The Six Core Skill Domains of AI Governance

Context For the mid-career professional, the field of AI governance can appear opaque, often obscured by technical jargon and rapid regulatory changes. However, when viewed through the lens of traditional risk management, the requirements become clear. This article deconstructs the vague concept of ‘governance’ into six tangible skill domains. Whether you are looking to pivot your career into AI oversight or are building a team to manage these risks, understanding this breadth of necessary skills is the first step toward competence. ...

December 6, 2025 Â· 5 min

Outdated Risk Management Frameworks Face Growing Criticism - Tech News

Forrester Research challenges the Three Lines of Defence (3LOD) model twenty years on. The research firm writes that the three lines of defence is outdated: built for SoX, 3LOD hasn’t been reconsidered in two decades, and it’s time for a change. The three lines of defense (3LOD) concept was initially developed as a corporate governance framework to implement segregation of duties requirements under the 2002 Sarbanes-Oxley Act. […] But as anyone who has tried to implement it as a foundation for enterprise risk management will tell you, the 3LOD is not a model for managing risk. Instead, it defines, with ample rigidity, the roles required to comply with segregation of duties requirements. This division is conceptually simple but does not match the operating model at most organizations. Forrester ...

December 8, 2024 Â· 1 min Â· Graeme

AI Governance and the Three Lines of Defence

Context For mid-career professionals in risk, audit, or management, the rapid adoption of Artificial Intelligence presents a specific challenge: how to apply established governance principles to a non-deterministic technology. This note outlines where AI sits within the standard Three Lines of Defence model, helping you position your skills and oversight responsibilities effectively. Defining AI Governance AI Governance is simply the framework of accountability, authority, and control that ensures automated systems are used responsibly. It is the mechanism by which an organisation retains meaningful control over its technology. ...

4 min

AI Governance as a Discipline - Career Pathways and Competencies

Context For the mid-career professional in audit, risk, or IT, the rise of artificial intelligence presents a distinct bifurcation in career trajectories. You do not need to become a data scientist to remain relevant, but you cannot afford to remain illiterate in the mechanics of automated decision-making. This article outlines how to pivot existing your ‘Lines of Defence’ experience into the emerging discipline of AI Governance. The Emergence of a Distinct Discipline AI Governance is rapidly decoupling from general IT governance and data protection. While it shares DNA with these fields, it addresses a specific convergence of risks that traditional frameworks struggle to contain: algorithmic bias, non-deterministic outputs, and the opacity of ‘black box’ decision-making. ...

5 min

Debiasing - Reduce Cognitive Bias for Better Risk Forecasting

Risk management failures often stem from flawed thinking. History is full of examples where cognitive biases led to catastrophic misjudgements. For example, during the 2008 financial crisis, confirmation bias led many investors and financial institutions to downplay warning signs of an unsustainable housing bubble, focusing only on data that supported continued growth while dismissing contradictory evidence. Similarly, overconfidence bias contributed to excessive risk-taking at firms like Lehman Brothers, where executives underestimated exposure to market downturns. ...

2 min