Artificial intelligence has moved from side experiments to the core of enterprise operations, reshaping decisions, workflows, and customer interactions. The next wave—agentic AI—goes further, acting on behalf of employees and orchestrating processes end-to-end.
“AI presents enormous opportunity, but it also carries real risks,” says Paul McCombs, a digital transformation leader with experience guiding global enterprises. “Without governance, AI can quickly become fragmented and costly.”
McCombs argues that AI governance is not about bureaucracy. Instead, it ensures that AI aligns with enterprise value, ethics, and regulation while enabling scale, cost control, and trust. “It’s about embedding oversight into the structures companies already use for finance, risk, and compliance,” he explains. “Done right, governance enables responsible innovation and converts risk into trust.”
Start with Principles
According to McCombs, the north star of governance isn’t technology, it’s principles. “Leaders must define why and how they will use AI before they choose tools,” he says. His guiding principles are simple:
- AI should augment, not replace, employees
- Outcomes must avoid bias and reflect company values
- AI use must be transparent and accountable
“These principles ensure consistency and provide a foundation for decision-making as AI evolves,” McCombs notes.
Protect the Crown Jewels – Data
If AI runs on data, then data governance is inseparable from AI governance. McCombs emphasizes the need to guard information relentlessly. “Never allow sensitive data into unmanaged tools, ensure compliance with laws like GDPR and CCPA, and demand explainability so outputs can be trusted,” he says. “Data is the crown jewel of the enterprise and protecting it is the foundation of responsible AI.”
Tailor Governance and Manage Risk
McCombs warns against one-size-fits-all models. “Different categories of AI carry different risks,” he explains. Vendor-supplied AI, like SAP or Salesforce, typically comes with built-in controls. “Here, the focus should be on business case and ROI,” he says. Custom AI solutions require stricter IT oversight and must deliver measurable outcomes. And personal productivity tools, such as Microsoft Copilot or ChatGPT, pose the highest risk because they depend on individual behavior. “These need guardrails—training, policies, and restrictions to sanctioned platforms,” McCombs stresses.
He recommends a tiered approach to keep controls proportionate. Enterprise-embedded AI can be governed through vendor oversight and enterprise policies. Custom solutions demand strict IT and data controls, sometimes even board-level attention. Personal or departmental tools should be managed with training and approval processes. “Blanket restrictions slow innovation,” he notes. “Tiered controls provide balance, protecting the enterprise while still encouraging innovation.”
Use Existing Oversight Structures
Effective governance doesn’t require new committees. “Creating silos makes oversight harder,” McCombs cautions. Instead, he advises embedding AI into existing processes: route spending through investment oversight, integrate AI into cybersecurity frameworks, and make business leaders accountable for use in their domains. “A single enterprise AI policy can reinforce these structures and keep things consistent across the organization,” he adds.
Culture as the Differentiator
Governance depends on culture as much as on rules. Employees need training to use new systems responsibly, leaders must keep human oversight in place for decisions with significant consequences, and organizations should encourage feedback so problems are identified early. The outcome is not only compliance but also trust, both within the workforce and with external stakeholders.
Turning Risk Into Advantage
Looking ahead, McCombs sees the rise of more autonomous digital systems that can manage workflows from start to finish. These tools can unlock major efficiencies, yet they also bring cost, compliance, and reputational risks if left unchecked. “With disciplined oversight, autonomy becomes advantage,” he says. “Without it, enterprises risk losing control.”
A Strategic Enabler for the Future
For McCombs, AI governance is not a compliance exercise, it’s a strategic enabler. “Just as financial governance ensures capital creates value without hidden liabilities, AI governance ensures artificial intelligence delivers measurable returns without compromising trust, ethics, or compliance,” he explains.
Looking ahead, McCombs sees agentic AI as the biggest test. “These systems can create enormous value, but only if governed with discipline, clear business cases, and ongoing ROI monitoring,” he says.“Without oversight, agentic AI can become a runaway cost center. With it, enterprises can turn autonomy into sustained competitive advantage.” His message for executives is clear: “Every enterprise is adopting AI. The winners won’t be those that experiment the most, but those that govern it best, turning risk into trust and experimentation into enduring value.”
To continue the conversation on governance, transformation, and building enterprise value, connect with Paul McCombs on LinkedIn.
