one accountable owner (not a committee) Accountability doesn’t scale across 10 people Define a 90-day outcome window If it doesn’t move the needle, it’s noise Review AI like any other investment Keep, fix, or kill—based on results Because AI is not a strategy. It’s an execution lever. And the board’s job is not to approve AI. It’s to ensure it performs. If your AI initiatives were reviewed like investments: How many would survive the next board meeting? Follow Bob Young for practical AI and growth insights.

You can’t govern what you can’t see. Most companies can’t see AI. It's a liability sitting in your org chart disguised as productivity tools. You review financial controls. You review cyber risk. You review legal exposure. But AI? It’s spreading through your company with no single owner. Here are your bitter pills to swallow for AI governance, and what smart executives actually do about them: 1. Your board will ask about AI risk soon (or has already) → Better to have answers ready than scramble when the questions come. ✅ Add "AI tools and risks" to your quarterly board materials. Even if it's just a one-page summary. 2. Your team is already using AI tools you don't know about → Shadow AI means blind spots in risk, data exposure, and compliance gaps. ✅ Ask each department head this week: "Show me every AI tool your team uses and what company data goes into it." 3. You can't govern what you can't see → Most mid-market companies have zero visibility into AI tools across departments. ✅ Next leadership meeting, assign someone to audit AI usage. One spreadsheet. Every department. Due in 30 days. 4. No one owns AI decisions until something breaks → Everyone wants to use AI tools, but no one wants accountability when data leaks or outputs go wrong. ✅ Assign clear ownership. Ask: "If this AI tool creates a compliance issue or customer problem, who's responsible?" Get a name. This is where executive teams fail most ⤵️ 5. Writing an AI policy doesn't mean anyone will follow it → Most policies sit in shared drives while employees keep using whatever works fastest. ✅ Don't just write policy. Schedule 30-minute training sessions per department. Make it conversational, not compliance theater. 6. AI governance isn't a technology problem → It's a business process problem. The tools work fine. Your workflows and decision rights are the gap. ✅ Before buying AI governance platforms, map your approval process: Who decides? Who reviews? Who says no? Fix that first. 7. AI governance doesn't require perfection → It requires knowing what's happening and having someone accountable. ✅ Simple rule starting Monday: No new AI tools without department head sign-off and a five-minute risk conversation. 8. AI governance isn't a one-time project → You can't audit once, check a box, and move on. New tools appear weekly. ✅ Treat it like financial controls. Monthly or quarterly reviews. Assign someone to own the ongoing process, not just the kickoff. The smartest executives aren't AI experts. They just ask the right questions before problems find them. 🔁 Forward this to your tech leadership team before your next exec meeting. If no one can answer these eight points clearly, you don’t have governance. You have hope. Hope is not a framework, hope does not reduce risk. 📲 Follow Wil Klusovsky for practical guidance built for business leaders

AI governance just moved from policy to practice. The U.S. Department of Health and Human Services released a detailed AI strategy that embeds governance into operations: formal oversight structures, AI inventories, independent review, pre-deployment testing, and continuous monitoring aligned with NIST. That is the shift. Internal proof before external promise. For boards, this is the new standard. Not principles. Structure. This is the Triage pillar of the TRUST Framework in action. Risk-classify AI use cases with clear escalation triggers. This is the Uninterrupted Monitoring pillar of the TRUST Framework. Continuous testing for accuracy, drift, cybersecurity exposure, and stakeholder impact. This is the Supervision pillar of the TRUST Framework. Defined human authority to intervene or deactivate when necessary. Leading investors now expect board-level GenAI fluency, clear oversight mechanisms, and transparent disclosure of how AI aligns with long-term value. The opportunity is not to slow innovation. It is to build governance strong enough to move faster with confidence. Boards that operationalize AI oversight early will scale with credibility. Follow Dominique Shelton Leipzig for more insights on leading AI with TRUST.