What material AI risk are we taking?
What controls reduce that risk and how do we know they work?
What residual risk remains and who owns it?
What investment or risk decision is needed this quarter?
"100% adverse action notices include approved reason code; monthly disparate impact ratio reviewed by model risk."
Residual risk
控制后仍存在的风险
"Medium residual risk: borderline applications may still receive inconsistent human overrides."
Stop rule
触发暂停或上报的条件
"Pause expansion if adverse action explanation completeness falls below 99%, or protected-class disparity exceeds approved tolerance for two review cycles."
4.2 Board Question Bank
Oversight question
Strong management answer pattern
Which AI systems are material and why?
"We classify materiality by customer impact, financial exposure, regulatory obligation, autonomy level, data sensitivity and reversibility. This quarter 6 of 18 AI systems are material."
Are any AI tools making final decisions?
"No final customer-impacting credit, AML, fraud or wealth decisions are fully automated. AI drafts, recommends or prioritizes; named humans approve final actions above defined thresholds."
How do we know controls work, not just exist?
"Each control has an owner, test frequency, metric and evidence artifact. For AML copilot, red-flag recall is tested monthly against 500 labelled cases and reviewer calibration is sampled weekly."
What AI risk exceeds appetite?
"Customer service RAG is within appetite. Wealth advisory guardrail remains outside appetite for direct-to-customer recommendations; it is limited to advisor-facing compliance checks."
What incidents or near misses occurred?
"One medium incident: customer service RAG cited a stale fee policy in 31 drafts. It was contained in 42 minutes, no final customer messages were sent without review, source refresh control was remediated."
How are we preventing shadow AI?
"All production AI calls must route through model gateway. Unapproved browser AI uploads are blocked by DLP, and business units attest quarterly to no unregistered high-risk AI use."
What is the investment logic?
"We fund shared platform controls because they reduce per-use-case audit, security and eval cost. We fund domain use cases only when business owner, data owner and eval path are confirmed."
What would cause management to stop?
"Pre-agreed stop rules cover safety, compliance, adoption, unit economics and control failure. Stop decisions do not require waiting for annual planning."
4.3 PM / BA / Architect Preparation
Role
Preparation action
Board language
PM
Map business outcome, adoption, ROI and stop threshold
"This investment moves fraud loss and false positive rate, not model novelty."
"AI changes triage speed; it does not change who owns customer-impacting action."
Architect
Show data flow, model gateway, audit log, rollback, NFR
"The design is reversible, permissioned, logged and testable."
5. AI Portfolio Risk Dashboard
用途: 每季度向 board / risk committee 汇报 AI portfolio 的价值、风险、控制成熟度和投资取舍。Dashboard 应该让董事看到 "哪些 AI 值得继续投, 哪些需要限制, 哪些必须停止"。
5.1 Dashboard Fields
Field
Definition
Example
System name
注册系统名称
AML Copilot
Business owner
业务结果负责人
Head of Financial Crime Operations
AI role
Draft / recommend / triage / approve / execute
Draft SAR narrative and prioritize alerts
Materiality tier
Critical / High / Medium / Low
High
Current stage
Discovery / Pilot / Limited production / Production / Retired
Limited production
Value metric
与业务基线绑定的指标
Analyst review time reduced from 42 min to 31 min
Risk rating
Inherent and residual risk
Inherent High, residual Medium
Control maturity
1-5 分, 基于证据
4: controls tested monthly, audit log complete
Policy exceptions
已批准例外数量
1 exception: temporary manual upload for legacy case docs
Incidents / near misses
本季度事件
0 severe, 2 low near misses
Audit evidence status
Complete / partial / missing
Complete for release gate and monitoring
Investment decision
Scale / hold / remediate / stop
Hold until reviewer calibration reaches target
Stop rule status
Green / amber / red
Amber: false positive rate above target
5.2 Sample Dashboard
System
Stage
Value
Residual risk
Control maturity
Incident trend
Investment decision
Stop rule
Credit underwriting assistant
Pilot
Underwriter cycle time -18%
High
3
0
Remediate before scale
Red if disparate impact ratio outside tolerance
AML copilot
Limited production
Review time -26%, SAR rework -11%
Medium
4
0 severe
Hold and expand only to trained analysts
Stop if red-flag recall below 97%
Customer service RAG
Production
AHT -21%, citation completeness 98.7%
Medium
4
1 medium
Scale to second product line
Stop if unsupported claim rate above 3%
Fraud decision support
Pilot
Fraud capture +7%, false positives +1.2%
High
3
0
Limited scale with appeal monitoring
Stop if appeal overturn rate above 8%
Wealth advisory guardrail
Discovery
No production value yet
High
2
0
Continue discovery, no customer-facing use
Stop if suitability rule coverage below 95%
AI platform shared service
Production
73% registered AI calls via gateway
Medium
4
0
Invest in audit export and cost controls
Stop onboarding if log completeness below 99%
5.3 Metrics and Thresholds
Category
Metric
Green
Amber
Red
Business value
Value metric vs approved baseline
>= 80% of target
50-79%
< 50%
Adoption
Weekly active target users
>= 70%
40-69%
< 40%
AI quality
Unsupported claim rate
<= 2%
> 2% and <= 3%
> 3%
Risk
High severity incident
0
1 contained
Any uncontained severe incident
Auditability
Complete decision log
>= 99%
95-98.9%
< 95%
Cost
Cost per assisted case
<= approved cap
<= 120% cap
> 120% cap
Control
Control test pass rate
>= 95%
85-94%
< 85%
5.4 Stop Rule
Portfolio-level stop rule:
An AI initiative is paused or de-prioritized when it has no accountable business owner, no data owner, no testable control evidence, red stop-rule status for two review cycles, material incident without containment, or unit economics above approved cap with no credible remediation path.
6. Three Lines of Defense
用途: 明确 AI governance 中业务、风险合规、内审的职责边界。董事会最关心的是 "谁在第一线拥有风险, 第二线如何挑战, 第三线如何独立验证"。
6.1 Operating Model
Line
Owner
Responsibilities
Evidence
First line
Business owner, PM, BA, Architect, Operations, Data owner
Use case definition, process design, control operation, user training, monitoring, incident first response
AS-IS / TO-BE workflow, eval result, logs, SOP, training record, control owner sign-off
Second line
Risk, Compliance, Legal, Privacy, Model Risk, CISO
Platform owner operates gateway, logging and cost guardrails
CISO/privacy define security and data controls
Audit tests access, logging and change management
6.3 Stop Rule
No high-risk AI system moves from pilot to production unless first line operates named controls for at least one full review cycle, second line records challenge and approval, and third line has no blocking evidence-integrity concern for audit-critical controls.
Approve enterprise AI policy v1.0 effective 2026-07-15, covering employee AI use, customer-impacting AI, vendor AI, model lifecycle, data handling and incident reporting.
Policy scope
Applies to all AI systems that draft, recommend, score, summarize, triage, approve or execute work using customer, employee, transaction, product, risk or proprietary data.
Prohibited uses
Unapproved customer-facing financial advice, fully automated credit denial without approved model governance, upload of restricted data to unapproved AI tools, AI execution of payments without dual control, hidden model change in production.
Risk classification
Critical, High, Medium, Low based on customer impact, financial exposure, regulatory obligation, autonomy, data sensitivity, explainability and reversibility.
Approved sources, RBAC, human accountability, audit log, eval thresholds, monitoring, incident runbook, vendor due diligence, model/prompt versioning.
Exception process
Exceptions require business sponsor, risk owner, compensating controls, expiry date, monitoring metric and board/risk committee reporting if material.
Metrics
Registered AI coverage, unapproved AI detections, high-risk use case review completion, control test pass rate, incidents, exception aging, audit findings.
Management owner
Chief AI Governance Officer or equivalent; operating owners include CIO/CTO, CRO, CISO, CDO, Legal, business executives.
Board reporting
Quarterly AI governance report, immediate escalation for severe AI incident or material policy breach.
Stop rule
Any AI system outside policy gates is blocked from production; repeated unapproved AI usage in a business unit triggers management attestation and remediation review.
7.2 Sample Policy Approval Summary
Recommendation:
Approve the AI Policy v1.0 with a 90-day implementation window. The policy enables controlled AI adoption while prohibiting unapproved customer-impacting decisions and restricted-data uploads.
Material changes:
1. All high-risk AI systems must be registered before pilot.
2. AI cannot make final credit, AML, fraud or wealth decisions without approved human accountability and model governance.
3. Production AI must use approved logging, versioning and incident process.
4. Exceptions expire within 90 days unless risk committee renews them with evidence.
Expected board benefit:
The policy gives the board a clear line of sight into material AI risk, control ownership and exception exposure.
7.3 PM / BA / Architect Evidence
Role
Evidence to attach
PM
Use case intake form, product scope, adoption metric, investment gate
BA
Workflow decision map, control touchpoints, exception path, operating SOP
Architect
Reference architecture, data flow, access model, logging schema, rollback design
8. Material AI System Register
用途: 建立董事会和审计委员会可监督的 AI inventory。关键不是列所有 demo, 而是识别 material AI systems and material dependencies。
8.1 Register Fields
Field
Definition
Example
System ID
Unique identifier
AI-AML-002
System name
Business-readable name
AML Copilot
Business process
Supported workflow
Alert investigation and SAR drafting
AI role
Draft / recommend / triage / score / execute
Draft and triage
Autonomy level
0 manual to 5 autonomous execution
2: recommendation with mandatory review
Customer impact
Direct / indirect / internal only
Indirect customer impact
Regulatory domain
Credit, AML, privacy, wealth, fraud, operations
AML / BSA
Data classification
Public / internal / confidential / restricted
Restricted customer and transaction data
Model / vendor
Internal, vendor, model family
Vendor LLM through approved gateway
Key data sources
Authoritative data
Case notes, transaction alerts, KYC profiles, AML policy
Control owner
Named accountable role
Financial Crime Ops Control Lead
Risk owner
Named second-line owner
AML Compliance Director
Audit log location
Evidence source
Central AI audit lake table ai_case_log
Eval cadence
Test frequency
Monthly golden set and weekly production sampling
Incident severity path
Escalation forum
CRO and Risk Committee for severe event
Status
Discovery, pilot, production, retired
Limited production
Last review date
Governance review date
2026-06-15
Next review date
Scheduled review
2026-09-15
8.2 Sample Register Entries
ID
System
AI role
Materiality
Residual risk
Status
Stop rule
AI-CRED-001
Credit underwriting assistant
Recommend with human approval
High
High during pilot
Pilot
Pause if adverse action explanation completeness < 99%
AI-AML-002
AML copilot
Draft SAR narrative and triage alerts
High
Medium
Limited production
Pause if red-flag recall < 97% or audit log completeness < 99%
AI-CS-003
Customer service RAG
Draft customer response
Medium
Medium
Production
Pause regulated-topic drafting if unsupported claim rate > 3%
AI-FRAUD-004
Fraud decision support
Score and recommend queue priority
High
High
Pilot
Pause if appeal overturn rate > 8% or p95 latency > SLA
AI-WEALTH-005
Wealth advisory guardrail
Block prohibited recommendation
High
Medium
Discovery
No production if suitability rule coverage < 95%
AI-PLAT-006
AI platform shared service
Gateway, logging, eval and policy enforcement
High dependency
Medium
Production
Stop onboarding if log completeness < 99%
8.3 Stop Rule
Any AI system that meets materiality criteria but is not registered, lacks a named business owner, lacks audit log location, or lacks next review date is barred from production access and must be reported as a governance gap in the quarterly AI governance report.
8.4 Metrics
Metric
Target
Sample board readout
Material system registration coverage
100%
"All 6 material AI systems are registered with named owners."
Register freshness
Reviewed within 90 days
"One medium-risk system review is due in 12 days; no overdue material reviews."
Owner completeness
100% business, risk, technology, data owners
"AI-WEALTH-005 added named compliance owner before discovery exit."
Audit log location completeness
100% material systems
"All material systems point to system-of-record log locations."
Unregistered material AI detections
0
"Two shadow AI detections were low-risk productivity tools, not material systems."
9. High-Risk Use Case Exception Memo
用途: 当高风险用例希望在某些控制尚未完全成熟时进入 pilot 或 limited production, 必须用 exception memo 明确边界、补偿控制、期限和停止规则。
9.1 Template
Section
Content
Decision requested
Approve a 60-day limited exception for Fraud Decision Support pilot to use manual evidence upload for one legacy queue while platform connector is completed.
Use case
Fraud decision support recommends case priority for debit card disputes above $100 and below $2,500. It does not auto-deny or auto-reimburse.
Why exception is needed
Legacy case documents are not yet connected to the approved retrieval pipeline; without temporary upload, pilot cannot test high-volume dispute workflow.
Manual upload limited to trained fraud analysts; PII masking script runs before upload; files deleted within 24 hours; audit log captures uploader, case ID, document hash and reviewer; daily sample review by control lead.
Exposure limit
Maximum 1,000 cases, one queue, 60 days, no automated customer action, no data export outside approved gateway.
Medium-high for 60 days because manual upload creates operational and privacy control dependency.
Owner
Business owner: VP Fraud Operations; Risk owner: Operational Risk Director; Technology owner: AI Platform Lead.
Expiry
Exception expires 2026-09-30 and cannot renew without connector delivery evidence or risk committee re-approval.
Stop rule
Stop immediately if PII masking failure occurs, audit log completeness < 99%, appeal overturn rate > 8%, or any analyst uploads documents outside approved queue.
9.2 Board-Ready Summary
This exception does not approve autonomous fraud decisions. It approves a narrow, time-boxed data-handling exception for a pilot queue so management can measure value and risk. The residual risk is higher than normal platform operation, but bounded by volume, duration, human approval, deletion, logging and daily sampling.
9.3 PM / BA / Architect Preparation
Role
What to prepare
PM
Business value if exception is approved, lost learning if denied, user cohort, adoption metric
"One medium incident; stale policy citation contained before final customer send."
Investment and value
投资、ROI、扩张/停止决策
"Two pilots stopped due to low adoption; platform gateway funding recommended to reduce duplicated controls."
Regulatory and audit posture
审计发现、监管关注、证据质量
"Internal audit found one medium issue in vendor model-change notification; remediation due 2026-08-15."
Next quarter decisions
董事会需要关注的决策
"Approve risk appetite for advisor-facing wealth guardrail; decide whether to scale AML copilot to second region."
10.2 Metrics
Metric
Current quarter
Prior quarter
Status
Registered AI initiatives
24
17
Amber: inventory grew faster than review capacity
Material AI systems
6
4
Green: all have named owners
High-risk systems with completed release gate
100%
75%
Green
Audit log completeness for material systems
99.2%
96.8%
Green
Open high-risk exceptions
2
1
Amber
Severe AI incidents
0
0
Green
Medium AI incidents
1
2
Green trend
Unapproved AI usage detections
9
14
Green trend
AI spend against approved budget
92%
88%
Green
Initiatives stopped or merged
4
1
Green: portfolio discipline improving
10.3 Stop Rule
The quarterly report must recommend a portfolio hold if material systems lack owners, audit evidence completeness falls below 95%, severe AI incident remediation remains open past target date, high-risk exceptions age beyond approved expiry, or unregistered AI usage increases for two consecutive quarters.
Customer Service RAG stale policy citation incident
Severity
Medium; no confirmed customer financial loss; potential regulatory complaint exposure
Time detected
2026-06-18 09:20 CT by production sampling alert
System and scope
Customer service RAG, credit card fee dispute policy responses, 31 drafted responses across 14 agents
AI role
Draft response with mandatory agent review; no autonomous send
Confirmed impact
7 drafts contained stale policy citation; 0 were sent to customers without human edit; 2 customer cases require supervisor review
Potential exposure
Up to 31 cases drafted during 08:40-09:20 CT window
Containment
09:35 disabled drafting for fee dispute category; read-only retrieval remains active; all affected drafts quarantined
Root cause status
Preliminary: policy source refresh job failed after document path change; monitoring detected stale source after sampling, not before retrieval
Customer/regulator action
No regulator notification required based on current facts; Legal reassessment at 16:00 CT after case review
Metrics
Time to detect 40 min; time to contain 15 min; affected drafts 31; unsupported claim rate during window 22.6%; audit log completeness 100%
Management decision needed
Approve keeping category-level drafting paused until freshness control passes regression test
Next update
2026-06-18 16:00 CT with final case review and restart recommendation
Stop rule
Feature remains paused until source refresh control passes 3 consecutive checks, affected cases are reviewed, and risk owner signs restart.
11.2 Incident Update Language
The incident is contained. The AI system drafted stale policy language, but the human review gate prevented automated customer communication. The management decision is to keep the affected category paused until the source freshness control and regression eval pass. Current residual risk is low for active operations because the feature is disabled for the affected category.
11.3 Board Questions to Expect
Question
Answer
Did customers receive incorrect advice?
"Current evidence shows no unedited AI draft was sent. Two cases require supervisor review because agents partially reused draft structure."
Why did monitoring not prevent it?
"The source refresh control detected failure after sampling, not before retrieval. We are moving the control to pre-retrieval freshness validation for regulated categories."
Could this happen in AML or credit?
"The same source refresh mechanism is not used for AML case evidence or credit bureau data. However, the platform team is reviewing all material systems for pre-use freshness checks."
When can it restart?
"Only after three checks pass, affected cases are reviewed, and risk owner signs restart. No business owner can override that restart gate."
12. Audit Evidence Request List
用途: 审计委员会和 internal audit 需要确认 AI governance controls 是否设计合理、运行有效、证据完整。PM / BA / Architect 应该按系统建立 evidence pack, 而不是在审计来时临时收集截图。
12.1 Evidence Categories
Category
Evidence request
Example evidence
Governance
AI policy approval, committee minutes, risk appetite, decision rights
AI Policy v1.0 approval memo, risk committee minutes, RACI
Inventory
Material AI system register, classification rationale, owner list
Register export with 6 material systems and next review dates
Use case approval
Intake form, business case, materiality assessment, approval record
Fraud decision support intake and risk approval
Data controls
Data classification, source owner sign-off, lineage, retention, deletion
Customer service RAG policy source certification and refresh logs
Architecture
Data flow, access model, model gateway design, logging schema, rollback
AI platform C4 diagram, audit log schema, DR runbook
Eval and validation
Golden set, test results, thresholds, red-team, regression history
AML copilot red-flag recall report and reviewer calibration
Human oversight
Approval matrix, training records, override logs, reviewer QA
Credit underwriting assistant approval and adverse action review
Monitoring
Production dashboards, alerts, sampling evidence, incident trigger
Unsupported claim monitoring for customer service RAG
Change management
Prompt/model version history, release approvals, rollback evidence
Model gateway version registry and release ticket
Vendor risk
Due diligence, DPA, subprocessor list, model change notice, SLA
Workflow map, system permission settings, case samples showing human approval
Reconstruct 10 sampled AI-assisted cases
Input, retrieved evidence, prompt version, model version, draft, reviewer, final SAR narrative, timestamp
Demonstrate red-flag recall control
Monthly golden set, 500 labelled cases, threshold 97%, actual 98.4%, exception log
Show reviewer calibration
Weekly QA sample, reviewer variance report, training completion
Show incident readiness
Runbook, last tabletop exercise, escalation contacts, kill switch evidence
12.3 Stop Rule
If audit cannot reconstruct sampled material AI decisions end-to-end, or if evidence is stored only in manual screenshots without system-of-record traceability, the system cannot expand scope until audit evidence quality is remediated.
12.4 Metrics
Metric
Target
Sample evidence result
Evidence request fulfillment
>= 95% by due date
"38 of 40 evidence requests fulfilled; 2 vendor SLA artifacts due in 5 days."
End-to-end case reconstructability
>= 95% sampled material cases
"AML copilot reconstructed 20 of 20 sampled cases from input to final SAR narrative."
Evidence system-of-record coverage
>= 90%
"Most evidence comes from logs and approval records; screenshots limited to vendor portal status."
Repeat audit findings
0 high / critical
"Vendor model-change notification gap is a first-time medium issue."
Evidence owner completeness
100%
"Every audit request maps to a named business, tech, data or risk owner."
13. Management Attestation Pack
用途: 管理层每季度向 Audit Committee / Risk Committee 证明 material AI systems 的控制、例外、事件和风险声明是真实、完整、可追溯的。
13.1 Attestation Components
Component
Signer
Statement
Business owner attestation
Business executive
"The AI system is used only within approved workflow scope, and business outcomes and user adoption metrics are accurately reported."
Risk owner attestation
CRO delegate / compliance owner
"Residual risk is assessed, exceptions are current, and controls remain within approved risk appetite or are escalated."
Technology owner attestation
CIO/CTO delegate
"Logging, access control, versioning, monitoring and rollback controls operated as described for the reporting period."
Data owner attestation
CDO delegate / domain data owner
"Approved sources, data classification, retention and freshness controls operated as required."
Security/privacy attestation
CISO / DPO delegate
"No unapproved restricted-data flow or unresolved critical security/privacy issue exists for the material AI systems in scope."
Internal audit observation
CAE or audit lead
"Audit has reviewed evidence availability and notes open findings separately; this is not a management sign-off."
Customer service RAG stale policy freshness failure, remediated 2026-06-25
Incidents
1 medium, 0 severe
Audit findings
1 medium vendor model-change notification gap, due 2026-08-15
Residual risk changes
Credit underwriting assistant remains high until bias and explanation controls pass two cycles
Management conclusion
Material AI governance controls are operating with two amber items and no red items as of 2026-06-30
13.3 Sample Attestation Statement
For Q2 2026, management attests that all material AI systems are registered, have named business, risk, technology and data owners, and were operated within approved scope except for the disclosed fraud manual upload exception. No AI system made final automated credit, AML, fraud or wealth advisory decisions outside approved human accountability controls. One medium incident occurred and was contained; remediation evidence is attached. Management rates the overall residual AI portfolio risk as Medium with two amber items requiring Q3 follow-up.
13.4 Stop Rule
Management cannot provide a clean attestation if any material AI system lacks owner sign-off, has expired exception approval, has unresolved severe incident remediation, has audit log completeness below 95%, or operated outside approved workflow scope.
13.5 Metrics
Metric
Target
Sample attestation readout
Owner sign-off completion
100% material systems
"All 6 material systems signed by business, risk, technology and data owners."
Qualified attestations
0 red, amber explained
"Two amber qualifications: fraud exception and vendor notification gap."
Expired exceptions
0
"No exception passed expiry without risk committee review."
Severe incident remediation past due
0
"No severe AI incidents in Q2; one medium remediation closed on schedule."
Attestation-to-evidence traceability
>= 95% claims linked to evidence
"All critical statements link to register, logs, control tests or committee minutes."
14. Policy, Exception and Reporting Templates by Use Case
Reuse rate, time from intake to pilot, avoided duplicate vendor spend
Risk metric
Unapproved AI detections, log completeness, unauthorized access attempts, model change regression pass rate
Investment decision
Fund platform controls when they reduce repeated per-use-case risk work and improve auditability
Stop rule
Stop onboarding new high-risk systems if log completeness < 99%, RBAC test fails, or model change regression gate is bypassed
15. 30 / 60 / 90 Day AI Governance Cadence Plan
15.1 First 30 Days: Establish Visibility and Minimum Gates
Workstream
Deliverable
Owner
Success metric
Inventory
Material AI system register v1
AI governance lead + PMs
100% known production and pilot AI systems registered
Policy
AI policy approval memo
Risk + Legal + CIO/CTO
Policy approved with exception process and stop rules
Risk classification
Materiality rubric
Risk + BA + Architect
All registered systems classified by impact and autonomy
Board reporting
AI portfolio risk dashboard v1
PMO + Risk
Top 10 AI initiatives scored by value, risk, controls
Evidence
Audit evidence request list
Internal Audit + Architects
Evidence owner assigned for each material system
Incident
AI incident severity matrix and escalation path
CISO + Risk + Operations
Tabletop exercise scheduled and owners confirmed
30-day stop rule:
No new high-risk AI pilot starts until it is registered, classified, has named owners, and has an approved stop rule.
15.2 First 60 Days: Test Controls and Exception Discipline
Workstream
Deliverable
Owner
Success metric
Control testing
Control effectiveness test for each material AI system
First line + second line
90% critical controls tested with evidence
Exceptions
High-risk use case exception memo process
Risk committee
100% exceptions have expiry, compensating control and metric
EvalOps
Golden set and production sampling standards
AI platform + model risk
Each material system has quality and risk thresholds
Platform
Model gateway and audit log coverage plan
Architect + platform owner
80% production AI traffic through approved gateway
Training
Board and management AI risk briefing
AI governance lead
Directors and executives receive common terminology pack
Attestation
Draft management attestation pack
Business, risk, tech, data owners
Signers confirmed and evidence gaps listed
60-day stop rule:
Any material AI system with untested critical controls, expired exception, or missing audit log evidence is frozen at current scope until remediation is complete.
15.3 First 90 Days: Board Cadence and Assurance
Workstream
Deliverable
Owner
Success metric
Board reporting
Quarterly AI governance report
CRO / CIO / AI governance lead
Report delivered with decisions, not project status only
Audit readiness
Evidence pack for each material system
First line + Internal Audit
Audit can reconstruct sampled decisions end-to-end
Assurance
Internal audit AI governance review scope
CAE
Audit plan covers policy, inventory, controls and evidence quality
Investment governance
Portfolio scale / hold / stop recommendations
Management steering
At least one low-value or uncontrolled initiative stopped or merged
Incident readiness
Completed AI incident tabletop
CISO + Risk + Operations
Lessons remediated and board escalation template tested
Attestation
Signed management attestation pack
Business, risk, tech, data owners
Clean or qualified attestation submitted with amber/red items
90-day stop rule:
If management cannot produce a quarterly report, material register, control evidence, incident path and attestation pack by day 90, board should pause expansion of high-risk AI until governance cadence is operating.
16. Common Board Questions and Answers
Board question
Strong answer
Are we using AI faster than our controls can handle?
"We separated low-risk productivity AI from material AI systems. High-risk systems cannot expand unless release gates, audit logs and monitoring pass. Portfolio dashboard shows two systems held for remediation."
Which AI use case could create the largest customer harm?
"Credit underwriting assistant and fraud decision support have the highest customer-impact risk. Both are limited to human-approved recommendations and have stop rules tied to fairness, explanations, appeals and false positives."
Can we prove AI did not make an unapproved final decision?
"For material systems, audit logs capture user, input, source, model version, output, reviewer, decision and final action. Audit can reconstruct sampled cases end-to-end."
What happens if a vendor changes its model?
"Material vendor model changes require notice, regression eval, release approval and rollback readiness. A vendor model-change notification gap is open as a medium audit issue with due date."
How are we managing regulatory expectations?
"We map each material use case to domain obligations: fair lending, AML, privacy, fraud operations, suitability and model risk. Compliance and legal approve risk classification and exceptions."
Are we getting value or just running experiments?
"Every funded pilot has baseline, target metric, adoption threshold, cost cap and stop rule. This quarter two pilots were stopped for low adoption and one platform investment is recommended for control reuse."
How do employees know what AI use is prohibited?
"The policy blocks restricted-data upload to unapproved tools, prohibits unapproved customer-facing financial advice, and requires registration for customer-impacting AI. Training and DLP monitoring support enforcement."
What is our residual risk posture?
"Portfolio residual risk is Medium overall, with credit and fraud remaining High during pilot. The risk is accepted only within limited scope and review dates, not as open-ended approval."
Do we have enough talent to govern this?
"The bottleneck is not data science only; it is product, BA, architecture, risk and audit evidence capacity. The 90-day plan adds reusable platform controls and standard evidence packs to reduce manual governance load."
What should the board decide this quarter?
"Approve AI policy v1.0, endorse risk appetite boundaries for high-risk use cases, fund platform audit controls, and require remediation before credit underwriting assistant scales."
17. Common Pitfalls
Pitfall
Why it is dangerous
Better practice
Treating board AI update as innovation showcase
董事会看不到 material risk, ownership 和 control evidence
Lead with risk, controls, residual risk and decision needed
Reporting model accuracy only
Accuracy 不能证明客户、合规、审计和运营风险可控
Include business, quality, risk, adoption, cost and audit metrics
Saying "human-in-the-loop" without role detail
没有说明谁在何处负责, 审计无法重建责任
Define approval step, authority, override reason and evidence
Letting pilots run without stop rule
Pilot 会变成事实生产系统, 风险和成本失控
Pre-approve stop, extend and scale criteria
Ignoring shadow AI
员工可能把 restricted data 放进未批准工具
Combine policy, DLP, training, model gateway and attestation
Treating vendor demo as control evidence
Demo 不能证明安全、审计、可用性或监管适配
Require customer-specific eval, contract controls and audit export
Making AI governance purely technical
风险真正发生在业务流程和客户结果中
PM/BA own workflow and business controls; Architect owns technical enforceability
Over-centralizing all decisions
中央团队成为瓶颈, 业务风险无人真正拥有
Central standards, local first-line ownership, second-line challenge
Under-defining residual risk
"风险可控" 无法被董事会监督
State residual risk level, owner, rationale, metric and review date
No management attestation
董事会无法确认报告完整性和问责链
Quarterly attestation by business, risk, technology, data and security owners
18. Preparation Checklist for PM / BA / Architect
在进入 board / audit / risk committee 前, 团队应完成以下检查:
Check
Pass condition
Decision clarity
第一页写清 approve, hold, scale, stop, accept risk, fund, or remediate
Materiality
系统已按客户影响、监管、资金、自治度、数据敏感性分类
Workflow
BA 能说明 AI 改变了哪个步骤, 未改变哪个最终责任
Business risk
PM 能把每个 AI failure mode 翻译成客户、财务、合规、运营或声誉风险
Control effectiveness
每个关键控制有 owner, frequency, threshold, evidence
Residual risk
风险等级、接受理由、owner、review date 明确
Auditability
Architect 能证明一次决策可从输入重建到最终动作
Investment logic
价值、成本、机会成本、平台复用和停止条件明确
Case coverage
六类金融零售案例至少在 register 或 portfolio dashboard 中被评估
Stop rule
每个 pilot, exception, production system 和 portfolio decision 都有可执行停止条件
掌握标准:
你能把同一个 AI 系统同时讲成业务投资、风险暴露、控制体系、审计证据、架构选择和董事会监督议题, 并且每一种讲法都指向同一组事实和同一套停止规则。