In 2024, KPMG Board Leadership Center issued a publication which examines the implications of generative AI (GenAI) for boards of directors.
It highlights the rapid shift from experimentation to widespread GenAI adoption, emphasizing the need for effective board oversight. The paper addresses key concerns, including risk management (data quality, cybersecurity, and compliance), the potential for increased efficiency and new revenue streams, and the crucial role of change management in realizing GenAI's benefits. It also offers practical guidance on establishing GenAI governance, identifying responsible parties within the C-suite, and posing key questions to management to assess progress and mitigate risks. Finally, it suggests methods for boards to enhance their own understanding of GenAI.
So, without further ado, let us dive into it.
Key Themes and Ideas
Rapid Adoption and Shifting Focus: GenAI has moved from "market buzz" to practical business application at an unprecedented speed. The focus is now shifting from experimentation to tangible business value and measurable financial returns. This has been driven by the accessibility of user-friendly consumer versions, bringing AI "from the hands of 1,000 data scientists to a billion consumers almost overnight."
Divergent Expectations: There's a divergence in expectations between C-suite executives and directors. Executives are primarily focused on new business models (54%) and revenue streams (46%), whilst the majority of directors (69%) anticipate increased operating efficiency from GenAI. Regardless of these differences, both groups agree on the critical importance of building trust in GenAI through risk management, data quality, and cybersecurity.
Unique Characteristics of GenAI: The paper identifies key characteristics that differentiate GenAI from traditional AI:
Instant Awareness: GenAI's rapid consumer adoption has significantly reduced the time to awareness and large-scale deployment.
Minimal Investment: Companies can now access pre-trained Large Language Models (LLMs) via subscriptions, drastically reducing the need for costly, in-house model development. This has democratized access to the technology.
People-Centric: GenAI is primarily expected to augment human knowledge workers by offloading time-consuming tasks rather than completely replacing them.
Still Evolving: The technology landscape surrounding GenAI is continuously evolving with stand-alone models, embedded models, and large action models creating a complex space for businesses to traverse.
Business Value and Applications: GenAI offers immense potential for productivity gains and product innovation. Specifically mentioned were:
Productivity Enhancement: GenAI can free up significant time for knowledge workers by automating tasks like report writing, data analysis, and code generation. "In theory, the productivity math is simple: provide a new powerful tool and training to a knowledge worker that can free up perhaps 30 percent of the time spent today, then reinvest these expensive hours on something equally or more productive for the company."
New Product Development: GenAI can expedite product development, improve understanding of customer needs, and enable the creation of innovative product features. This can impact the entire value chain from medicine to consumer products.
Capturing Value at Scale: Capturing value requires a combination of top-down strategic pilots and bottom-up innovation, leveraging employee input.
Significant Risks & Mitigations:
The paper emphasizes several critical risks associated with GenAI:
Data Inaccuracy: Poor data quality and "hallucinations" (false or nonsensical outputs) pose serious risks. Mitigation requires data cleansing, prompt engineering and importantly avoiding applications without a "human in the loop". All results should be treated as a draft rather than a final report.
Cybersecurity: GenAI's ability to write code can also be used for malicious purposes such as sophisticated phishing scams and deep fakes, necessitating a re-evaluation of cybersecurity strategies.
Data Privacy: Compliance with data privacy regulations when using third-party data, is becoming increasingly complex. Specifically within highly regulated industries such as healthcare this needs to be a priority for any business that is looking at adopting GenAI.
Compliance & Regulation: New and emerging AI-specific laws and regulations, such as the EU's AI Act, create further compliance complexities for businesses.
Intellectual Property: The risk of unintentional disclosure of sensitive information and the lack of clarity surrounding IP ownership is highlighted as a crucial area to address.
Reputational Risks: Develop a responsible use policy to manage the impacts of AI on individuals and society. Update the company code of conduct to reflect these changes.
Transformational Risks: Talent gaps, the need for retraining, and managing cultural change represent further challenges.
Board Oversight Imperatives:
Boards play a critical role in guiding management's approach to GenAI. This includes:
Strategic Oversight: Anticipating the longer-term implications of GenAI on the company’s strategy, business model, and competitive positioning.
Guardrails and Governance: Ensuring that management establishes appropriate policies, procedures and compliance frameworks for the development, deployment and use of GenAI.
Risk Management: Understanding and monitoring the full spectrum of GenAI-related risks and mitigation strategies, including IT and data management infrastructure.
Talent Strategy: Addressing talent gaps and promoting workforce development to enable the effective utilization of GenAI.
Financial Planning: Understanding the financial implications of GenAI investments and expected returns.
Compliance: Monitor and ensure compliance with relevant legislation.
Data Quality: Prioritize data quality, ensuring that the company’s GenAI output is accurate.
Open Communication: Fostering open and continuous communication with management on all aspects of GenAI.
Management Leadership & Accountability:
The leadership of GenAI initiatives is often distributed across various C-suite executives such as the CEO, CTO/CIO, General Counsel, CFO, CRO, and COO. There is a growing trend towards creating a dedicated leadership role, such as Chief AI Officer (CAIO). Boards should ascertain who is on point for GenAI and the level of coordination within management. There should be cross-functional leadership on GenAI to ensure it is integrated with the rest of the business.
Practical Considerations for Board Oversight:
Create an inventory of GenAI use cases within the business.
Understand the reason for using GenAI, algorithmic accountability, data training and monitoring for bias.
Boards need to be aware of talent gaps in the area of GenAI and plan for workforce changes as a result of the adoption of the technology.
Board needs to gauge the progress of the company's GenAI journey.
Focus on management’s policies for development, deployment and use of GenAI.
The audit committee plays a crucial role in overseeing risks associated with GenAI.
Boards should continuously educate themselves about GenAI through expert guidance and discussions.
Balance opportunities and risks by challenging management to adopt GenAI swiftly whilst ensuring that the risks posed are manageable.
Key Questions for Board Consideration
The paper suggests a series of probing questions for boards to ask of management, segmented by management role. These include:
CEO/Chair: "What are the company’s aspirations for GenAI and strategy to get there?", "Who in management is on point for driving and coordinating the GenAI transformation...?", "How do you envision incorporating GenAI into our corporate strategy process and operating goals going forward?"
CFO/CSO: "...What would that do to our company’s revenue and cost over the next one, three, and five years?", "How much has the company invested in GenAI this fiscal year, and how much will be budgeted for next year?", "How will GenAI be used within your function...?"
COO/CTO/CIO: "Where is GenAI currently being used...?", "...Have we connected these tools to our own proprietary data?", "What data are algorithms being trained on, who owns the data, and how is the company monitoring for quality and bias?"
CSO/CRO/CMO: "...Are we embedding GenAI into our products and services to make them more attractive to customers?", "What current revenue streams are most at risk if competitors roll-out GenAI?"
CRO/Head of Enterprise Risk Management/CISO: "What do you see as the major AI-related risks that we need to tackle first?", "What GenAI governance framework and policies have we implemented already and what comes next?", "How have we increased our cybersecurity over the last 12 months since GenAI arrived?"
The rapid advancement and integration of GenAI presents significant opportunities and risks for businesses. Effective board oversight is paramount for ensuring that companies capitalize on GenAI's potential while navigating the complex landscape of challenges. This paper provides a comprehensive framework for boards to consider, offering practical advice and key questions to guide their oversight efforts. It highlights the critical need for proactive engagement, continuous education, and a balanced approach to both opportunities and risks within the rapidly evolving landscape of GenAI.
We welcome your comments.