AI Governance Institute logo
AI Governance Institute

Practical Governance for Enterprise AI

Board & Executive Governance
BRD · Board & Executive GovernanceBRD-011Medium effort

AI Governance Training Program and Completion Tracking

Maintain a role-differentiated AI governance training program with documented curricula, annual completion targets, audit-ready completion records, and periodic curriculum review — ensuring all staff with AI design, deployment, review, or oversight responsibilities have the knowledge to exercise those responsibilities.

Objective

Ensure that every person with a role in the organization's AI governance program — from practitioners to board members — receives appropriate training for that role, with completion tracked, recorded, and available for regulatory audit.

Maturity Levels

1

Initial

No AI governance training program exists; awareness is gained informally or through individual initiative.

2

Developing

Ad hoc training is provided when significant regulations are published or incidents occur, but no curriculum, completion target, or tracking system exists.

3

Defined

A training program exists with documented curricula by role, an annual delivery schedule, completion targets, and records retained for audit.

4

Managed

Completion rates are reported to the AI governance committee; gaps by role or business unit are identified and addressed; curriculum is reviewed at least annually for regulatory currency.

5

Optimizing

Training outcomes are assessed through competency testing, not just completion rates; learning data informs governance program design; role-specific assessments confirm understanding.

Evidence Requirements

What an auditor or assessor would expect to see for this control.

  • Training program documentation including curricula by role, delivery schedule, and annual completion targets
  • Completion records for the past 12 months showing who completed which modules, by role and business unit
  • Completion rate report comparing actual completion against targets, broken down by role category
  • Curriculum review records showing annual update process, regulatory changes incorporated, and curriculum owner sign-off
  • Assessment or quiz results demonstrating learning outcomes where applicable; escalation records for business units with persistent completion gaps

Implementation Notes

Key steps

  • Define role categories and what each needs to know:

    • AI practitioners (engineers, data scientists, ML engineers): technical controls, responsible AI principles, prohibited use cases, incident reporting procedures.
    • Business owners and managers: risk classification, human oversight responsibilities, acceptable use policies, what triggers an incident report.
    • Compliance and legal: regulatory landscape by jurisdiction, documentation obligations, reporting timelines, cross-framework mapping.
    • Executives (C-suite): strategic AI risk posture, governance program status, board reporting obligations, their personal accountability under emerging regulations.
    • Board members: fiduciary AI risk oversight, escalation thresholds, regulatory exposure summary, director liability context.
  • Design curricula appropriate to each role: AI practitioners may need 4–8 hours of technical training annually; board members may need a 45-minute structured briefing. Depth should match decision authority and accountability.

  • Set annual completion targets by role category. A reasonable starting point: 100% of practitioners and compliance staff, 100% of managers with AI-deployed systems in their area, 100% of executives and board members.

  • Retain completion records in a format suitable for regulatory audit: learner name, role, module title, completion date, and assessment score if applicable. Keep records for at least 3 years.

  • Review curricula annually. Assign a curriculum owner responsible for incorporating regulatory changes (new laws, major enforcement actions, updated framework guidance). Document what changed and why.

  • Address non-completion. Track by business unit; escalate persistent gaps to the AI governance committee.

Example Implementation

Global professional services firm with 800 staff, 60 AI practitioners, deploying AI in client-facing services across the EU and US

AI Governance Training Program — 2026 Summary

Role curricula and 2026 completion targets:

Role categoryStaff countCurriculumHoursTarget
AI practitioners60Technical controls, responsible AI, prohibited uses, incident reporting6 hrs100% by Q2
Business owners / managers120Risk classification, oversight responsibilities, acceptable use, incident triggers2 hrs100% by Q2
Compliance and legal25Regulatory landscape, documentation obligations, multi-jurisdiction mapping4 hrs100% by Q1
C-suite8Strategic AI risk, governance program status, board reporting obligations1 hr100% by Q1
Board members10Fiduciary oversight, escalation thresholds, director liability45 min100% by Q1

Q2 2026 completion rates:

  • AI practitioners: 57/60 (95%) — 3 on leave, completions scheduled for Q3
  • Business owners: 112/120 (93%) — Operations unit at 78%, escalated to COO
  • Compliance/Legal: 25/25 (100%)
  • C-suite: 8/8 (100%)
  • Board: 9/10 (90%) — 1 member joined post-delivery; standalone briefing scheduled

Curriculum review — June 2026: Updated EU AI Act literacy module to reflect August 2026 general application date. Added section on US state AI law developments (CO, TX). Removed outdated reference to EU AI Liability Directive draft. Curriculum owner: Director of AI Governance.

Control Details

Control ID
BRD-011
Typical owner
Chief People Officer / AI Governance Lead / L&D
Implementation effort
Medium effort
Agent-relevant
No

Tags

AI trainingstaff literacyrole-differentiated curriculumcompletion trackinggovernance readinessEU AI Act literacyboard education