Skip to content
All articles
Articles

The Cost of AI Governance: When the Operating Model Consumes the Portfolio

AI governance frameworks are genuinely necessary. They are also genuinely expensive. The question of how much governance is proportionate — and at what point the operating model costs more than it saves — is one of the least examined in enterprise AI.

10 min read
AI governanceAI TCOoperating modelCAIOstrategy

Key takeaways


The question that is absent from most governance discussions


What AI governance actually costs

CAIO function and programme office.

FinOps for AI.

TBM and ITFM for AI.

SPM and portfolio governance.

Model validation and quality assurance.

Policy, legal, and compliance oversight.

Internal audit and assurance for AI.

Governance tooling.

Real-world example:


Illustrative case: the governance-to-portfolio ratio

Consider two organisations with AI portfolios of roughly similar size.

Organisation A has an active AI portfolio of 22 use cases with an aggregate annual operating cost — models, infrastructure, integration, and labour — of £4.2M. Over the past two years, it has built a CAIO function, established AI FinOps reporting, mapped AI into its TBM taxonomy, and is in the process of implementing SPM portfolio reviews. The annual cost of its AI governance operating model is £2.1M.

Organisation B has a comparable AI portfolio of 19 use cases at a similar aggregate cost of £3.8M. It has a lighter governance model: a part-time VP of AI supported by an existing FinOps function, quarterly portfolio reviews, and standard financial management reporting. Its governance operating cost is £600,000 annually.

Organisation A's governance-to-portfolio ratio is approximately 50%. Every pound of AI operating cost is matched by 50 pence of governance cost. Organisation B's ratio is approximately 16%.

Neither number is inherently right or wrong. The correct ratio depends on the risk profile of the portfolio, the regulatory environment, the organisation's history with AI failures, and the maturity of the underlying management processes. But the comparison raises a question that Organisation A's leadership should be asking explicitly: is our £2.1M governance apparatus producing £2.1M of value in prevented waste, avoided failures, and better investment decisions?

If it is — if the governance function has materially improved capital allocation, caught failures before they became expensive, prevented regulatory exposure, and produced evidence that drove better decisions — then the cost is justified. If it is producing reports, holding reviews, and maintaining processes without materially changing the investment or operating decisions the organisation makes, it is governance theater, and it is extremely expensive.


The governance theater pattern

Reports are produced but not acted on.

Reviews occur but findings persist.

Frameworks are maintained but not used.

Governance functions compete rather than complement.


Right-sizing governance: a practical framework

Portfolio value is the simplest dimension.

Portfolio risk is the second dimension and the most important modifier.

Governance maturity determines where investment is productive.

The practical implication is a staged governance investment model:

  • At under £3M AI portfolio value: lean operating model — finance business partner coverage, FinOps reporting integration, quarterly portfolio review. Target governance cost 8-12%.
  • At £3M-£15M AI portfolio value: dedicated AI governance function, FinOps and TBM integration, formal stage-gate process. Target governance cost 12-18%.
  • At over £15M AI portfolio value: full operating model including CAIO function, multi-discipline governance integration, SPM capability. Target governance cost 10-15% (efficiency improves at scale).

These are indicative ranges, not hard rules. Regulated industries should apply a multiplier of 1.5-2x on governance cost targets. Organisations with significant historical AI failures or active regulatory attention should invest more. Organisations with simple, low-risk AI portfolios can operate at the lower end.


The organisational dynamic nobody discusses

Governance functions grow for understandable reasons. Each addition feels like an improvement. Adding FinOps is better than not having FinOps. Adding TBM taxonomy is better than unstructured cost allocation. Adding SPM reviews is better than no portfolio oversight.

The problem is that governance functions almost never shrink by themselves. The incentive to add governance capability is always present. The incentive to challenge whether existing governance is proportionate is almost never present, because the people who would do the challenging are the same people who built the governance framework and whose professional identity is invested in its value.

This means the periodic reset of AI governance — asking explicitly whether each element of the operating model is earning its cost — requires external pressure or strong CFO leadership. Finance leadership is the natural home for this conversation, because the CFO owns the overall economics and has the standing to challenge whether investment in governance is producing adequate return relative to alternative uses of the same budget.

Periodic governance audits — conducted by internal audit with AI economics expertise, or by an external function genuinely independent of the AI programme — are the most reliable mechanism for identifying governance that has become theater. The questions they should answer are straightforward: what decisions have changed because of this governance function? What would look different in the portfolio without it? Is there a lighter alternative that achieves the same outcome at lower cost?


The practical conclusion

The recommendation from this site is not to build less governance. It is to build proportionate governance, and to be honest about what proportionate means at your portfolio scale, in your industry, at your current maturity level.

A small AI portfolio with a large governance function will be slow, expensive, and probably demoralising for the people running both. A large AI portfolio with inadequate governance will eventually produce a visible and embarrassing failure.

The right answer is neither. It is governance that is genuinely sized to the risk and value at stake, invested in the stages where it has the highest marginal return, and periodically reviewed to ensure it is producing the decisions and outcomes that justify its cost. That standard applies to every other significant function in the enterprise. It should apply to AI governance too.


Optimist

Sceptic

The Optimist's Case

The Sceptic's Case


Further reading on AI governance economics