IT Governance Vs AI Governance — Which Do You Need and Why?

Many large and well-established companies have formal IT governance structures in place to manage their technology resources and align IT with business objectives. In this article, we will define IT governance and introduce the role of AI governance. We will also discuss the differences and why both are needed for the ethical operations of IT in an AI-centric world.

IT governance

Well-established and compliant companies implement IT governance frameworks to manage their technology effectively, mitigate risks, and ensure that IT investments contribute to their overall business success.

IT governance is about how a company manages its technology to make sure it helps the business succeed and follows the rules. It includes setting up compliance and procedures to ensure that technology projects align with the company’s goals. This means deciding who is directing what, managing risks and compliance, and making sure technology investments are worth it.

There are a few important parts of IT governance.

First, strategic alignment ensures that technology supports the company’s main goals.

Second, risk management means identifying and dealing with potential problems.

Third, resource management focuses on using technology and people efficiently.

Lastly, performance measurement tracks and evaluates how well technology is working.

Good IT governance helps a company make smart decisions about technology and makes sure compliance is in place and everything runs smoothly.

AI governance

AI governance involves creating policies, procedures, and frameworks to manage the use of artificial intelligence (AI) in a way that ensures ethical standards, compliance with regulations, and alignment with organizational goals. As AI technologies become more integral to business operations and daily life, effective AI governance is crucial for managing risks, compliance, and leveraging AI's benefits responsibly.

The role of AI governance is to establish foremost ethical guidelines and compliance for the ethical use of AI. These guidelines may be different in different industries but must encompass transparency, accountability, and fair and unbiased training of the models.

These principles are essential to ensure that AI is used responsibly and ethically with foremost concern for individuals affected. As such, AI governance must embody the following main principles: 

• Transparency and trust: Nothing shatters trust and builds resentment more than secrecy. With AI systems being used to manage human affairs and, in many instances, replace some of the workload, it is important for all stakeholders to know that nothing is being done behind closed doors in any malicious or at least non-benevolent way.

  AI systems should operate in a transparent manner, providing clear explanations of how decisions are made and what data is used. This transparency helps build trust and allows users to understand and scrutinize AI processes.

• Security, privacy, and data protection: Manipulating AI systems may not have to involve changes to the programming, and manipulation can be done via the training space. This gives AI a unique requirement to safeguard not only the code but most importantly, the type and quality of the data being taught to the models.

  This is even more serious when you note that the training space for the models may be personal data with identifiable markers.

• Explainability: Explainability is related to transparency. Since AI is complex and its decision-making processes are not defined in a linear fashion, the organization must be able, at a minimum, to understand its processes and the model training that took place.

• Accountability: Clear lines of accountability should be established for AI systems, including who is responsible for their development, deployment, and outcomes. This ensures that there are mechanisms to address and correct any issues that arise.

• Regulatory compliance: This point may sound much like general IT governance but in this instance, any regulatory or industry standard for the deployment of systems must be adhered to. For example, AI Freedom Alliance has rules governing the creation and viewing of AI-generated content. Recently, there has been talk of states adopting some standards related to such content.

IT governance vs AI governance

The overall scope of IT governance is the information technology resources and their alignment with the organization's objectives. In short, IT governance is the “WHAT.”

AI Governance focuses on something different, the oversight of AI systems. Its primary focus is the ethical and legal challenges of running these systems. In short, AI governance is about the “SHOULD.” Just because we can, should we?

These differences can be shown in the makeup of these boards. An IT governance board is usually made up of: 

• Chief Information Officer (CIO) / VP of Information Systems 

• Chief Financial Officer (CFO)

• Chief Security Officer (CISO)

• Chief Operating Officer (COO), Business Unit leaders 

• Compliance staff 

• Auditors

On the other hand, an AI governance board should be made up of: 

• Chief Data Officer (CDO)

• IT directors and managers

• AI and Modeling Technical Experts

• Specialists in ethical data usage

• Legal experts

• High-level subject matter experts

• External Advisors and perhaps External Reviewers

In summary, IT governance boards typically consist of individuals with expertise in IT management, finance, security, and compliance, focusing on the broad spectrum of IT systems and operations. AI governance boards, on the other hand, include specialists in AI technologies, data management, ethics, and legal compliance, addressing the unique challenges associated with artificial intelligence.

This is reflective of the different missions of the different governance bodies. IT governance is about building capacity and business alignment in a scalable way. AI governance is essential for managing the complexities and risks associated with artificial intelligence. It helps ensure that AI systems are used ethically, transparently, and responsibly, aligning with legal requirements and organizational goals while managing risks and building trust among users and stakeholders.

Every established organization with an IT governance board should be looking at establishing an AI governance board if it does not have one. And every organization must constantly be asking itself, “Just because we can, should we?”

About the Authors

Angelo Mazzocco is VP of Advisory Services at AVAAP, an industry-focused technology management and advisory services partner known for delivering strategic technology solutions and exceptional customer experiences.

He is an accomplished information and technology executive encompassing more than 32 years of leadership in multiple industries. Prior to AVAAP, Mazzocco was President of 3SG Plus; the Chief Information Officer of Central Ohio Primary Care; President of Pillar Technology Group; Chief Information Officer of Progressive Medical; VP and Chief Information Officer of The Dispatch Printing Company and Affiliates; and he held significant roles with Andersen Consulting (now called Accenture), NCGroup/CompuCom, Nationwide Insurance, and NCR.

Mazzocco has served as an adjunct faculty member of the Ohio State University and Otterbein University. He also served on the boards of Gladden Community Settlement House, American Heart Association, Quick Solutions, Navigator Management Partners, GroundWork group, Pillar, and Technology Advisory Board of OCLC. He and his teams have been the recipient of many awards, including Technology Innovation Team and Service Provider of the Year, Executive of the Year, Large Technology Team of the Year, Technology Service Provider of the Year, ComSpark Tech Power Award, among others.

John Farhat has been active in the IT industry for over three decades. He currently serves as CEO of the family office overseeing technology assets. These include Cybersecurity and IT Management under the Mission Control IT Services brand, Custom Phone Systems under the Loquantur brand, as well as Advisory/Client Representation services through Farhat Services Company.

As a serial entrepreneur, Farhat is also involved with a number of startups in the fintech and agricultural sectors. Outside of his work, he has helped found the AI Freedom Alliance as a grassroots group of multi-disciplinary smaller and medium companies focused on AI governance.