Defined term
AI governance
Policies, processes, and controls that make an AI system auditable and accountable.
AI governance covers the operational practices that let leaders defend an AI workflow to risk officers, auditors, and customers: approved data sources, prompt versioning, logging, reviewer queues, model risk assessment, fallback paths, and named owners for high-risk decisions. We use NIST AI RMF and OECD AI Principles as reference frameworks.
When it matters
When the workflow touches regulated data, money, or customers, governance is non-negotiable. Even for internal tools, governance prevents the 'shadow AI' problem where 50 teams ship 50 unreviewed prompts.
Real example
A risk-compliance engagement with a quarterly attestation pack: every prompt version deployed that quarter, every reviewer action sampled, every model upgrade and its eval delta, signed off by the head of risk. Built from the audit log, assembled in 1 day.
KPIs to watch
Attestation cycle time (<5 days from quarter-end), audit log completeness (100% required), policy violation incidents per quarter (target: 0).
Reference: NIST AI Risk Management Framework
Related terms
NIST AI RMF
U.S. NIST's voluntary framework for managing risks in AI systems across the lifecycle.
Model card
Documentation describing a model's intended use, limitations, evaluation, and risks.
Audit log
Tamper-evident record of every model input, output, version, and reviewer action.
Grounding
Anchoring model output to verifiable source material to reduce hallucination.
See it in action
We use this every week
Book a 30-min call and we'll walk you through how AI governance shows up in a real engagement we're running.
Book a 30-min call