The Blind Spot for SMEs Revealed by Large Corporations’ AI Governance Theories
A major trading company is tackling the question of “how to govern a continuously moving group” through its AI governance design. This news highlights a significant gap with the image of “governance” held by many SME owners. Often, governance discussions in SMEs tend to end with static management focused on “setting rules and enforcing them.” However, for organizations operating diverse and rapidly changing businesses like trading companies, or when dealing with rapidly evolving technologies like AI, static rules quickly become obsolete and can hinder operations.
The fundamental question here is about the core design philosophy of governance. Is it a “fence to prevent violations,” or is it a “dynamic framework for achieving objectives amidst change”? The concept of “dynamic governance,” which realizes the latter, is something modern SMEs facing volatile market environments should seriously adopt, not just for AI.
The Three Core Principles of “Dynamic Governance”
Drawing from large corporate examples, we can distill three core principles of “dynamic governance” applicable to SMEs.
1. Articulating and Sharing Purpose: Embedding the “Why” Behind Rules
Static governance tends to focus on “what not to do.” In contrast, the starting point for dynamic governance is the clear articulation of purpose: “What are we trying to achieve?” For instance, whether the purpose of introducing AI is “to improve customer service efficiency” or “to gain insights for new product development” leads to completely different governance requirements.
For the former, rules centered on response accuracy and personal information protection become key. For the latter, processes for bias verification in data collection scope and analysis interpretation become crucial. Sharing the “business purpose” that the rules support across the entire company, rather than the rules themselves, forms the foundation for teams to make autonomous judgments while adapting to change.
2. Setting Tolerance Ranges and Monitoring: Risk Design on a Scale of 1-99
In a dynamic environment, eliminating all risk to zero is impossible and leads to lost business opportunities. The key is to predefine an “acceptable risk range (1-99)” and permit activities within that range. For example, when trialing a new AI tool, decide on priorities and tolerance levels like, “We accept medium-level privacy risks but strive to eliminate legal compliance risks.”
Then, a mechanism is needed to “monitor” whether this tolerance range is being maintained. This doesn’t require a massive audit system; simply adding “occurrence of unforeseen risks” as an item in regular progress reports can be effective. Design a “dynamic” feedback loop to detect early signs of risks exceeding the tolerance range and make course corrections.
3. Institutionalizing Learning and Updates: Updating Governance Itself
The most critical point is to build in a mechanism where the governance rules and framework themselves “learn and update.” Insights gained from new technologies or business activities (e.g., an AI tool achieving higher-than-expected accuracy, or conversely, having unexpected bias) should not end as mere business reports. Establish a direct feedback path to review governance rules.
Once a quarter, dedicate one agenda item in a governance committee or management meeting to “reviewing past decisions and their outcomes,” and use the learnings to fine-tune related rules or decision criteria. Create a culture that treats governance documents as “living documents.”
Three Practices SMEs Can Start Tomorrow
How can these concepts be integrated into management starting tomorrow? Based on experience supporting over 38 companies, here are concrete first steps.
Practice 1: Apply a “Governance Design Sheet” to Your Next New Project
Develop the habit of attaching a “Governance Design Sheet” with the following three items to proposals for new business initiatives or IT tool implementations.
- Core Purpose of This Project: State “what you want to achieve” in one line.
- Anticipated Key Risks (1-3): e.g., “Privacy breach,” “Budget overrun.”
- Tolerance Level and Monitoring Method for Each Risk: e.g., “Privacy breach risk: Medium. Check for incidents in monthly reports.”
This transforms governance from an “after-the-fact audit item” into a “preceding design condition” at the project’s outset.
Practice 2: Allocate a 5-Minute “Governance Review” Slot in Management Meetings
Dedicate the first 5 minutes of monthly or quarterly management meetings to “governance-related outcomes of previous decisions.” For example, briefly check: “Is the cloud tool introduced last month being used within the anticipated data management risk range?” or “Have any unexpected issues arisen?” If no issues, proceed to the main agenda. If there’s a slight concern, generate a task to investigate details later. This habit acts as a catalyst to keep governance “dynamic.”
Practice 3: Shift Expert Queries from “Yes/No” to “Conditions for Feasibility”
Stop asking legal or accounting experts, “Is using this AI tool a legal violation?” Instead, ask, “What conditions must we meet to legally achieve [specific purpose] using this tool?” This shift in questioning transforms experts from “gatekeepers who prohibit” into “designers who support goal achievement.” The answers become concrete “next actions,” such as the permissible scope of use, necessary internal policies, or examples of required consent forms.
Governance is the Design that Supports an Organization’s “Dynamic Equilibrium”
Just as living organisms maintain internal stability while adapting to external environmental changes—a concept known as “homeostasis”—excellent governance is also a mechanism that supports “dynamic equilibrium.” It allows an organization to adapt to external technological innovation and market shifts without losing sight of its purpose or falling into risks beyond its tolerance.
This is precisely the philosophy demonstrated by the major trading company’s AI governance theory. It is no longer an issue solely for the IT or legal departments. In an era where change is the norm, the “ability to design governance dynamically” has become a core management skill for leaders themselves.
Redesign your company’s governance not as a static bundle of manuals, but as a “living framework” that breathes and evolves alongside business growth and change. The first step begins with changing just a little—how you ask questions and structure meetings—starting with your next small project.
Comments