AI Governance is an “Organizational” Issue, Not an “AI” One
AI governance is beginning to be cited as a source of competitive advantage. An article in Forbes JAPAN pointed out the need for an organizational foundation to use AI effectively and ethically. Meanwhile, Yahoo! News reported on a very familiar information leak risk: staff at a TV program production site posting filming content on social media. At first glance, these two news stories seem to be on different levels, but from my experience supporting over 38 companies, I see the same “essence.” It is that the structure of an organization that “uses” new technologies or media becomes the decisive factor in creating risk or creating value.
Do not trivialize AI governance as merely “creating a rulebook about AI.” That leads to the same structural failure as creating social media usage rules only to have on-site staff ignore them and post anyway. The essence lies not in the technology or rules themselves, but in the “organizational design” of how to integrate them into daily decision-making and transform behavior. As an SME owner, you now have a perfect opportunity to redesign your company’s “ability to use” before introducing expensive AI tools.
The Common Disease of “Organizational Disconnect” Revealed by Two Incidents
Let’s refer to another piece of news. Reports that the University of Tokyo is embarking on governance reform following a bribery case involving a professor in its medical graduate school. A scandal in one department of a massive university organization. This, too, can be said to be an accident born from a disconnect between “head office rules” and “on-site reality.”
The social media leak in TV production, the university bribery, and the misuse of AI. What these have in common is a state where the flow of decision-making and information is disconnected between “the on-site staff who know the technology and operations” and “the management departments that think about control and rules.” In terms of AI governance, this corresponds to the confrontational dynamic between “employees who actually use AI on the front lines” and “legal/management concerned about risks.” Unless this disconnect is resolved, no matter how splendid the governance policy, it will be seen as a “nuisance rule” on the front lines, ignored, or rendered a mere formality.
Are You Involving the “Users” in the Design?
A common failure in many organizations is excluding the very parties who most frequently “use” the technology from the governance (rules and structure) design process. Did the directors and staff at the TV production site receive training on social media risks? Or did the rule-makers understand the psychology of “feeling tempted to post” or the work pressures they face?
The exact same thing can happen with AI introduction. The sales department independently introduces a convenient AI tool and inputs customer data. The legal department later points out the risk and issues a ban. This only makes the front lines feel that “management is holding us back,” leaving behind nothing but distrust. When Georg Kell, founder of the UNGC (UN Global Compact), emphasizes the importance of “corporate AI use and governance,” the underlying challenge is how to integrate “utilization” and “control” as a single process.
“Integrated” AI Governance Design That SMEs Should Start Now
So, how can SMEs with limited management resources prevent this disconnect and turn AI into a source of competitive advantage? They cannot build extensive governance systems like large corporations. Instead, they can leverage their agile organizational size for a different approach.
Specific Action 1: Change Governance from a “Prohibition List” to a “Design Workshop”
First, stop starting by creating a list of prohibitions like an “AI Usage Policy.” Instead, hold a small workshop bringing together the following three parties:
- Front-line employees who will actually use the AI (e.g., sales, marketing, development)
- Employees with a risk management perspective (e.g., general affairs manager, accounting)
- The final decision-maker (owner or department head)
What should be discussed here is not “rules,” but the concrete design of “how can we use this AI in our company to be most effective while avoiding strange accidents?” The front lines say, “We want to use it like this,” and management says, “Putting data here is dangerous.” The key is for management to list options and make a decision: “So, which do we choose? Option A (high effect, medium risk), Option B (medium effect, low risk), or Option C (low effect, zero risk)?” This is the first step in elevating governance to a higher-level management design.
Specific Action 2: Appoint an “AI Utilization Project,” Not an “AI Officer”
Entrusting everything to a single “AI Officer” creates dependency on that individual’s capability and perspective, and does not resolve the organizational disconnect. Instead, establish a temporary decision-making unit called an “AI Utilization Project,” with the core members from the above workshop. Its role should include not only selecting and introducing AI tools, but also drafting usage rules, planning internal training, and reviewing actual usage and challenges after three months.
This unit is a device for executing “utilization” and “control” as one. As news about parliamentary scrutiny over whether a national intelligence agency needs an internal control organization shows, when functions are disconnected, blind spots in oversight emerge. SMEs can avoid creating these blind spots from the start by forming an integrated team.
Specific Action 3: Clarify “Decision Criteria” and “Escalation Paths,” Not Just Rules
Do not turn the completed governance policy into a thick manual. What the front lines will refer to is, at most, a one-page checklist. What should be written there is not detailed prohibitions, but the following two points:
- Criteria for “Is this okay to do?”: e.g., “Before inputting customer personal information into the AI, confirm these 3 items on this list.”
- A clear escalation path and contact person for “If unsure, ask here”: e.g., “If uncertain, immediately confirm via Slack with ○○, a project member.”
Behind the TV production staff’s social media post was an individual’s ambiguous judgment of “this is probably okay.” The most effective governance is not leaving judgment to individuals, but providing an organizational “framework for judgment” and “a system for consultation.”
Governance is an Investment in an Organization’s “Ability to Use,” Not a Cost
Not limited to AI, when introducing new technologies, new markets, or new ways of working, if governance is considered an after-the-fact “restriction,” it is indeed merely a cost. However, if from the design stage of introduction you consider “how to use it” and “how to control it” as one, integrating them into the organization’s decision-making flow, the story is completely different.
It is an investment in creating a “mechanism” that not only reduces risk but also allows frontline creativity and speed to be unleashed without being undermined by unnecessary accidents or internal conflict. Just as the University of Tokyo was forced into governance reform after a scandal, the cost is enormous once an accident occurs. This moment, as your SME is about to acquire the powerful tool of AI, is a perfect opportunity to resolve old organizational disconnects and challenge yourselves to design a new organization where “utilization” and “control” turn together as two wheels.
The first step can be tomorrow. Try having a key frontline person and a management department head sit in on your next meeting with an AI tool sales representative. From that conversation, the design of the “ability to use” best suited to your company will begin.
Comments