AI Governance & Risk for Boards
No code. No demos. The five audit-committee questions. The framework landscape (NIST, ISO 42001, EU AI Act, GCC). The six-category risk taxonomy. The one-page board pack with eight numbers and four narratives. Vendor risk and the six contract clauses. The four-phase incident response. The board's own AI competence. And a one-page governance charter your board can formally adopt at the next meeting.
8
Chapters
~55 min
Duration
Intermediate
Level
No
Certification
Course Content
What boards should ask about AI
The five questions every audit committee agenda should carry — and three failure modes to recognise before the incident.
The framework landscape
NIST · ISO 42001 · EU AI Act · GCC frameworks — what each expects, and five ISO clauses for the board agenda.
The AI risk taxonomy
Six categories: model · bias · data · vendor · operational · reputational. One sharp question per category.
Reporting & metrics
One page. Eight numbers. Four narratives. Trended over four quarters. The discipline of absence.
Vendor and third-party AI risk
Five vendor risks. Six contract clauses to confirm annually. The board question that surfaces gaps fastest.
Incident response
Five incident shapes — loud and quiet. The four-phase response. Five board-only actions only the board can take.
The board's own AI competence
Why AI is now material to director duty. Four moves to build board competence — without becoming engineers.
Capstone — Your AI governance charter on one page
Five sections. One page. Formally ratifiable. The three-meeting adoption sequence: audit committee, full board, ratify.