Skip to content
AI Economics Hub
All articlesArticles

What Boards and Audit Committees Should Actually Ask About AI

Most board conversations about AI are either too strategic or too tactical. The economic governance layer — capital discipline, value proof, and investment accountability — is largely missing. This article sets out what responsible oversight actually requires.

28 May 2026governanceboardaudit committeeCFOAI ROI

On this page

Open

Key takeaways

  • Current board AI conversations cluster at two levels: strategic transformation narrative and specific technology risk (cybersecurity, hallucinations, deepfakes). The economic governance layer — capital allocation, value proof, operating model accountability — is largely absent from most board agendas.
  • Boards have a fiduciary obligation to challenge AI investment decisions with the same rigour applied to other capital commitments. The "we need to move fast on AI" argument is not a governance framework.
  • Audit committees specifically should be asking about the reliability of AI-related financial disclosures, the completeness of AI cost models, and whether management's reporting on AI value is constructed to withstand independent scrutiny.
  • The appropriate standard for board-level AI oversight is not technical understanding. It is economic accountability — the same standard applied to any other material capital program.

The gap in the boardroom conversation

If you have sat through a board presentation on AI in the past two years, you will recognise the pattern. The first half is strategic: the AI landscape is transforming industries, competitors are investing, there is a strategic imperative to act. The second half is risk: cybersecurity implications, model hallucination incidents, reputational exposure, data governance requirements, regulatory uncertainty.

What is missing from the middle is an economic accountability conversation. What is the organisation actually committing to spend? What return is it committing to demonstrate? Who is accountable for that return? What evidence would cause the board to conclude that the strategy needs to change?

This is not a minor omission. In any other area of material capital commitment — a major technology programme, an acquisition, a new market entry — boards would expect to be answering these questions as a matter of course. The implicit logic that AI is somehow different — too fast-moving, too uncertain, too strategic to subject to normal capital discipline — is not a governance position. It is an abdication of one.

The external evidence makes this more urgent, not less. Research suggests only a small minority of enterprises are demonstrating credible financial returns from AI at scale. CEO and board pressure on AI ROI is increasing, while executive confidence in the ability to measure it remains low. If the board is not driving this conversation, it is waiting for management to bring it — and management has its own incentives to present AI progress in the most favourable available light.

What boards should be doing: four governance obligations

1. Apply capital discipline, not strategic exception

Every material AI investment should be subject to the same capital allocation rigour as any other significant programme. That means:

  • A business case with a stated return dimension, baseline, and time horizon — not a strategic rationale that defers economic proof indefinitely
  • Total cost of ownership analysis that includes infrastructure, integration, governance, people, and operating support — not only vendor or model spend
  • Named value owners accountable for the realisation of stated returns — not collective ownership spread across a programme structure
  • Stage-gate decisions that require evidence before the next tranche of capital is approved — not open-ended budget commitments based on progress narrative

Some AI investments are strategic enough to justify a different return expectation — a longer horizon, a capability-building rationale, a portfolio hedge. That is a legitimate governance position. But "this is AI" is not a sufficient basis for exception. The board should be able to say what makes a specific investment genuinely strategic and what proof standard will apply even within that longer horizon.

2. Require honest total cost reporting

One of the most consistent patterns in AI investment management is systematic understatement of total cost. Direct model or vendor spend is visible and captured. Platform infrastructure, data preparation, integration, governance overhead, and the labour required for ongoing operation are routinely allocated elsewhere, excluded from AI investment reporting, or simply not identified.

The board should require that AI investment reporting uses a complete cost model. This is not a technical demand — it is an accounting governance question. If the organisation is reporting AI spend at £8M annually but the fully-loaded operating cost, including all allocated infrastructure and labour, is £23M, the board is making decisions on materially incomplete information.

The audit committee is the appropriate body to scrutinise whether management's AI financial reporting captures the full economic scope of the commitment. The right question is not "are the numbers accurate?" but "do the numbers reflect everything that belongs in them?"

3. Challenge value claims with the same standards applied to other investments

Management teams presenting AI business cases will, understandably, structure those cases to be as favourable as possible. That is not dishonesty — it is the normal operating logic of any investment sponsor. The board's role is to apply the governance pressure that converts optimistic projections into honest ones.

For AI specifically, the most important challenges are:

Is the baseline credible? A productivity improvement claimed at 35% means 35% compared with what, measured how, over what period? If there is no credible pre-AI baseline, the claimed return cannot be evaluated. The board should not accept productivity narratives that lack explicit baseline measurement.

Is time saved the same as value created? This is the single most common inflation mechanism in AI ROI claims. If AI reduces the time analysts spend on a task by four hours per week, that is a useful signal of capability. It is not, by itself, economic value. Value is created when the freed time is either eliminated from the cost base or redirected to more productive use. If neither happens, the time saving is theoretical. The board should ask specifically: what change in cost structure or output results from the claimed productivity gain?

What is the cost basis for the return calculation? An ROI of 300% means something very different if the denominator is only the model licence cost versus the full TCO. The board should require that return calculations use a cost denominator that matches the scope of costs being incurred.

Who has validated the value claim? In organisations where the same team that builds the AI system also measures its economic value, the independence of the measurement is compromised. Not necessarily because of dishonesty — but because confirmation bias is real and powerful in evaluation design. The board should ask whether material value claims have been independently validated, or at least independently reviewed.

4. Scrutinise the operating model, not only the portfolio

Large AI programme failures often have their roots not in bad technology choices but in inadequate operating models. The AI capability is built. The workflow integration is incomplete. Adoption does not reach critical mass. The people who were supposed to absorb the productivity gain have not materially changed their work patterns. The value claim was based on an optimistic view of how the organisation would change, and the organisation did not change as much as assumed.

This is an operating model question more than a technology question. The board should be asking: has management designed not just the AI capability but the operating model change required to realise the stated value? And is there accountability for that change?

This question is particularly important in cost-reduction AI cases. The logic typically runs: AI reduces the time required to do X, therefore we will require fewer people to do X, therefore our operating cost falls. That logic is only as strong as the organisation's actual willingness and ability to reduce headcount or redeploy capacity. If management does not have a credible workforce transition plan alongside the AI case, the cost savings are aspirational, not planned.

The audit committee's specific role

The audit committee has three AI-specific responsibilities that are distinct from the board's general oversight function.

Financial controls and reporting integrity. As AI becomes embedded in business processes, it also becomes a factor in the reliability of financial reporting. AI systems that touch inventory management, revenue recognition, fraud detection, customer accounting, or financial planning create new questions for internal audit: are the controls around these systems adequate to ensure they are not creating material errors in financial outputs? This is not a hypothetical concern — it is a natural extension of the audit committee's existing mandate.

Completeness and accuracy of AI-related disclosures. As regulatory requirements around AI disclosure develop — in the EU, the US, and increasingly globally — the audit committee should be considering whether management's external disclosures about AI use, risk, and investment are accurate and complete. The risk of under-disclosure (failing to disclose material AI risk or investment) and over-disclosure (claiming AI capabilities that are not yet real) both have regulatory and reputational consequences.

Independence of AI evaluation. The audit committee should ask management whether the economic evaluations of AI investments are structurally independent of the teams that built or sponsor those investments. If there is no independent function with responsibility for challenging AI value claims, the audit committee should regard management's reporting on AI returns as less reliable than it would be if independence existed.

Five questions that should appear on every board AI report

If a board receives a regular AI progress report from management, these five questions should be explicitly addressed in that report or raised by the board if they are not:

1. What is the total economic commitment?
Not the approved budget for new initiatives — the full forward cost of continuing everything currently in the AI portfolio, including shared platform running costs, governance overhead, and operating support. This number is almost always larger than the board's mental model of "what we're spending on AI."

2. What proportion of AI initiatives have demonstrated value against their original business cases?
Not "which initiatives are performing well" — which is a question management will answer optimistically — but what percentage of material investments have produced evidence meeting the proof standard that was defined at approval. If this number is below 25%, the portfolio has a systematic value-proof failure, not a collection of normal initiative variance.

3. Which investments have been stopped or redesigned in the past period, and why?
The absence of stopped investments is a warning signal, not evidence of success. If management reports 12 months of AI progress with no stops or material redesigns, the board should ask why. Either every investment is performing as planned — which is implausible across a portfolio of any size — or the portfolio lacks the governance discipline to identify and act on underperformance.

4. What would change in the AI strategy if returns are 50% lower than projected?
This is a stress test, not a prediction. It forces management to distinguish between strategic commitments that the organisation intends to maintain regardless of short-term returns, and investments that are economically contingent on the projected return materialising. Having this clarity is fundamental to responsible capital allocation.

5. How is the AI operating model being governed, not just the AI investments?
Who owns the commercial relationships with AI vendors? Who is accountable for AI-related compliance? Who has authority to approve or deny AI deployment in customer-facing processes? If the board cannot get a clear organisational answer to these questions, the governance architecture is incomplete.

What good board AI oversight looks like in practice

A board with genuinely good AI oversight will typically be doing several things that are not yet common.

It will have a clear policy on what level of AI investment requires board-level approval versus management sign-off. A portfolio of individually small AI investments can create a material economic commitment when viewed in aggregate. Without a policy, the aggregate can grow without board visibility.

It will receive AI performance reports that lead with evidence of value, not evidence of activity. Metrics like number of use cases, percentage of employees using AI tools, or number of models deployed are activity metrics. They tell the board that AI is happening, not whether it is working. A board that accepts activity metrics as evidence of progress is accepting a governance substitution.

It will have had an explicit conversation about what the organisation's AI risk appetite is — and specifically, where the boundary sits between AI applications the organisation is willing to deploy with current evidence levels, and applications where higher proof standards apply. This is a governance decision, not a management one.

And it will have ensured that someone independent of the AI programme — whether an external auditor, an internal audit function with AI economics expertise, or an appropriately structured governance committee — has the mandate and the access to challenge management's AI reporting before the board acts on it.

A practical note on pace

The most common objection to applying this standard of oversight to AI is pace. Competitive pressure is real. The AI landscape is moving quickly. Governance discipline should not prevent the organisation from moving at the speed the market requires.

This objection confuses governance discipline with approval delay. A well-designed AI governance framework allows fast decisions when the evidence supports them and demands slower decisions when it does not. It creates a portfolio that moves faster on proven cases and is more disciplined about scale in unproven ones. That is not a restraint on organisational speed — it is a better allocation of the resources that determine it.

The argument that "we need to move fast" is sometimes a genuine reflection of competitive reality. It is also sometimes the argument of a management team that does not want its investment decisions scrutinised. Boards that cannot distinguish between the two are not providing oversight — they are providing endorsement.

Explore next

Continue exploring

Follow the threads that connect AI cost, value, governance, and operating discipline.

The AI Value Gap

The core diagnosis of why AI cost, accountability, and proof so often diverge at enterprise level.

AI ROI Models

The multi-dimensional return framework that board-level AI reporting should be structured against.

AI Economics Maturity Model

The maturity model for assessing whether AI governance is improving fast enough to support scale.