A new global study from Optro (formerly AuditBoard) reveals that while AI adoption has accelerated rapidly across enterprises, governance structures have failed to keep pace creating significant unmanaged risks across the organisation. The 2026 Risk Intelligence Report, titled “The AI Oversight Gap: Adoption is Scaling. Governance Controls Aren’t,” highlights a widening disconnect between the speed of AI deployment and the maturity of oversight frameworks designed to safeguard its use.
According to the study, 85% of organisations say AI is now central to their business strategy, either embedded in core operations or deployed across multiple functions. Yet the biggest risks are not in the models themselves, but in how employees interact with them. Thirty‑four percent of respondents identified staff entering sensitive data into AI tools as the primary source of risky behaviour, followed by inadequate training (21%) and pressure to accelerate delivery (21%).
“AI adoption is moving faster than many organisations’ ability to fully understand and govern it oversight must evolve into a continuous capability.”
— Kristin Colburn, Leader of Data and AI Governance, Dayforce
The report points to a fragmented governance landscape as a root cause. AI oversight is scattered across several functions: IT holds only 25% of ownership, risk management 18%, cross‑functional committees 17%, and dedicated AI governance teams just 10%. This diffusion extends to incident response, where responsibility is shared among risk, compliance and audit teams (29%), executive leadership (27%), and IT/engineering teams (24%). In many organisations, no single function has authoritative control to shut down an AI system, leaving some environments without a clear operational “kill switch.”
“Governance isn’t a blocker to innovation it’s the foundation for deploying high‑integrity AI across the enterprise.”
— Guru Sethupathy, GM of AI Governance, Optro
The consequences are visible. Over the past year, 40% of organisations reported inaccurate AI outputs, 33% experienced policy violations, and 28% received customer complaints linked to AI systems.
Despite the oversight gap, organisations are preparing to invest. Nearly 75% expect to increase GRC budgets, with AI governance solutions (43%) topping priority lists. Other key investment areas include regulatory compliance tools (41%) and enhancements to existing GRC platforms (38%).
Optro says the findings underscore a growing recognition that AI governance must shift from reactive controls to a continuous, integrated discipline one aligned with rapidly evolving AI‑driven workflows and agentic systems.