Deloitte Sri Lanka calls for structured AI governance as enterprise adoption accelerates

Sri Lankan organisations need to move beyond AI experimentation and put structured governance and risk-management frameworks in place as adoption widens, Deloitte Sri Lanka has said.

“AI adoption is accelerating across industries, but so are the associated risks. Organisations need to move beyond experimentation and focus on building structured governance around how AI systems are developed and used,” said Vengadasalam Balagobi, Cyber and Technology Risk Head and Information Security Leader at Deloitte Sri Lanka & Maldives.

Balagobi pointed to ISO/IEC 42001, the AI management system standard released by the International Organization for Standardization in December 2023, as a practical starting point. The framework covers governance structures, accountability, risk assessment, transparency, fairness, and mechanisms for keeping pace with evolving regulations.

Concerns over generative AI accuracy, bias, data privacy, cybersecurity and regulatory compliance are increasingly landing in boardrooms rather than staying inside technology teams, Balagobi said, as companies seek to scale AI responsibly without losing stakeholder confidence.

ISO 42001 also lets organisations build on existing controls. Data governance, information security, privacy, enterprise risk management and internal audit functions can serve as the foundation for an AI-specific oversight regime, Deloitte said, allowing companies to identify gaps rather than redesign controls from scratch.

The standard’s relevance is also tied to wider regulatory direction internationally, with many of its requirements aligning with rules taking shape across jurisdictions. Early alignment, Deloitte argued, supports both immediate risk management and longer-term readiness for compliance regimes that have yet to fully crystallise.

Source: EconomyNext.