As AI governance frameworks move from aspirational to mandatory, boards face a practical problem: most directors cannot articulate what effective AI oversight looks like in practice. This checklist provides the 12 questions that every board member should be able to answer — and that every board chair should be asking management to address on the record.
Strategic Alignment — 3 Questions
1. Can you state the board’s AI governance mandate in one sentence?
If the board has not formally chartered its AI oversight responsibility — through committee structure or full-board mandate — the answer is no. The KPMG/INSEAD Principles released this week make formal chartering a baseline requirement, not a best practice.
2. Does the board receive a structured AI risk report at every meeting — or only when management chooses to escalate?
Reactive reporting is not oversight. Boards should have standing AI risk items on every agenda, with defined metrics that management reports against — not open-ended updates at management’s discretion.
3. Has the board approved a formal AI strategy — separate from the technology strategy?
AI strategy encompasses risk appetite, ethical guardrails, competitive positioning, and capital allocation. Treating it as a subset of IT strategy leaves material governance gaps that regulators and investors now expect boards to close.
Risk Stewardship — 3 Questions
4. What is the board’s documented AI risk appetite?
Risk appetite for AI should be as specific as risk appetite for credit or liquidity — quantified thresholds, not qualitative descriptions. If the board cannot state a specific AI risk tolerance, it has not set one.
5. Has the board reviewed the company’s AI vendor contracts for liability allocation?
AI vendor agreements frequently contain limitation-of-liability clauses that transfer risk to the company when AI systems produce harmful outputs. Boards should have reviewed and approved the company’s AI vendor contract standards, not delegated this entirely to legal counsel.
6. Does the board know which AI systems are currently in production — and which ones have access to customer data?
Inventory of deployed AI systems is a prerequisite for governance. Boards that cannot answer this question are operating without visibility into their material risk exposure.
Accountability & Transparency — 3 Questions
7. Who is the named executive accountable for AI governance failures — and is that accountability in writing?
Diffused accountability is no accountability. Boards should be able to name a specific executive — not a committee, not a function — who is accountable for AI governance outcomes and whose compensation reflects that accountability.
8. Has the board reviewed the company’s external AI disclosures — including SEC filings and ESG reports?
AI-related disclosures are now material. Boards that have not reviewed what the company is representing externally about its AI practices are exposed to disclosure liability they may not know exists.
9. Can the board explain the company’s AI governance posture to a major institutional investor in five minutes?
Proxy advisors and institutional investors are scoring AI governance as a material factor. If the board cannot articulate a coherent governance narrative, it will not be able to defend its oversight record in a shareholder engagement.
Board Competency — 3 Questions
10. Which directors have completed formal AI governance training in the past 12 months?
One-time briefings do not constitute competency development. The KPMG/INSEAD Principles require ongoing director education as a standing governance obligation. Boards should be tracking this as they track continuing education for audit committee members.
11. Does the board’s skills matrix include AI literacy as a required competency?
If AI expertise is not on the nominating committee’s director recruitment criteria, the board is systematically selecting against the competency it most needs. This is a structural governance failure, not a gap that can be closed through advisory panels.
12. When did the board last conduct an independent AI governance assessment — separate from management’s self-assessment?
Internal assessments are a starting point. Boards operating at governance best practice commission periodic independent reviews of their AI oversight structures — the same way they commission independent internal audit reviews of financial controls.
Using This Checklist
Distribute this checklist to all directors before the next board meeting. Ask each director to self-assess. Compile the results anonymously. The aggregate gap analysis is your board’s AI governance work plan for the next 12 months. Boards that score 10 or more “yes” answers have a defensible governance posture. Boards scoring below 7 have material gaps that should be remediated before the next proxy season.