Public company boards are accelerating their focus on AI, and governance expectations are evolving with them. Findings from the CAQ show 90 percent of S&P 500 companies mentioned AI-related information in their 2024 10-K. As adoption of the technology continues, investors and regulators are paying closer attention to how oversight is structured—with audit committees often at the center.
Establishing strong governance is foundational to implementing AI systems that stakeholders can trust, especially in a technology landscape that continues to rapidly evolve. Audit committees play an important role in this process as part of their broader risk oversight responsibilities.
Frameworks such as KPMG’s AI Governance Principles for Boards and NASDAQ’s From Awareness to Data Stewardship: Building Trustworthy Foundations for AI provide guidance for boards and audit committees looking to strengthen oversight of the technology.
Here are the top three considerations:
1. Integrate AI into existing oversight frameworks
Public companies are using AI in a variety of ways, including enhancing internal processes, financial reporting and customer experiences. Given AI’s wide range of use cases and potential risks to company operations, it’s important that oversight is embedded within existing enterprise risk management and internal control frameworks, not defined as a separate technology initiative.
As governance frameworks are being developed, many companies assign AI oversight to the audit committee. To enhance these responsibilities, committees should confirm that AI-related risks, including bias, model drift, data leakage and cybersecurity, are incorporated into enterprise risk reporting, and that escalation procedures exist for material AI-related events.
2. Treat data stewardship as a foundation
Because AI technologies, particularly generative AI, are trained on large datasets to identify patterns, structures and representations, companies must ensure that data used in these systems is properly governed and controlled. Data stewardship is foundational to trustworthy AI, establishing clear accountability and controls over how the data is managed and used.
This also plays a role in whether the technology delivers reliable insights or introduces significant risks. Without oversight, AI outputs might be biased, fabricated or expose sensitive information that erodes stakeholder trust.
For audit committees, this means asking management about current data governance policies, whether they extend across the vendor and partner supply chain, and how risks tied to data are being identified and managed. Strong data governance and controls enable AI systems to scale with confidence.
3. Move from AI ambition to AI accountability
Investors are not solely focused on AI’s potential; they increasingly want to understand how it’s being executed and who is accountable. It’s important for companies to demonstrate that AI deployments are tied to strategic priorities and deliver measurable returns, and audit committees play a key role in overseeing these disclosures.
Audit committees should challenge management to demonstrate alignment between AI initiatives, risk appetite and measurable value creation. This includes pushing for concrete metrics on AI performance, ensuring public disclosures are accurate and substantiated, and asking whether controls over AI-related disclosures have been independently reviewed. Showing investors not only how AI is being integrated, but how its risks are being effectively managed, will be critical to building long-term confidence.
The Oversight Requirement
AI governance is an increasingly important agenda item for boards and audit committees. As investors monitor how companies implement AI systems, manage associated risks and communicate its impact, audit committees can help ensure reliable disclosures that build trust in the technology and support innovation. For more information on audit committee oversight in the age of AI, visit the CAQ.
