AI governance operating models and framework

Authored by Aparupa Bhattacharya, Harish Patel, Vivian Monitto, Ray Tse, and Kristin Guzak

Leaders are faced with the daunting likelihood that Generative AI (GenAI) will reshape the structure and function of organizations, teams, and the very work they do. Below are three near-term considerations for making decisions responsibly regarding GenAI, preparing your organization for GenAI, and collaborating with operational functions to drive an organization’s GenAI ambition—whether that affects the individual (the worker), the functional (the team or capability), or the enterprise (the organization) levels or, as is likely, all three.

1. Set the foundation with decision-making clarity

Why is a clear GenAI governance model important, and how can it be established?

Defining a GenAI governance model is crucial for responsibly harnessing the transformative power of GenAI, protecting against organizational risks, and driving decision-making clarity. This framework for decision-making must establish guardrails guiding the organization’s responsible use of GenAI through methodologies, processes, and accountability. GenAI risks can manifest in many forms, such as compliance violations and lawsuits, reputational or brand risks, security challenges, and loss of business and employees. Establishing a multilevel, cross-functional governance model can help mitigate these risks, involving parties across functions to drive GenAI-related innovation while protecting the organization. The following are initial steps for establishing this model:

• Create a core governing body, including an ultimate decision-maker for the organization’s GenAI agenda and key leaders across various functions to provide expertise on business impacts, priorities, legal/compliance considerations, and technology.
• Align leaders on goals, strategies, and guardrails for the use of GenAI within the organization.
• Establish a charter for the anticipated layers within the GenAI governance model, including roles and membership; accountabilities and authority; clear objectives of the leadership team; and meeting cadence across multidisciplinary teams.
• Once chartered, convene trusted operators with deep functional knowledge in multidisciplinary teams (for example, functional, technical, legal, change, or security) to activate the GenAI agenda within the established guardrails.

For organizations using GenAI at scale, creating a cross-functional GenAI center of excellence (COE) to supplement the governance model with central management and execution support can enable greater coordination and prioritization. This team should play a critical role working with executive leadership, business units, functions, and teams in decision-making.

Click image to enlarge

As an example, recently, a health plan organization developed an AI governance council . Its structure design was based on its existing organization functions, ensuring all members (technical, functional, risk, and legal) were involved to determine the impacts of GenAI. The council’s roles, responsibilities, and decision rights were outlined by an AI governance charter. Ultimately, it developed a blueprint of a GenAI program allowing for trusted, enterprisewide, and scalable AI governance practices, enabling AI innovation.

Who owns GenAI decisions, and how are they made?

Given the impacts on existing technology infrastructure (that is, data platform) and capabilities (that is, artificial intelligence), and the near-term potential for enterprisewide technology investments, there is a case for existing technology functions reporting up to the chief information officer (CIO) and/or chief data or digital officer (CDO), or possibly a chief strategy or transformation officer to own GenAI within an organization. This owner should collaborate with the identified core governing body when making decisions and maintaining alignment and compliance with the charter.

Decision rights, however, should be collaborative to bring the right leaders into innovative/strategic, compliant, and operational decisions. The GenAI owner should be ultimately accountable for many innovative strategic decisions (for example, vision or goals). The core governing body is likely best positioned to own the strategic business decisions and approvals (for example, prioritization, managing risks, and investments). Multidisciplinary teams may focus on operational decisions (for example, quality control). In the absence of a COE and depending on the nature of a decision (that is, solution development owned by IT), standardization decisions can be distributed to appropriate teams based on function and capabilities.

In addition to establishing a GenAI governance model, what safeguards are needed to enable Trustworthy AI?

We think about responsible and equitable AI in terms of Deloitte’s Trustworthy AI™ framework. Specific safeguards to drive Trustworthy AI include:

• AI education: Educate leaders and staff about what AI is, how it will be used, what safeguards are in place, and how it can benefit them.
• Leadership messaging: “Trustworthy AI” begins with a C-suite (for example, CDO, CIO, or chief risk officer) that promotes a culture of activating AI through safeguards that mitigate risks to organizations, their people, and their customers.
• Regular assessments: Internal assessments determine adherence to AI ethics and can be used to determine areas of improvement across the organization and performance indicators for responsible, effective, and efficient AI usage.
• Conduct postmortem “AI impact assessments”: Identifying organizational areas where AI will have an outsized impact can drive equitable AI use and foster an open dialogue where responsible AI use is needed most.
   

2. Build the environment starting with core capabilities

What capabilities does the organization need to deliver business value from GenAI?

Organizations can choose to build (in-house), buy (third-party vendor), or borrow (outsourcing) new capabilities to drive value from GenAI. Organizations need skills across functional, technical, risk management, and leadership domains to plan and deliver on GenAI priorities. Specific skills and capabilities include:

• Functional: Deep functional and domain knowledge in areas such as (but not limited to) information technology, operations, and research and development.
• Technical: Core data analytics, machine learning capabilities, and deep learning capabilities will be required of AI staff to drive specific GenAI algorithm creation.
• Risk management: Effective risk monitoring and escalation can support organizational compliance with government and AI regulation.
• Leadership: Effective decision-making and communication promotes alignment with the vision, values, and guidelines set out as part of the GenAI agenda. Leaders will also need to demonstrate advanced agility, willingness to experiment, systems thinking, collaborative decision-making, and stewardship of their organizations.

How do we prepare people for GenAI?

Trustworthy AI begins at the top. Leaders should take into consideration and mitigate increased uncertainty of the unknown among employees by preparing the workforce in the following ways:

• Align with and involve leaders on identifying the GenAI use case(s) and developing key messages to gain buy-in.
• Clarify the AI governance model for the organization to understand their role.
• Inform the workforce on the vision for GenAI use at the organization, the safeguards that are put in place, and the benefits they hope to achieve.
• Communicate updates and milestones consistently and continuously, and provide opportunities to engage in the GenAI activation process to help foster a culture of trust.
• Upskill the workforce to enable the acquisition of new skills as business opportunities are identified for GenAI.

As an electrical utility company developed its GenAI strategy , it wanted to help its people better understand GenAI and identify roles and skills required to accelerate the company’s strategy. The change management and communications strategy needed to align leadership on the GenAI agenda and build awareness among impacted employees for implementing GenAI. Critical roles and skills were defined to operationalize and scale GenAI solutions, as well as inform the talent strategy. Overall, the company found by preparing ahead of time, it was set to promote value realization of AI solutions as the technology evolves and proliferates across the enterprise, putting both AI literacy and building a future-ready workforce with enduring human capabilities at the center.
 

3. Drive the impact through the business

How does the AI organization work with the business to implement AI and advance business priorities?

The GenAI governance model and a GenAI COE should be established to help ensure care and consistency as these innovative technologies are introduced and integrated into work. However, a business-led GenAI approach with the following characteristics may best enable GenAI impact across the organization:

• Business/functional experts work with individuals executing the day-to-day processes to identify areas where GenAI can accelerate the work, redesign workflows, and identify corresponding impacts.
• Business/functional leaders collaborate with technical leaders to develop GenAI solutions that solve priority pain points identified by the team on the ground.
• Business/functional leaders work with the GenAI COE (if established) to bring together additional advisers, including technology/digital, change management, risk, and security to plan and drive implementation, adoption, and value realization.
• Individual workers’ capabilities are augmented by GenAI by reducing administrative burden from their daily work, freeing time to focus on achieving business priorities through strategic work.
   

The path forward

The role of GenAI in organizations will continue to evolve, challenging organizations to adapt and innovate rapidly. As leaders feel urgency to implement innovative GenAI strategies, establishing a governance model and future-focused core capabilities with a business-led approach will help create the guardrails to mitigate near-term risk. Organizations will be set up for longer-term success by putting these elements in place quickly, while continuing to shift their operating models and organizational structures to account for newly emerging capabilities.
 

Authors:

• Aparupa Bhattacharya
• Harish Patel
• Vivian Monitto
• Ray Tse
• Kristin Guzak