Building Your AI Governance Blueprint: A Guide to Ethical AI

Apr 29, 2024

Why should you have an AI governance policy?

Having an AI governance policy creates necessary guardrails to ensure your organization uses AI tools safely and responsibly while minimizing the risks associated with AI. An AI governance policy outlines your AI guiding principles, how your organization uses AI ethically, and your data security.

The “policy” and “governance” might not exactly set your pulse racing, especially given AI is one of today’s most exciting topics. But trust us when we say having a transparent AI governance and ethics policy is necessary as you consider how AI will transform your organization.

The EU’s AI Act: Making Governance Practices Important Now

With the addition of the EU’s AI Act, having an excellent governance policy is critical in both the public sector and the private sector [even if you don’t do business in Europe]. As the world catches up with the breakthroughs in AI technology and AI algorithms, more of this regulatory compliance from our policymakers and human rights advocacy groups will come our way [and probably fast].

So, we will break down the basics of AI governance and share why it is important for an organization’s responsible use of AI.

AI Governance Transcript

Welcome to the new whiteboard series from the virtual strategists. My name is Erica Olsen. I’m the CEO of OnStrategy. Thanks so much for tuning in. In this series, we are discussing AI strategy, and this topic is responsible AI. Specifically, we will discuss the five reasons that you need an AI governance plan, policy, and structure in place.

Before you quickly pause or click off, don’t go away. It’s fast, painless, and important, particularly if you plan on implementing AI at an enterprise level across your organization. If you still need to check out the first video in this series, do it because it outlines our framework for an AI strategy.

What are we talking about when we talk about AI strategy today? We’re explicitly digging into AI governance. Every organization needs an AI governance policy and structure. You just do. It doesn’t need to be complicated, but you need something.

If you don’t have that in place, you won’t realize the benefits AI can bring your organization because you’ll constantly be hitting up against the five bullet points, we’ll walk through.

The five reasons you need this policy are that it needs to be aligned with your values—straight up. AI is an enabling function, not an end to a mean, so your values are front and center.

You’ve got to protect your data. This is for the attorneys out there. Data is paramount for all of us. You are at considerable risk if you’re not clear about what data protection means to ensure that no one in your organization steps over the line.

Bias is a big one. You want to prevent bias in your organization. Having a clear governance policy in place to avoid this is super important. We do not want to continue to replicate biases by using biases inherent in some data that AI is leveraging.

We also want to ensure that organizations, teams, and individuals can experiment to grow. We need to provide the guardrails and the guidelines for what’s acceptable and not sufficient.

Last but certainly not least, your staff must feel safe and secure that they will not lose their jobs to play with AI. The first thing everybody asks themselves as a staff member in organizations today is, will I lose my job? If so, I’m not going to participate in this experiment. We want people to feel safe to experiment because that’s where everything will come from in terms of the real benefits that this technology will yield for you and your team.

So, what is included in a responsible AI policy? Let’s go through the checklist.

So first things first, we want a set of guiding principles that support your values.

That is a set of guiding principles that everybody in your organization can look at and say, and I am adhering to these.

The next thing is a clear governance structure. How will you ensure that those guiding principles are being adhered to? Does that governance structure include an AI committee?

And if so, who’s on it? Importantly, where, and how are your team going to learn from each other? Setting up a learning hub in your organization is a best practice. So, what does that look like?

And then how will you communicate those learnings more broadly to the organization? So, when you think about having a responsible AI policy in place, those are the pieces that your policy should include, and just to say, it doesn’t need to be a stodgy policy.

It can be one slide with just some thoughts on these different topics. It can be fun. It can be a video, and make sure there’s documentation wherever that might live for you. So, policy always just seems old school. So, the importance is that you’re setting forth the guidelines and the acceptable use of AI so that everybody in your organization.

Understands what it looks like and what it doesn’t look like for your organization to keep you safe, protected, and quite frankly, thriving.

Three other videos dig deep into each of these topics to really help you build out each section. So, commit to spending one hour with you and your team to build a responsible AI policy for your organization.

You’ll be better for it, I promise. Please don’t leave without subscribing to the channel. We’re dropping videos on this topic and many others, and you’ll want to be notified when we do. If you want more resources, click on the link.

Thanks again for tuning in. Happy strategizing.

The 5 Reasons You NEED an AI Governance Framework and Policy.

We will jump into the 5 reasons your leadership team needs an AI governance plan.

#1: You Need to Align AI with Your Core Values

Your AI use cases and approach to artificial intelligence must align with your organization’s overall core values. You should think about these two questions:

  • How you will [and will not] use AI in your organization?
  • Will AI have a significant role in your organization?
  • How do your core values guide your behavior when using AI?

By anchoring your AI governance and strategy with your values, you can ensure your organization stays aligned with your core values while embarking on this new AI frontier.

#2: Proactively Protect Your Data and Data Sources

Data is the lifeblood of organizations AND AI systems, and protecting it is paramount for success in this new world.

Without robust data protection measures, your organization risks exposing itself to legal, ethical, and reputational damage. A well-defined AI risk management framework should:

  • Clear guidelines on data storage and what you will [or will not] expose to AI. It’s all about risk management here!
  • How you process data with AI and AI models.
  • What mechanisms do you have to remain compliant with relevant regulations and standards?

Proper governance of AI in your organization requires a clear picture about how you’ll avoid unacceptable risk and protect your organization’s most sensitive information.

#3: Prevent Bias Inherent in AI Technology and AI Algorithms

AI systems can perpetuate and even exacerbate existing biases and inequalities. To mitigate this risk, it’s essential to incorporate measures into your AI governance plan to identify and address bias at every stage of the AI lifecycle, from data collection and preprocessing to model training and deployment. Human intervention is important in preventing and perpetuating bias in AI.

#4: Create Space for Experimentation and Learning

Innovation thrives in environments where experimentation is encouraged and supported. Every thoughtful and thorough AI governance plan should include:

  • A committee or space for your team to share learnings.
  • A place for experimentation to see what’s possible in your space.
  • What does your organizational structure entail for AI governance? What stakeholders do you need to involve?
  • How you’ll convene and share insights with your broader organization.

#5: Ensure Job Security

AI has the potential to automate tasks currently performed by your workforce, leading to unease and unrest about job displacement and unemployment. As business leaders, it our job to address these concerns and foster a culture of trust and collaboration.

Doing so requires clear provisions in your AI governance plan to ensure job security for your employees. This may include reskilling and upskilling programs, redeployment opportunities, and measures to promote workforce diversity and inclusion.

Need help using this AI framework and building your AI roadmap? We’re here to help!

AI has changed everything – and there is no strategy without a clear approach for how AI will transform your organization. Not sure where to start? We can build your AI transformation strategy and governance in 30 days.

Book Your AI Roadmap Call

The Checklist for a Complete AI Governance Policy and Ethical Standards:

Now that we’ve covered why having an AI governance plan is essential let’s take a closer look at what should be included in such a plan:

✅ A Clear Set of AI Guiding Principles

We recommend developing a set of core AI guiding principles that are aligned with your organization’s overall values and ethics. These principles should serve as a foundation for decision-making and guide your organization’s development, deployment, and use of generative AI, tech, and machine learning.

✅ Clear AI Governance Systems and Structure

A governance structure outlines how your organization will manage, communicate, and corral AI in your organization. We’ll cover the three types of AI governance structures in a different post, but you can select a structure based on your organization size, structure, and needs. It’s also important to be clear about your organization’s approach to data governance and cybersecurity.

But, at minimum, you need to have a governing group that manages AI and it’s guardrails in your organization.

✅ An AI “Committee” of Stakeholders for Oversight

You’ll establish this as you create your AI governance structure. Still, you should have a committee or group responsible for managing your ethical guidelines and compliance requirements for AI development, deployment, accountability, and privacy. This group helps ensure AI initiatives meet your ethical requirements and help protect core pieces of your organization, like data and intellectual property.

✅ Identified Potential Risks & Ongoing Monitoring

As part of an AI governance framework or policy, your organization should conduct a risk assessment to create a complete list of possible scenarios where AI could negatively impact your organization. It’s important that your AI experts, legal experts, and security team work together to identify all the possible scenarios and data AI could impact, then create a risk mitigation approach to ensure AI has minimal risk in your organization. Your AI risk mitigation will support your legal framework for risk management.

✅ A “Learning Hub” for AI Transparency

We strongly recommend creating an AI learning hub in your organization. Giving your team space to experiment, share learning with each other, and inspire thinking will advance the use of AI in your organization, create visibility into what your team is doing with AI to ensure compliance, and eliminate duplication of efforts across teams.

Your learning hub might also benefit from establishing key performance indicators or metrics to help quantify the positive [and negative] impacts for your team. Before embarking upon bigger AI software development projects or AI automation, it’s helpful to have quantified metrics about the impact AI is having in your organization. A learning hub will help with this.

✅ A Proactive Communication Approach for Learnings

With your established learning hub, how will you communicate with your organization? What mediums, channels, and methods will you use to ensure everyone is current on your team’s AI approach? It’s important to establish this approach as part of your governance efforts.

Bonus: 5 Helpful Questions to Answer with Your AI Governance Framework

If you’re not sure where to start, here are some key questions and themes to consider in your ethics and governance framework:

  • Data protection: If you are using AI, how are you protecting your data? Your customer’s data? What is your policy on data privacy?
  • Privacy Compliance: How are you compliant with GDPR, CCPA, and HIPAA regulations? How are you preventing legal issues in your organization with this regulation?
  • Security: How will you handle incident responses, systems failures, and breaches when integrating AI into your organization?
  • Bottom-Up Innovation: How will you enable bottom-up innovation and ensure your team uses AI responsibly?
  • Ethical considerations: How will use AI ethically? How are you preventing bias?
  • Bias: How do you ensure fairness and mitigation with AI systems to prevent discriminating against groups, ethnicities, genders, or demographics?

Pro Tip:

Other common considerations for guiding principles when developing your AI ethics include accountability, data quality and security, equity, and transparency.

AI Governance Resources

Alternative Resources:

OnStrategy Resources:



What is 7 + 9 ?
Please leave these two fields as-is:
All fields are required.

Join 60,000 other leaders engaged in transforming their organizations.

Subscribe to get the latest agile strategy best practices, free guides, case studies, and videos in your inbox every week.

Keystone bright-path authority-partners iowa caa maw maryland mc kissimmee dot washoe gulf reno