Board & Executive Governance
Operational controls for board & executive governance — with maturity levels, evidence requirements, and implementation guidance.
Not sure where to start? Answer 3 questions and get a tailored compliance action plan.
What applies to me? →9 controls
Director AI Literacy and Competency Assessment
Establish a board-level AI literacy program that assesses director competency against defined standards, closes identified gaps through targeted education, and ensures the board can discharge its AI oversight obligations effectively.
AI Governance Committee Charter and Decision Rights
Establish a cross-functional AI governance committee with a formal charter defining its mandate, composition, decision rights, quorum requirements, escalation paths, and reporting obligations to the board.
Board-Level AI Safety Committee Charter
Establish a dedicated board-level committee with fiduciary responsibility for AI safety oversight, distinct from the operational AI governance committee, with defined authority over high-consequence AI risk decisions.
AI Governance ESG and Investor Disclosure
Establish a structured process for disclosing AI governance maturity, AI-related risk management, and AI safety posture to shareholders, institutional investors, and ESG rating agencies.
AI Governance Maturity Assessment
Conduct structured self-assessments and external benchmarking of the organization's AI governance program against defined maturity frameworks, and use assessment results to prioritize governance improvements.
AI Risk Tolerance and Appetite Documentation
Establish a formal process for defining, documenting, and approving the organization's AI risk tolerance and appetite across key risk categories, with board-level sign-off and periodic review.
Federated AI Governance Design
Design the accountability model for AI governance across distributed deployments, defining the balance between central control and business unit autonomy, and the escalation path when BU-level governance is insufficient.
Voluntary AI Governance Adequacy Standard
Define an internal AI governance adequacy standard for organizations operating without binding AI mandates, providing a documented and defensible governance posture that satisfies stakeholder expectations and anticipated regulatory requirements.
Unified Multi-Framework AI Risk Register
Maintain a single AI risk register that consolidates obligations from multiple frameworks (NIST AI RMF, ISO 42001, EU AI Act, sector regulations) into a unified view, eliminating duplication and identifying where a single control satisfies multiple requirements.