With 85% of enterprises reporting that artificial intelligence (AI) is now central to their business strategy, deployed across multiple functions or embedded in core operations, new research from Optro (formerly AuditBoard) reveals a deeply concerning structural mismatch at the heart of enterprise AI governance. According to the study, governance frameworks originally designed to oversee technology systems are now being applied to human behaviour, creating gaps that leave the most significant AI risk surface in organisations largely unmanaged.
The findings from Optro’s 2026 Risk Intelligence Report, “The AI Oversight Gap: Adoption is Scaling. Governance Controls Aren’t,” suggest that while enterprises are accelerating AI adoption, their greatest risk exposure does not lie in the models powering AI systems but in how employees interact with them. More than a third of respondents (34%) cited staff inputting sensitive data into AI tools as the primary driver of risky AI-usage behaviour. A further 21% cited insufficient employee training rather than malicious intent, while another 21% highlighted the pressure to move quickly as a major contributor to unsafe AI use.
This behavioural risk is compounded by structural fragmentation in governance. Responsibility for AI oversight is spread widely across organisations, meaning no single function has clear ownership. The IT department holds the largest share of responsibility at just 25%, followed by risk management at 18%, cross-functional governance arrangements at 17%, and dedicated AI governance teams at only 10%.
The diffusion of ownership carries through to incident response. When AI-related issues arise, responsibility is shared between risk, compliance and internal audit functions (29%), executive leadership (27%), and IT and engineering teams (24%), with the remainder distributed across other departments. Even the authority to shut down an AI system is spread across multiple functions, including leadership, risk, IT, compliance and security, leaving many organisations without a clearly defined operational “kill switch”.
The severity of this governance divide is becoming increasingly significant as AI incidents continue to rise. Over the past 12 months, 40% of organisations reported inaccurate AI outputs, while 33% experienced policy violations, and 28% received customer complaints linked to AI systems.
“AI adoption is moving faster than many organisations’ ability to fully understand and govern how it’s being used,” said Kristin Colburn, Leader of Data and AI Governance at Dayforce. “To keep pace, governance needs to evolve from reactive and become proactive oversight to a continuous, integrated capability that helps organisations better understand AI use across the enterprise and manage the risks that come with it.”
Despite these challenges, the research offers reason for optimism. Nearly three-quarters of respondents expect their governance, risk and compliance technology budgets to increase over the coming year, with top investment priorities including AI governance solutions (43%), regulatory compliance tools (41%), and upgrades to existing GRC platforms (38%).
The report also highlights what organisations view as the most valuable capabilities in future AI governance solutions, including integration with GRC platforms, automated risk assessments, regulatory mapping and tracking, and third-party AI assessments.
“Governance should not be viewed as a barrier to innovation, but as foundational for enabling organisations to deploy high-integrity AI,” said Guru Sethupathy, GM of AI Governance at Optro. “Our research shows when monitoring and oversight are integrated into the AI lifecycle, organisations move faster and more securely. As agents increasingly perform complex tasks, the core work of the organisation becomes the oversight and governance of those AI agents.”
To download the full research, please visit: https://optro.ai/resources/ebook/the-ai-oversight-gap-adoption-is-scaling-governance-controls-arent
gulfnewsbusiness.com 
Leave a comment