Roundabouts, Not Traffic Lights
A Case Study on AI Governance
AI governance doesn’t have to be a traffic jam. Read on for the steps that have been part of my enterprise AI governance journey.
Key Takeaway 1 — 🤝 “It’s dangerous to go alone, take this.”
Don’t build your governance program from scratch or in isolation.
- Leverage existing frameworks — NIST AI RMF and ISO 42001 are your map
- Build a cross-functional coalition: legal, cybersecurity, a business champion, and someone with the technical expertise and interest to dive into the documentation.
- Consider tools carefully and think about how you will maintain observability over the AI features folks in your org are using, as well as the data that flows through them. Kudos to the hard-working cybersecurity teams out there partnering to keep up with this ever-evolving space!
- For smaller orgs: your coalition might be a couple of people — someone who cares about risk, someone who talks to customers, and someone who actually uses the tools. Or it might be you and an AI tool you chat with about governance or an AI agent you build. If you need a friend on the journey, reach out to me with questions!
Key Takeaway 2 — ⚖️ “Your scientists were so preoccupied with whether they could…”
Define the why as you build the what. Governance isn’t about control — it’s about minimizing risk while keeping the business moving forward.
The roundabout model: four paths, all with a defined process
| Path | Who | What |
|---|---|---|
| 🟢 Fast lane | Everyone | Approved tools, available right now, no extra steps needed |
| 🔵 Developer path | Technical or specialized roles | Additional tools with guardrails and leadership approval |
| 🟠 Exception path | Anyone | Something outside the above — there’s a process for that |
| ⛔ The no or ‘not right now’ | Anyone | Be ready to explain it, and have a path to re-review |
If your vendors use AI, build the muscle of AI literacy and an AI Operating Model by asking these questions
- Do you have a documented AI governance policy?
- Are you using our data to train your models?
- How do you handle data privacy and security in your AI systems?
- Who is accountable when your AI produces a wrong or harmful output?
- How do you notify customers of material changes to your AI systems?
- What frameworks or standards does your AI governance program align to?
Key Takeaway 3 — 📣 “What would you say you… do here?”
Building the roundabout is only half the job — people have to know how to drive in it.
Three things every person in your org should be able to answer:
- What AI tools can I use?
- What am I not supposed to do with them?
- What do I do if I need something different?
If it takes a paragraph to explain, it’s not a sign — it’s a terms and conditions agreement. And we all know how carefully people read those.
This applies to your vendors too. If they don’t know your governance expectations, they’re the person in the roundabout making everyone else wait and putting your organization at risk.
Resources
Thanks to all who attended my presentation on Tuesday, 4/6/2026 at the TAI Tech Summit! I really appreciated the questions from audience members, as well as those who have followed up with questions and comments via LinkedIn.
Below are my slides. Please reach out to me if you or your organization would like to discuss more about AI or AI governance!
Let’s connect
Jeanna Schoonmaker
Sr. Director, AI & Analytics — Insight Global
LinkedIn
Presented at the TAI Iowa Technology Summit, Des Moines — 2026