AI governance

Using AI Risk Management to Accelerate Innovation

New Diligent Institute / Governance Institute of Australia data shows 61% of Australian boards restrict employee AI use while only 13% have an AI-literate director — proof that restriction and real governance are pulling apart. NIST's expanding AI Risk Management Framework and the EU AI Act's 2 August 2026 third-party accountability deadline show how structured, evidence-based workflows are what actually let AI adoption move faster, safely.

The Qantas privacy finding: a positive lesson in third-party oversight

A serious data breach does not automatically mean governance failed. The more important question is whether an organisation can demonstrate that it understood the risks, assessed the third party, monitored its controls and responded effectively...

AI Agents and Non-Human Identity Risk

When a single ungoverned AI tool gave attackers a path from a Vercel employee’s device into Vercel’s internal systems, and a poisoned VS Code extension let attackers pull roughly 3,800 repositories out of GitHub, the common thread wasn’t a coding flaw — it was an unmanaged non-human identity. With AI agents now driving machine identities to roughly 109 per human inside the average enterprise (CyberArk, 2026), most governance frameworks still treat identity as a human-only problem.

AI Risk Management Must Shift from Advisory to Driving Informed Risk Taking

Commonwealth Bank's 2026 AI transparency report, Deloitte's board AI-literacy data and PwC's 2026 AI Performance Study all point the same way: risk teams stuck in a purely advisory role are becoming a competitive liability, not a safeguard. Here's what separates governance that enables from governance that only gates.

Why Standardised AI Risk Assessment Is Critical for Scalable, Responsible AI Use

Grant Thornton's 2026 AI Impact Survey, the AICD/HTI Director's Guide to AI Governance, and a March 2026 Meta AI agent incident all point the same way: organisations scaling AI without a standardised, risk-based assessment framework can't explain or defend their decisions when it matters.

Why Your Organisation Must Own AI Model Risk Management Beyond Traditional Frameworks

Traditional model risk management falls short for AI. Executives and risk managers must recognise AI model risk as a distinct challenge requiring tailored governance, deeper vendor scrutiny, and proactive controls to protect value and trust.

Third-Party AI Dependency Requires Rigorous Risk Management

HM Treasury's move to designate AI providers as UK critical third parties, a German court ruling that made a chatbot's words the company's legal liability, and the Character.AI/Google settlement all show the same pattern: vendor AI risk is now the deploying organisation's problem, not the vendor's. Here's what boards and risk teams need to check before the next case names them instead.

Integrate AI Vendor Change Controls to Prevent Sudden Disruption

When Replit's AI coding agent deleted a live production database mid-project in July 2025, it exposed a gap most vendor risk frameworks miss: ongoing change monitoring, not just onboarding checks. NIST's GOVERN 6.2 and ISACA's 2025 incident review both point to the same fix — treat vendor AI oversight as a standing control, not a one-time sign-off.

Recent posts

Popular categories