New Research Finds Only 25 Percent of Organizations Report a Fully Implemented AI Governance Program

Report reveals that while the majority of companies are leveraging AI, governance continues to lag, leaving them vulnerable.

LOS ANGELES, July 30, 2025 /PRNewswire/ -- AuditBoard, the AI-powered global platform for connected risk transforming audit, risk, and compliance, today announced the findings of its latest research into how global risk teams are navigating the dawning era of ubiquitous artificial intelligence (AI) technology. Key findings in the report From blueprint to reality: Execute effective AI governance in a volatile landscape reveal that while many companies have drafted policies, few have embedded AI governance into their organizations' operational fabric, leaving them susceptible to unforeseen risks.

Organizations across industry sectors are racing to integrate generative and machine learning tools into their core business processes, seeking productivity gains and competitive advantages. But this momentum has triggered a parallel challenge: managing the associated risks. The resulting policy-practice gap is emerging as a new risk frontier, rooted in executional uncertainty, cultural fragmentation, and misaligned ownership. To gain a clearer picture of the challenges inherent in that gap, AuditBoard, in partnership with Panterra Research, surveyed over 400 GRC and audit professionals across the United States, Canada, Germany, and the United Kingdom, finding:

• Overconfidence, in this context, becomes a risk in itself: While 92 percent of respondents said they are confident in their visibility into third-party AI use, only two-thirds of organizations report conducting formal, AI-specific risk assessments for third-party models or vendors. That leaves roughly one in three firms relying on external AI systems without a clear understanding of the risks they may pose. When companies assume they have control, they're less likely to invest in proactive auditing, centralized model inventories, or employee education. And when vulnerabilities surface, they're often caught off guard, leading to downstream consequences.
  
  
• Policies are not enough: 86 percent of respondents said their organization is aware of upcoming AI regulations and those already in force. However, only 25 percent of respondents said they have a fully implemented AI governance program. Many have policies in place or in development, but few have made the leap from documentation to disciplined execution.
  
  
• Barriers to AI governance are cultural, not technical: Respondents identified the leading obstacles to AI governance as lack of clear ownership (44 percent), insufficient internal expertise (39 percent), and resource constraints (34 percent). Fewer than 15% said the main problem was a lack of tools. Policy tells the organization what should happen, but culture and structure determine whether it happens.

"This report validates the critical need for a more integrated, operational approach to AI risk," said Michael Rasmussen, CEO of GRC Report. "AuditBoard's expertise in aligning audit, risk, and compliance functions makes them well-equipped to provide the framework and tools necessary for companies to move from policy creation to impactful AI governance."

"AI governance today is a test of execution, not awareness," said Rich Marcus, Chief Information Security Officer at AuditBoard. "This report confirms that the most persistent AI governance challenges are clarity, ownership, and alignment. Organizations that treat governance as a core capability, not a compliance box-checking exercise, will be better positioned to manage risk, build trust, and respond to a rapidly evolving regulatory landscape."

In recognition of security professionals who adopt modern AI risk postures, AuditBoard released a roundup of the top Chief Information Security Officers leading the way with AI governance and security practices to power some of the most innovative companies. The list includes Comcast's Noopur Davis, RiskImmune's Dr. Magda Chelly, Amazon's CJ Moses, and more. Read the full list here.

To learn more about strategically embedding AI policies into your organization's infrastructure, read the full report here.

About AuditBoard
AuditBoard's mission is to be the category-defining global platform for connected risk, elevating our customers through innovation. More than 50% of the Fortune 500 trust AuditBoard to transform their audit, risk, and compliance management. AuditBoard is top-rated by customers on G2, Capterra, and Gartner Peer Insights, and was recently ranked for the sixth year in a row as one of the fastest-growing technology companies in North America by Deloitte.

Contact:
Laura Groshans
press@auditboard.com

View original content to download multimedia:https://www.prnewswire.com/news-releases/new-research-finds-only-25-percent-of-organizations-report-a-fully-implemented-ai-governance-program-302517095.html

SOURCE AuditBoard, Inc