Establishing strong governance is fundamental to implementing AI systems that stakeholders can trust, especially in a rapidly evolving technology environment. The audit committee, as part of the broader organization, plays a key role in this process. Responsibility for risk monitoring.
Frameworks such as KPMG AI Governance Principles for Boards of Directors and the Nasdaq From perception to data management: Building a trusted foundation for AI Provide guidance for boards and audit committees looking to strengthen their technology oversight.
Here are the top three considerations.
1. Integrate AI into your existing monitoring framework
Publicly traded companies are leveraging AI in a variety of ways, including enhancing internal processes, financial reporting, and customer experience. Given AI’s wide range of use cases and potential risks to enterprise operations, it is important that oversight is built into existing enterprise risk management and internal control frameworks, rather than being defined as a separate technology initiative.
As governance frameworks develop, many companies are assigning oversight of AI to audit committees. To strengthen these responsibilities, committees should ensure that AI-related risks, including bias, model drift, data breaches, and cybersecurity, are incorporated into enterprise risk reporting, and that escalation procedures exist for significant AI-related events.
2. Treat data management as a foundation
Because AI technologies, especially generative AI, are trained on large datasets to identify patterns, structures, and expressions, companies must ensure that the data used in these systems is properly managed and controlled. Data management is the foundation of trustworthy AI, establishing clear accountability and control over how data is managed and used.
This also affects: This technology either provides reliable insights or poses significant risks. Without oversight, AI output can be biased, fabricated, or Reveal sensitive information that undermines stakeholder trust.
For audit committees, this means asking management about current data governance policies, whether they apply across the vendor and partner supply chain, and how risks related to data are identified and managed. Scale your AI systems with confidence with strong data governance and controls.
3. Moving from AI ambition to AI responsibility
Investors aren't just focused on AI's potential. They increasingly want to understand how it is done and who is responsible. It is important for companies to demonstrate that the adoption of AI is linked to strategic priorities and delivers tangible benefits, and audit committees play a key role in overseeing these disclosures.
Audit committees should challenge management to demonstrate alignment between AI initiatives, risk appetite, and measurable value creation. This includes promoting specific metrics for AI performance, ensuring that public information is accurate and substantiated, and asking whether controls over AI-related disclosures are independently reviewed. Showing investors not only how AI is integrated, but also how its risks are effectively managed, is critical to building long-term trust.
Supervisory requirements
AI governance is increasingly high on the agenda for boards and audit committees. Investors are monitoring how companies implement AI systems, manage associated risks, and communicate. That influence helps audit committees build trust in technology and ensure reliable disclosures that support innovation. For more information on audit committee oversight in the age of AI, please visit the CAQ.
