GovCompass
Responsible AI
AnalysisAccountabilityHuman oversight

AI governance and enterprise risk management: where they meet

By GovCompass.ai· · Aligned with the consolidated EU AI Act, COSO ERM 2017, and the three lines model (2020).

AI governance is not a parallel structure that sits beside enterprise risk management. It belongs inside it. The GovCompass-7 is the control framework the organisation uses to govern each AI system; enterprise risk management is the machine that carries the residual risk those controls leave behind into the board's risk appetite, the risk register, and the assurance plan. The practical question is not whether to build AI governance or ERM, but how to slot the first into the second so that one accountable structure, not two competing ones, owns AI risk.

Two questions that get conflated

Before the two disciplines can be connected, one confusion has to be cleared. Organisations routinely merge two different uses of the word AI in their risk conversations.

The first is AI as a risk to be managed. An AI systemAI systemA machine-based system that, for explicit or implicit objectives, infers from input how to generate outputs — predictions, content, recommendations or decisions — that can influence physical or virtual environments. The OECD-style definition followed by the EU AI Act.Open full entry → the organisation builds or deploys introduces risks to fairnessfairnessThe responsible-AI principle that systems should not create or reinforce unjust discrimination; operationalised through bias testing, representative data and per-group thresholds — with multiple, mutually incompatible mathematical definitions.Open full entry →, safety, privacy, security, and the rest of the GovCompass-7. Governing those risks is what AI governance is for.

The second is AI as a tool to manage risk. A risk function can use AI to process more data, monitor exposures in real time, detect anomalies, or triage claims. That is a productivity question about the risk function's own operating model, not a governance question.

These are different problems. AI as a tool is governed like any other AI system the organisation deploys: it goes into the AI inventoryAI inventoryA register of all AI systems an organization builds, buys or embeds, with owners and risk tiers — the prerequisite for governing any of them.Open full entry → and is held to the GovCompass-7 like everything else. But the discipline of AI governance is about the first question, and it is the first question that has to be connected to enterprise risk management.

AI governance belongs inside ERM, not beside it

When AI governance appears on the agenda, the common instinct is to build a new structure: an AI committee, an AI policy, an AI risk taxonomy, sitting alongside the existing enterprise risk management framework. This produces two parallel machines that do not talk to each other. The AI committee tracks AI risks in its own register; the ERM function tracks enterprise risks in another; and the board sees AI risk as a separate topic rather than as part of the risk profile it already governs.

The COSO ERM 2017 framework was built precisely to avoid this fragmentation. Its premise is that risk is integrated with strategy and performance, not managed in a silo. AI risk is an enterprise risk like any other: it affects strategy, it has an owner, it carries a severity, and it competes for attention and budget against every other risk the organisation faces. Treating it as a separate domain undermines the integration COSO ERM exists to create.

The cleaner model is one structure. The GovCompass-7 provides the control framework at the level of each AI system: the preventive, detective, and corrective controls that hold each pillar in place. Enterprise risk management provides the layer above: it takes the residual riskresidual riskThe risk remaining after mitigations — compared against risk appetite and accepted in writing by someone with authority, or the project doesn't proceed.Open full entry → those controls leave behind, weighs it against the organisation's risk appetiterisk appetiteThe amount and type of risk leadership is willing to accept in pursuit of objectives — documented so the organization decides to take risks rather than discovering it took them.Open full entry →, records it in the enterprise risk registerrisk registerThe living record of an AI system's identified risks, ratings, responses, owners and review dates — kept current from design through retirement.Open full entry →, and routes it into the board's oversight. AI governance is the system-level control discipline; ERM is the enterprise-level aggregation and oversight discipline. They are two layers of one structure, not two structures.

The three lines model applied to AI

The clearest way to assign ownership is the three lines model, updated by the Institute of Internal Auditors in 2020 from the older "three lines of defence" language. Applied to AI governance, it resolves a question that much of the risk-management literature raises but does not answer: who, exactly, is accountable for what.

The first line owns and operates the AI system. The business owner who deploys an AI system to make or support decisions owns the risk that system creates. They run the preventive controls in daily operation: they keep the system within its intended purpose, apply the human oversighthuman oversightDesigned-in human ability to monitor, intervene in, override or shut down an AI system — meaningful only when the human has authority, information and time to act.Open full entry → measures, and act on the monitoring signals. In the GovCompass-7 terms, the first line is where the controls actually operate. AI governance fails most often because the first line treats the controls as someone else's job.

The second line provides the framework, the expertise, and the challenge. This is where the AI governance function sits, often an AI Officer or an AI governance team. The second line owns the GovCompass-7 framework itself: it defines the controls each pillar requires, maintains the AI inventory and the risk classification, sets the policy, and challenges the first line on whether the controls are designed and operating. The second line does not run the AI system; it sets the standard the first line is held to and reports the aggregate picture into ERM. Crucially, the second line is also where AI risk is translated into enterprise risk language: a GovCompass-7 control gap becomes a risk register entry with a severity, an owner, and a treatment.

The third line provides independent assurance. Internal auditinternal auditThe third line of defense: independent assurance that AI assessments, controls and documentation actually operate — reporting to the board, never to the builders.Open full entry →, the third line, does not own the controls and does not set the framework. It independently assesses whether the first line is operating the controls and whether the second line's framework is adequate. For AI systems, this is where the conformity evidence the EU AI Act requires meets an independent eye: internal audit tests whether the technical documentation, the human oversight measures, and the post-market monitoringpost-market monitoringProvider-side duty to systematically collect and act on experience from systems in use — the product-regulation half of continuous monitoring.Open full entry → actually exist and function, rather than existing on paper. An organisation whose AI governance has never been through the third line has assurance gaps it cannot see.

The governing body sits above all three. The board exercises oversight: it sets the risk appetite that determines how much AI risk the organisation will accept, and it holds management accountable for staying within it. Under the EU AI Act and increasingly under investor and supervisory expectations, AI risk oversight is becoming an explicit board responsibility, which makes the reporting line from the second line, through ERM, to the board the spine of the whole structure.

How a GovCompass-7 gap becomes an enterprise risk

The connection between the two disciplines is made concrete in one mechanism: the translation of a control gap into a risk register entry.

Take a high-risk AI system. The second line assesses it against the GovCompass-7: for each pillar, are the preventive, detective, and corrective controls designed, implemented, and evidenced. Suppose the fairness pillar is governed by a pre-deployment bias test but has no production monitoring and no corrective process. That is a control gap. On its own it is a governance finding. But it does not stay a governance finding.

The gap is translated into an enterprise risk: the risk that the system produces discriminatory outcomes in production that go undetected and uncorrected, with a severity driven by the consequence of the decision the system makes and the number of people affected. That risk is recorded in the enterprise risk register, weighed against the organisation's risk appetite for discrimination and regulatory exposure, assigned to the first line owner with the second line as the framework owner, and surfaced to the board if it exceeds appetite. The treatment, building the missing detective and corrective controls, becomes a tracked action with a deadline.

This is the mechanism that keeps AI governance from becoming a parallel world. Every GovCompass-7 gap has a path into the enterprise risk register, where it competes for attention against every other enterprise risk on equal terms, in language the board already understands.

Mapping to COSO ERM

The five components of COSO ERM 2017 give the structure a recognisable shape, and AI governance maps onto each.

Governance and culture: the board's AI risk oversight, the operating structure that assigns the three lines, and a culture that treats AI risk as everyone's responsibility rather than the AI team's alone.

Strategy and objective-setting: the organisation's risk appetite for AI, set deliberately rather than discovered after an incident, and the alignment of AI deployment with that appetite.

Performance: the heart of the connection. The AI inventory, the risk classification, the GovCompass-7 assessment of each high-risk system, and the translation of control gaps into prioritised risks.

Review and revision: the continuous monitoringcontinuous monitoringOngoing observation of a deployed system's performance, drift, fairness and usage against thresholds with named owners — the control that matches AI's speed and scale.Open full entry → that the EU AI Act's Article 9 risk management system and post-market monitoring obligations require, feeding changes back into the controls.

Information, communication, and reporting: the reporting line from the second line, through ERM, to the board, and the external reporting the EU AI Act requires, including incident reporting.

Where to start

If your organisation has both an ERM function and an emerging AI governance effort, the most valuable first step is to refuse to let them run as two structures. Place the AI governance function explicitly in the second line, give it the GovCompass-7 as its control framework, and build the one mechanism that connects the two disciplines: the translation of each control gap into an enterprise risk register entry with an owner, a severity, and a path to the board.

From there, the three lines each know their job. The first line operates the controls. The second line owns the framework and reports the aggregate. The third line provides independent assurance. And the board governs AI risk as part of the risk profile it already oversees, rather than as a separate topic it was asked to care about. That is what it means to govern AI inside enterprise risk management rather than beside it.

Legal referencesArt. 9

More on Accountability

Art. 10 EU AI Act: data and data governance for high-risk AI

Reference

Art. 10 requires that the training, validation, and testing data for high-risk AI systems meets quality criteria: relevant, sufficiently representative, and as free of errors and complete as possible for the intended purpose. It also requires documented data governance practices covering collection, preparation, bias examination, and gap mitigation, and it permits the limited processing of special-category data where strictly necessary to detect and correct bias, under safeguards.

Art. 12 EU AI Act: record-keeping and logging for high-risk AI

Reference

Art. 12 requires high-risk AI systems to technically allow for the automatic recording of events (logs) over their lifetime. The logging must enable traceability of the system's functioning at a level appropriate to its intended purpose, support post-market monitoring, and help identify situations that may lead to risk or substantial modification. It is a design obligation on the provider that makes the system auditable by construction.

Art. 19 EU AI Act: keeping the automatically generated logs

Reference

Art. 19 requires providers of high-risk AI systems to keep the logs that the system automatically generates (under Art. 12) for as long as they control them, for a period appropriate to the intended purpose and at least six months unless other law requires longer. It is the retention counterpart to the Art. 12 logging capability, and it works alongside the deployer retention duty in Art. 26.6.

Art. 26.1 EU AI Act: following provider instructions as a deployer

Reference

Art. 26.1 requires deployers to use high-risk AI systems strictly in accordance with the provider's instructions for use. This means using the system only for its intended purpose, within its specified technical configuration, and by qualified users, and documenting that compliance. Deviating from the instructions can shift liability entirely to the deployer.

More on Human oversight

Art. 14 EU AI Act: designing high-risk AI for human oversight

Reference

Art. 14 requires providers to design and build high-risk AI systems so that they can be effectively overseen by humans during use. The system must let an overseer understand its capabilities and limits, watch for anomalies, resist automation bias, correctly interpret outputs, decide not to use the system, and intervene or stop it through a kill switch (Art. 14(4)(e)). It is the design obligation that makes the deployer oversight duty of Art. 26.2 possible.

Art. 26.2 EU AI Act: human oversight of high-risk AI

Reference

Art. 26.2 requires deployers to ensure that the people assigned to oversee a high-risk AI system have the competence, training, and authority to do so effectively. Valid oversight is substantive, not formal: the overseer must understand the system, be trained on its limitations, and hold genuine authority to override its outputs.

Art. 27 EU AI Act: Fundamental Rights Impact Assessment (FRIA)

Reference

Art. 27 requires certain deployers, public bodies and private deployers in defined sectors such as credit and insurance, to conduct a Fundamental Rights Impact Assessment (FRIA) before deploying a high-risk AI system, examining the impact on fundamental rights and the mitigation measures.

Art. 4 EU AI Act: AI literacy obligations for organisations

Reference

Art. 4 has required organisations since 2 February 2025 to ensure a sufficient level of AI literacy among staff who operate or use AI systems, proportionate to the system and the role. It applies to all AI use, not only high-risk systems, and must be demonstrable.