Key takeaways
- AI governance frameworks are necessary. They are also expensive. A CAIO function, a FinOps practice, a TBM taxonomy, an ITFM discipline, an SPM process, regular portfolio reviews, model validation, and policy oversight can easily consume 15-30% of the annual AI budget they govern.
- Proportionality is a governance principle that most AI governance discussions ignore. Not every organisation needs every layer of operating model at every scale. The right question is: what governance is adequate for the risk and scale of the portfolio we are running?
- Governance theater — processes that generate reports and reviews without actually changing investment decisions or operating behaviour — is a real and costly phenomenon in mature AI programmes. It is the natural endpoint of governance that expands without periodic reset.
- Organisations should size their AI operating model against the value at risk in the portfolio, not against the sophistication of the governance framework they aspire to build.
The question that is absent from most governance discussions
This publication argues consistently that AI governance is underdeveloped in most enterprises. That argument is correct. Most organisations lack adequate visibility, accountability, and proof disciplines. Building those capabilities is genuinely valuable.
But this article asks a different question: at what point does the cost of governance exceed the value it creates?
This is not a rhetorical question designed to argue against governance. It is a practical management question that any finance leader should be asking. If the operating model costs more than it prevents in waste, misallocation, and failure, it is not a governance success. It is an overhead problem with a governance label.
The challenge is that most AI governance frameworks are designed by people who believe in governance — which is appropriate — but who are not required to account for governance's own cost. The result is a persistent tendency toward more governance rather than right-sized governance.
What AI governance actually costs
The full operating cost of a mature AI governance function — the kind described across the frameworks on this site — includes the following components. These are not exhaustive, but they are representative.
CAIO function and programme office. A functioning CAIO office in a large enterprise typically employs five to fifteen people in programme management, operating model, and governance roles, plus the CAIO themselves. At market-rate compensation levels, this function costs £800,000 to £2.5M annually in salary and benefits alone, before travel, external advisors, or tooling.
FinOps for AI. A dedicated AI FinOps practice — with tooling, allocated engineering time for instrumentation, analyst time for reporting, and ownership of the unit-economics operating loop — runs at £300,000 to £800,000 annually for a mid-to-large enterprise, depending on the maturity and complexity of the AI estate.
TBM and ITFM for AI. Integrating AI into a TBM taxonomy and ITFM financial management process requires dedicated modelling effort, taxonomy maintenance, cost allocation configuration, and ongoing reporting. In organisations that have existing TBM and ITFM practices, the incremental AI extension typically costs £150,000 to £400,000 annually. In organisations standing up these practices from scratch, the costs are considerably higher.
SPM and portfolio governance. A functioning AI portfolio management practice — including quarterly reviews, investment register maintenance, comparative analysis, and stage-gate administration — requires dedicated analytical resource, typically two to three FTEs plus tooling. Annual cost: £250,000 to £500,000.
Model validation and quality assurance. Depending on the industry and the nature of AI applications, model validation may require specialist risk resource, external review, or both. In financial services this is a regulated activity with minimum standards. In other industries it is discretionary. A reasonable enterprise allocation for model validation and quality assurance is £200,000 to £600,000 annually.
Policy, legal, and compliance oversight. Legal review of vendor contracts with AI provisions, policy development and maintenance, data governance requirements for AI, and regulatory compliance monitoring represent a real and growing cost. Estimated at £200,000 to £500,000 annually for a mid-to-large enterprise.
Internal audit and assurance for AI. If the audit committee is exercising appropriate oversight, internal audit needs AI economics capabilities to review the governance framework's effectiveness. This is an emerging discipline and is not yet standardised, but a reasonable estimate is £150,000 to £300,000 annually in additional audit resource.
Governance tooling. Observability platforms, cost allocation tools, portfolio management software, compliance monitoring tools. Annual licence and operating cost: £200,000 to £600,000 depending on stack complexity.
Aggregating these estimates, a fully-developed AI governance operating model in a large enterprise costs roughly £2.3M to £6.2M annually, before the shared allocation of leadership time, meeting cost, and external advisor engagements that occur throughout the year.
Illustrative case: the governance-to-portfolio ratio
Consider two organisations with AI portfolios of roughly similar size.
Organisation A has an active AI portfolio of 22 use cases with an aggregate annual operating cost — models, infrastructure, integration, and labour — of £4.2M. Over the past two years, it has built a CAIO function, established AI FinOps reporting, mapped AI into its TBM taxonomy, and is in the process of implementing SPM portfolio reviews. The annual cost of its AI governance operating model is £2.1M.
Organisation B has a comparable AI portfolio of 19 use cases at a similar aggregate cost of £3.8M. It has a lighter governance model: a part-time VP of AI supported by an existing FinOps function, quarterly portfolio reviews, and standard financial management reporting. Its governance operating cost is £600,000 annually.
Organisation A's governance-to-portfolio ratio is approximately 50%. Every pound of AI operating cost is matched by 50 pence of governance cost. Organisation B's ratio is approximately 16%.
Neither number is inherently right or wrong. The correct ratio depends on the risk profile of the portfolio, the regulatory environment, the organisation's history with AI failures, and the maturity of the underlying management processes. But the comparison raises a question that Organisation A's leadership should be asking explicitly: is our £2.1M governance apparatus producing £2.1M of value in prevented waste, avoided failures, and better investment decisions?
If it is — if the governance function has materially improved capital allocation, caught failures before they became expensive, prevented regulatory exposure, and produced evidence that drove better decisions — then the cost is justified. If it is producing reports, holding reviews, and maintaining processes without materially changing the investment or operating decisions the organisation makes, it is governance theater, and it is extremely expensive.
The governance theater pattern
Governance theater is a specific failure mode that appears in mature governance frameworks when the process has expanded beyond the capacity of the organisation to act on its outputs. It has recognisable characteristics:
Reports are produced but not acted on. Monthly AI financial reports are distributed. Variances are noted. No investment decision changes as a result. The report's primary purpose has become compliance with the reporting obligation rather than informing management action.
Reviews occur but findings persist. Portfolio reviews identify the same underperforming initiatives quarter after quarter. The findings are acknowledged. The initiatives continue. The review process has become a mechanism for tolerating known problems rather than resolving them.
Frameworks are maintained but not used. A TBM taxonomy for AI costs has been meticulously built and maintained. No allocation decision or portfolio comparison references it. The taxonomy exists as an artifact of governance aspiration rather than as a tool that changes behaviour.
Governance functions compete rather than complement. The FinOps team, the TBM team, the CAIO programme office, and the ITFM function each have legitimate claims to AI cost governance. They have different views of the same data, different stakeholders, and different governance rhythms. Much of their effort is spent on internal coordination rather than on improving the organisation's AI economics. The governance overhead is, in part, the cost of governing the governance.
This pattern is not evidence that governance is bad. It is evidence that governance has grown past the point of proportionality and needs to be reset. The diagnostic question is: if this governance function were removed, what decisions would become worse? If the answer is unclear, the function may have become an end in itself.
Right-sizing governance: a practical framework
The appropriate scale of AI governance depends on three variables: portfolio value, portfolio risk, and governance maturity.
Portfolio value is the simplest dimension. A £2M AI portfolio does not justify a £1.5M governance apparatus. The cost-of-governance rule of thumb is that total governance operating cost should not exceed 20% of the portfolio value it governs in steady-state, and should ideally be 10-15% in mature organisations. During active build-out, higher ratios are justifiable as investment — but the investment timeline should be explicit and time-bounded.
Portfolio risk is the second dimension and the most important modifier. A portfolio that includes AI use cases in credit decisioning, clinical care, or autonomous process execution carries materially higher tail-risk than a portfolio of productivity tools and knowledge assistants. Higher-risk portfolios justify heavier governance investment as a form of risk mitigation, independent of pure cost-benefit logic. The question is whether the governance is specifically calibrated to the risk — targeted model validation, specific compliance oversight, directed audit attention — or whether it is general governance overhead that does not reduce the actual risk.
Governance maturity determines where investment is productive. Early-stage AI governance (Level 1-2 in the Five Levels framework) benefits disproportionately from investment in visibility: cost inventory, reporting, basic portfolio awareness. Mid-stage governance (Level 3-4) benefits from investment in accountability and proof disciplines. Mature governance (Level 5) benefits from operational optimisation and portfolio comparison capability. Investing heavily in portfolio comparison capability before basic visibility and accountability exist is not accelerating maturity — it is building the roof before the walls.
The practical implication is a staged governance investment model:
- At under £3M AI portfolio value: lean operating model — finance business partner coverage, FinOps reporting integration, quarterly portfolio review. Target governance cost 8-12%.
- At £3M-£15M AI portfolio value: dedicated AI governance function, FinOps and TBM integration, formal stage-gate process. Target governance cost 12-18%.
- At over £15M AI portfolio value: full operating model including CAIO function, multi-discipline governance integration, SPM capability. Target governance cost 10-15% (efficiency improves at scale).
These are indicative ranges, not hard rules. Regulated industries should apply a multiplier of 1.5-2x on governance cost targets. Organisations with significant historical AI failures or active regulatory attention should invest more. Organisations with simple, low-risk AI portfolios can operate at the lower end.
The organisational dynamic nobody discusses
Governance functions grow for understandable reasons. Each addition feels like an improvement. Adding FinOps is better than not having FinOps. Adding TBM taxonomy is better than unstructured cost allocation. Adding SPM reviews is better than no portfolio oversight.
The problem is that governance functions almost never shrink by themselves. The incentive to add governance capability is always present. The incentive to challenge whether existing governance is proportionate is almost never present, because the people who would do the challenging are the same people who built the governance framework and whose professional identity is invested in its value.
This means the periodic reset of AI governance — asking explicitly whether each element of the operating model is earning its cost — requires external pressure or strong CFO leadership. Finance leadership is the natural home for this conversation, because the CFO owns the overall economics and has the standing to challenge whether investment in governance is producing adequate return relative to alternative uses of the same budget.
Periodic governance audits — conducted by internal audit with AI economics expertise, or by an external function genuinely independent of the AI programme — are the most reliable mechanism for identifying governance that has become theater. The questions they should answer are straightforward: what decisions have changed because of this governance function? What would look different in the portfolio without it? Is there a lighter alternative that achieves the same outcome at lower cost?
The practical conclusion
The recommendation from this site is not to build less governance. It is to build proportionate governance, and to be honest about what proportionate means at your portfolio scale, in your industry, at your current maturity level.
A small AI portfolio with a large governance function will be slow, expensive, and probably demoralising for the people running both. A large AI portfolio with inadequate governance will eventually produce a visible and embarrassing failure.
The right answer is neither. It is governance that is genuinely sized to the risk and value at stake, invested in the stages where it has the highest marginal return, and periodically reviewed to ensure it is producing the decisions and outcomes that justify its cost. That standard applies to every other significant function in the enterprise. It should apply to AI governance too.