Here’s something most executives responsible for risk assessment won’t say out loud: when it comes to governance, the instinct to treat AI like every other emerging technology — observe, assess, and move cautiously— is one of the most dangerous things we can do.
I say this as someone who has used risk as a lens rather than a leash in my nearly three decades helping leaders make high-stakes operational decisions. And I am telling you: in the context of AI, waiting for perfect information before building a governance structure is not caution. It’s abdication.
The technology isn’t waiting for your committee to complete its assessment. Nor are your competitors or the regulatory landscape. Every quarter you spend “evaluating the space” is a quarter your organization falls further behind — not just technologically, but structurally.
Because the companies that will win the AI era aren’t necessarily the ones with the best models. They’re the ones that built the governance muscle early enough to deploy AI with confidence, speed, and accountability.
The Meeting You Keep Postponing Is the One That Matters Most #
Here’s what I see happening inside even the most sophisticated organizations: AI is happening, widely, quietly, and well ahead of any governance structure. Employees are running customer data through consumer tools. Engineers are deploying models no one in legal has reviewed. Procurement is signing SaaS contracts with AI embedded in the fine print. This isn’t theoretical risk; it’s real-life, real-time risk, and it’s in your company whether you’ve sanctioned it or not.
The question is whether anyone is in charge of it — and whether you can walk into a board meeting and honestly say who that is.
That’s why convening an AI Governance Committee isn’t a nice-to-have initiative for next fiscal year; it’s an urgent structural necessity. Not a taskforce. Not a working group buried three levels below the CISO. It’s a senior, cross-functional body with real authority, real accountability, and a mandate to bring a living, evolving framework to the board in a regular cadence.
This isn’t a committee you delegate. It’s one you convene. The right seats at the table are the Chief AI Officer (if you have one), the CISO, Chief Compliance Officer, Chief Privacy Officer, Chief Audit Executive, and any other operational leaders who understand what it looks like when AI actually touches the business. Not just the people who measure risk, but the people who understand what’s at stake if you get it wrong – and what’s possible if you get it right.
Stop Waiting for the Perfect Framework and Build an Adaptive One #
I understand the impulse to wait for some decent use cases before pushing forward on governance. But that is exactly the environment where having a governance structure matters most. And it’s precisely what your board needs to see; not a finished product, but evidence that someone is driving. You don’t need a perfect framework. You need an adaptive one, designed specifically to evolve, and one you can present to the board today, refine next quarter, and build on the quarter after that
It’s worth emphasizing that AI governance isn’t a single track. For most organizations, there are two distinct branches of activity – AI in your product roadmap and AI for back office – that require different oversight frameworks, different risk tolerances, and different success metrics.
AI embedded in the features your customers see and interact with carries reputational, legal, and competitive stakes that demand one type of rigor. AI deployed for back-office acceleration and operational efficiency demands another. Conflating the two is one of the most common and costly governance mistakes I see. Your committee needs to build for both.
You must hold the committee accountable for four early outcomes: clarity on what’s in scope, a full inventory of what AI is currently running in your organization, an honest assessment of what your existing policies do and don’t cover, and a cadence for keeping you — and the board — informed as things change. The inventory of activity alone may take time to build, depending on the size of your organization and the scale already underway. That’s expected. That’s enough to start.
As a member of the executive team, your job isn’t to run the committee; it’s to make clear that it matters. Set the expectation that the committee meets regularly, that ownership is unambiguous at every level, and that the focus stays on business outcomes rather than technology features.
You engage directly only when the framework needs to evolve in response to a significant risk or opportunity, when there’s a decision that carries board-level implications, and when reporting to the board needs your voice behind it.
A New Kind of Edge #
The leaders who will look back on this moment with pride aren’t the ones who waited. They’re the ones who understood that governance isn’t the opposite of speed — it’s what makes speed possible.
Every company that builds a rigorous, responsive AI governance structure now is buying itself the ability to move fast and also to course-correct before a misstep becomes a headline — or a board agenda item no one wants to be sitting at the table for.
This, not the glamorous demos, not the productivity gains, and not the investor narrative, is the work that matters. What is essential is to build the infrastructure that lets all of it happen safely, and reporting on it with enough clarity and confidence that your board becomes an asset in the process rather than an anxious audience.
The companies that do it now will have a structural advantage that compounds for years.
The ones that don’t will spend that time catching up — if they get the chance.
The opinions expressed in Fortune.com commentary pieces are solely the views of their authors and do not necessarily reflect the opinions and beliefs of Fortune.