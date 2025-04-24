The Deloitte AI Governance Roadmap (“Roadmap”) is designed to help boards of directors (“boards”) understand their role and provide them with guiding questions to support effective oversight of AI. The Roadmap applies the Deloitte Governance Framework (“Framework”) to AI. The Framework, illustrated below, provides an end-to-end view of corporate governance and defines and delineates board and management activities. The board’s role in each of the elements of the corporate governance infrastructure can vary from that of an active participant in the processes themselves (depicted in the top half of the circle) to an overseer of management-led activities running the day-to-day business and executing the strategy (depicted in the bottom half of the circle). The Roadmap focuses on the top half of the Framework—the specific areas depicting the role of the board.

Why now?

In the rapidly evolving landscape of AI, organizations are increasingly leveraging AI technologies to drive innovation, enhance operational efficiency, and deliver value to stakeholders. However, AI’s transformative potential also brings significant challenges, including ethical considerations, data privacy concerns, and the potential for unintended consequences. To navigate these complexities and help ensure responsible AI deployment, it is important to establish a robust governance roadmap

AI risks can pose significant reputational consequences

Despite the promising potential of AI, emerging risks remain a barrier to realizing its full value. These risks (e.g., strategic, operational, financial, and compliance) can pose reputational consequences if not addressed properly, ultimately eroding trust among internal and external stakeholders.

Key risks include but are not limited to:

Inaccuracy and hallucinations

Intellectual property infringement and confidentiality violations

Unethical use or bias

Importance of AI governance

Effective AI governance is crucial for supporting the board’s oversight of AI. It can enable ethical use, enhanced data quality, and boosted productivity by aligning organizational goals and values as part of strategic AI integration.

The overarching benefits of robust AI governance may include:

Increased brand equity and trust, leading to new customers and improved employee retention

Reduced costs from potential legal, regulatory, and other remediation activities

More accurate information for improved decisionmaking

A positive impact on society with ethical and responsible AI use

Where to begin: Assess current state of AI in the organization

Overseeing a company’s AI adoption and its related opportunities and risks requires a board to first understand the company’s current AI maturity. This includes the following actions:

Questions for the board to consider

Does the board have the experience and expertise to advise on the strategy and then monitor progress of the implementation?

Does management have a strategy of how they plan to utilize AI in strategic objectives and functional areas or in other ways?

Does the board understand the risks and opportunities associated with the AI strategy?

Does management have a current “inventory” of how machine learning AI and Generative AI are being used in the company?

Does the board have a clear vision on how the AI initiatives are overseen across the governance structure?

BOARD’S ROLE: Evaluate the integration of the company’s AI approach to its broader corporate strategy. Oversee strategy execution, and help management identify when and how the strategy may need to be adapted in response to AI risks and opportunities.

Questions for the board to consider

Does management have a position on AI’s relevance and how the organization is currently using or planning to use AI?

Does management have a view on the possible future impact of AI on the organization and a process to periodically evaluate the impact of AI developments?

Has management developed a strategy for AI adoption and integration? Does the strategy consider applicable resources and capital, pace of adoption, performance metrics, involvement of third-party vendors, and emerging market trends and AI developments?

How does management monitor employee use of AI and ensure feedback is properly addressed in AI initiatives?

How is management updating external and internal communications policies and controls to reflect the desired level of transparency into AI usage and risks?

BOARD’S ROLE: Understand and oversee the risks AI poses (strategic, functional, and external) to the company’s overall strategy. Consider these risks within the organization’s enterprise risk program and monitor how AI can impact existing enterprise risks.

Questions for the board to consider

Has management properly defined the organization’s risk appetite regarding AI initiatives and broader AI use throughout the organization?

How does management evaluate risks and opportunities related to AI, and how is the evaluation incorporated within the AI strategy? This includes risks and opportunities of using AI as well as not using AI.

Does management have a process in place to identify and assess risks related to current AI use cases as well as those under development?

How is management addressing identified risks, and what monitoring and reporting processes are in place to facilitate oversight?

BOARD’S ROLE: Understand the significance of AI for the organization—now and into the future. Define ownership of AI oversight at the board (e.g., the full board, an existing committee, a new committee, or a sub-committee)

Questions for the board to consider

Are changes to board structure (i.e., allocation of responsibility to new or existing committees) necessary to facilitate effective AI oversight?

Does management have a governance framework or supporting policies over the use, development, and integration of AI within the organization? How does it incorporate concepts of responsible innovation or Trustworthy AI?

Does the board understand which executive, team, and/ or management committee is responsible for AI strategy implementation?

Does the board have a clear understanding of who in management will report to the full board or committees overseeing AI strategic initiatives?

Does the board have a cadence for how often AI will be on the board’s agenda and what information will be presented and by whom?

Illustrative example of structure — Less extensive AI integration and oversight

Established board structure provides oversight of the company’s strategy and carries out governance responsibilities across the standing board committees based on the specific AI activities as defined by management to achieve the overall AI strategy. This illustration may be more applicable to an organization that has less extensive AI integration and oversight.

BOARD’S ROLE: Stay informed on AI developments relevant to the industry and the company specifically. Consider the best means of providing the board access to expertise depending on the company’s needs (e.g., adding regular AI education to the board agenda, creating an AI advisory council to the board, and/or adding a board member with relevant AI expertise).

Questions for the board to consider

Based on the extent of AI use or adoption in the organization, does the board have the appropriate experience(s) to support effective oversight of AI?

Given the potentially expansive impact of AI, is the board meeting with the appropriate C-suite members and business leaders? Is the board getting sufficient and appropriate information on AI-related matters?

Does board composition need to be adjusted to recruit board members with more experience with AI and emerging technologies? What about company leadership?

What training and educational opportunities are available to help the board upskill on AI and emerging technologies? Would the board benefit from bringing in internal or external experts to inform discussions?

How can the board ensure it remains actively engaged in the evolving landscape of AI, guarding against complacency and outdated perspectives, and remaining agile and responsive to AI’s evolving capabilities? Would the board benefit from bringing outside voices into board meetings?

BOARD’S ROLE: Monitor the company’s progress against its AI-specific strategic, financial, and operational goals. Understand how AI supports or inhibits progress towards the company’s overall strategic goals. Establish a consistent method for receiving, reviewing, and utilizing the data used to evaluate progress.

Questions for the board to consider

How has AI contributed to progress toward strategic goals? How has it inhibited progress?

What metrics and KPIs should be used to measure the success of AI initiatives? How frequently are these KPIs reviewed to ensure they remain relevant?

How will the board receive updates on KPIs?

How often will updates be provided? What events will trigger an update to the board outside of regular updates?

What are some examples of how AI has delivered measurable value to the organization?

How does management monitor the AI regulatory and compliance landscape? What will trigger the board’s involvement in a regulatory or compliance matter?

BOARD’S ROLE: Assess whether the skills needed to execute the company’s AI strategy and manage risks are adequately represented among management. Understand the impacts and opportunities AI brings to the workforce and how AI is integrated into talent recruitment, workforce development, and incentive strategies.

Questions for the board to consider

Does the organization’s talent model align with the AI strategy and AI risk management?

Does the organization have the resources, including personnel and tools, to enable effective oversight, evaluation, and monitoring of AI applications and underlying models?

Do succession plans reflect current and future needs to recruit talent experienced with AI and emerging technologies?

Have learning opportunities or a curriculum been developed to help current employees and the pipeline of future leaders expand their skills and expertise in AI and related technologies?

Have learning opportunities or a curriculum been developed to help the current workforce effectively and responsibly leverage AI?

BOARD’S ROLE: Help cultivate a culture of trustworthy AI. This includes incorporating appropriate disclosures and communications about the AI strategy. The board also has a role in tracking whether the organization is using AI responsibly while adhering to the ethical standards of the company.

Questions for the board to consider