Director AI Literacy and Competency Assessment
Establish a board-level AI literacy program that assesses director competency against defined standards, closes identified gaps through targeted education, and ensures the board can discharge its AI oversight obligations effectively.
Objective
Ensure board directors have sufficient AI literacy to meaningfully oversee AI strategy, risk, and governance, and that the board as a whole meets defined competency standards for AI oversight.
Maturity Levels
Initial
AI literacy at the board level is ad hoc. Directors receive no structured education on AI risks or governance obligations.
Developing
The board has received at least one AI briefing from management or an external expert, but there is no competency framework or assessment process.
Defined
A board AI literacy framework defines minimum competency expectations. Directors complete an annual self-assessment against those standards. Identified gaps are addressed through a structured education program.
Managed
Competency assessments are reviewed by the board chair or governance committee. Education completion is tracked and reported. New directors receive AI literacy onboarding within 90 days of appointment.
Optimizing
The board includes at least one director with deep AI expertise. External benchmarking compares board AI competency against peer organizations. The literacy program is updated annually to reflect material changes in AI risk and regulation.
Evidence Requirements
What an auditor or assessor would expect to see for this control.
- —Board AI literacy framework defining minimum competency standards across foundational, governance, and strategic tiers.
- —Annual director self-assessment results (aggregate, not individual) reported to the governance committee.
- —Education program completion records for the past 12 months.
- —New director AI literacy onboarding checklist with completion timestamps.
Implementation Notes
Key steps
-
Define a board AI literacy framework. Structure competency expectations across three tiers:
- Foundational: Understanding what AI systems are, how they generate outputs, and the categories of AI risk (bias, safety, security, regulatory, reputational).
- Governance: Understanding the organization's AI governance framework, key controls, risk appetite, and regulatory obligations.
- Strategic: Understanding AI's role in competitive strategy, how to evaluate management's AI proposals, and how to oversee AI-related capital allocation.
-
Conduct an annual director self-assessment against the framework. Use a structured questionnaire with a scoring rubric, not a freeform discussion.
-
Identify gaps at the individual director level and at the board aggregate level. Report the aggregate result to the governance committee.
-
Design an education program to address identified gaps. Options include: external AI expert briefings, site visits to AI operations, structured reading lists, peer organization exchanges, and director education programs at business schools now offering AI governance tracks.
-
Track completion of education activities and report to the governance committee annually.
-
For new directors, integrate AI literacy assessment into the onboarding process and provide a structured 90-day education pathway.
Common gaps
- Treating a single annual AI briefing as a substitute for a competency assessment and education program.
- Assessing individual directors but not evaluating board-level aggregate capability, which is the unit that matters for oversight.
- Failing to update the framework as AI capabilities and regulatory requirements change.
Example Implementation
Board AI Literacy Competency Framework (excerpt)
Foundational tier (all directors)
| Competency | Assessment question | Minimum standard |
|---|---|---|
| AI system basics | Can you describe how a large language model generates outputs and why those outputs can be wrong? | Demonstrated understanding of probabilistic outputs and hallucination risk |
| AI risk categories | Can you identify the five primary AI risk categories the organization faces? | Able to name: bias, safety, security, regulatory, reputational |
| Governance structure | Can you describe the organization's AI governance committee structure and escalation path? | Accurate description of committee structure and escalation triggers |
Governance tier (audit, risk, and governance committee members)
| Competency | Assessment question | Minimum standard |
|---|---|---|
| Control framework | Can you describe the organization's key AI controls by domain? | Able to identify human oversight, agentic AI, and security domains |
| Regulatory exposure | Which AI regulations apply to the organization and what are the primary obligations? | Accurate description of top three applicable regulations |
2026 board aggregate assessment result: 7 of 9 directors at Foundational tier; 3 of 4 committee members at Governance tier. Gap: 2 directors require foundational remediation. Program: Q3 2026 external expert briefing scheduled.