AI Governance Is Not Just an IT Problem
Blog post description.
6/10/20261 min read
AI Governance Is Not Just an IT Problem
Part 3 of a 7-Part Series on Corporate Boards and AI Governance
About This Series
This article is part of a 7-part series on Corporate Boards and AI Governance by Angeli Raven Fitch, Attorney, Speaker, and AI Legal Strategist.
As I work with organizations, law firms, executives, and business leaders on AI governance and risk management, I continue to hear the same response when AI governance comes up:
"Let's have IT handle it."
That response worries me.
Not because IT isn't important.
But because AI governance is far too important to leave solely to IT.
The Most Common Boardroom Mistake
💻 Artificial intelligence often enters organizations through technology.
That does not mean AI governance belongs exclusively to technology teams.
Many directors hear "AI" and immediately think:
Software
Infrastructure
Security
Technology implementation
Those are certainly part of the conversation.
The problem is that AI affects much more than technology.
AI influences decisions.
AI influences people.
AI influences risk.
AI influences trust.
And those issues have always been the responsibility of leadership and governance.
The California Boardroom Reality
In California, directors do not have a fiduciary duty to understand every line of computer code.
They do, however, have fiduciary duties to oversee the corporation and act in its best interests.
Two core fiduciary duties often discussed are:
⚖️ Duty of Care
⚖️ Duty of Loyalty
The Duty of Care generally requires directors to make informed decisions and exercise reasonable oversight.
The Duty of Loyalty generally requires directors to act in the best interests of the corporation and its shareholders rather than their own personal interests.
California corporate governance obligations are primarily found in the California Corporations Code, particularly for California corporations, and directors are generally expected to exercise oversight consistent with their fiduciary responsibilities.
What does that have to do with AI?
Potentially quite a bit.
If AI becomes a significant operational, compliance, cybersecurity, employment, privacy, financial, or reputational risk, then boards should be asking whether they have adequate oversight mechanisms in place.
Simply saying "IT handles that" may not be enough.
🎭 Why AI Doesn't Fit Neatly Into One Department
Let's look at a few examples.
Suppose HR uses AI to screen applicants.
Is that an IT issue?
Partly.
But it is also an employment issue.
A compliance issue.
A discrimination issue.
A reputational issue.
Now suppose marketing uses AI to create content.
Is that an IT issue?
Partly.
But it is also a branding issue.
A customer trust issue.
A legal issue.
A business risk issue.
Or imagine finance using AI to generate forecasts.
Now we are talking about:
📊 Financial reporting
📈 Strategic planning
💰 Investor expectations
⚖️ Governance oversight
The point is simple.
AI rarely stays in one lane.
That's why treating it as a technology-only problem creates dangerous blind spots.
🚨 The Board Doesn't Need to Be Technical
This is where many directors get stuck.
The moment AI enters the conversation, some assume they need to become technology experts.
That's not realistic.
And it's not required.
Boards don't need to know how large language models are trained.
They don't need to understand neural network architecture.
They don't need to become data scientists.
What they do need is enough knowledge to ask intelligent questions.
Good governance has never required directors to be experts in everything.
It requires them to exercise informed oversight.
Questions Directors Should Be Asking
Instead of asking:
"Is IT managing AI?"
Consider asking:
❓ What business functions are using AI?
❓ What decisions are being influenced by AI?
❓ What risks have been identified?
❓ What policies govern AI use?
❓ Who owns AI governance?
❓ How is AI risk reported to the board?
❓ What training has leadership received?
❓ What happens when AI makes a mistake?
Those questions move the conversation from technology to governance.
And that is where boards need to be focused.
🧨 The Real Risk Isn't Technology
I would argue that the biggest AI risk facing many organizations isn't the technology itself.
It's organizational fragmentation.
When AI lives only in IT, important conversations never happen.
Legal may not know what HR is doing.
HR may not know what marketing is doing.
Marketing may not know what finance is doing.
Finance may not know what customer service is doing.
Everyone assumes someone else is paying attention.
That assumption can become very expensive.
What Good AI Governance Looks Like
Strong organizations recognize that AI governance is cross-functional.
It involves:
🛡️ IT and cybersecurity
⚖️ Legal and compliance
📊 Risk management
👥 Human resources
📣 Marketing and communications
💰 Finance
🏛️ Executive leadership
📋 Board oversight
The goal is not bureaucracy.
The goal is accountability.
Someone should know:
What AI tools are being used
What data is being processed
What risks exist
What controls are in place
Who is responsible
Without that visibility, governance becomes guesswork.
🎯 Practical Next Steps for Directors
If AI governance currently sits only with IT, consider asking management to:
✅ Create a cross-functional AI governance team
✅ Inventory AI tools being used across the organization
✅ Establish AI governance policies
✅ Define ownership and accountability
✅ Create regular board reporting
✅ Train leadership on AI-related risks
Most importantly, move AI governance out of a single department and into an enterprise-wide governance framework.
Final Thought
Technology may introduce AI into an organization.
Governance determines whether that AI is used responsibly.
Boards that treat AI solely as an IT issue risk missing the bigger picture.
AI affects people.
AI affects decisions.
AI affects trust.
And trust has always been a board-level responsibility.
The most effective boards won't ask whether IT has AI under control.
They'll ask whether the organization has AI under control.
There is a significant difference.
Next in the Series
The Data Problem Boards Keep Ignoring
About Angeli Raven Fitch
Angeli Raven Fitch is an attorney, speaker, and AI Legal Strategist who helps organizations, law firms, executives, and business leaders navigate the opportunities and risks of artificial intelligence. Her work focuses on AI governance, ethics, compliance, risk management, and responsible AI adoption.
Her mission is simple: help leaders embrace innovation without losing sight of accountability, trust, and good governance.
🔗 Connect with Angeli Raven Fitch on LinkedIn for insights on AI governance, legal ethics, emerging technology, and the future of responsible AI.
🔔✨ Follow me for more legal AI insights and courtroom chaos.
📝 Legal stuff: This article is provided for informational purposes only and does not constitute legal advice or create an attorney-client relationship.