Responsible Gen AI Use Is a Governance Problem, Not a Policy Problem
Most organizations are writing Gen AI policies. Fewer are building Gen AI governance. These are not the same thing.
Three Takeaways
- 1
A policy tells employees what they can and cannot do. Governance determines who decides when the policy fails.
- 2
Gen AI governance requires accountability structures that most organizations do not have.
- 3
The organizations that will get this right treat responsible AI as an operating discipline, not a compliance checkbox.
KPMG identifies guiding the responsible use of Gen AI as the third area where HR creates value. This framing is correct. But "guiding" is doing a lot of work in that sentence.
The Policy vs. Governance Distinction
A policy tells employees what they can and cannot do with Gen AI. It sets boundaries. It establishes acceptable use. It can be written in a week.
Governance is different. Governance is the system of accountability that determines: Who decides when the policy is unclear? Who reviews Gen AI outputs for accuracy and fairness? Who is responsible when something goes wrong? How are decisions appealed?
Policy is a document. Governance is an operating system.
Where Most Organizations Are
Most organizations have policies. Some have detailed policies. Very few have governance systems.
The evidence is straightforward: When something goes wrong with a Gen AI output in your organization, can you name the person accountable? Can you describe the review process? Does an appeal mechanism exist?
If you cannot answer these questions, you have a policy. You do not have governance.
Why HR Is the Right Owner
KPMG is correct that HR is the right function to lead this. HR already owns accountability frameworks, performance systems, and employee relations processes. These are the organizational muscles that governance requires.
But HR needs to build new infrastructure. Not just apply existing frameworks to a new technology.
The Operating Model Implication
Responsible Gen AI governance requires embedding oversight into workflows, not bolting it on afterward. This means designing accountability into the operating model from the start.
Organizations that treat governance as a compliance exercise will write policies. Organizations that treat it as an operating discipline will build systems.
The difference will show in the outcomes.
Source: KPMG, "HR holds the keys to creating value from generative AI," 2024
Copyright Notice: This article is the intellectual property of GeneralArc and Amrita Sandhu. All rights reserved. No part of this publication may be reproduced, distributed, or transmitted in any form without prior written permission. For permissions or inquiries, contact amrita@generalarc.com.
Disclaimer: The views and opinions expressed in this article are for informational purposes only and do not constitute professional advice. Readers should consult with qualified professionals before making any decisions based on this content.
About the Author
Amrita Sandhu brings 22 years of experience in organizational transformation, talent strategy, and enterprise architecture. She has held senior leadership roles at JPMorgan Chase, Nomura, and McKinsey & Company, leading transformations across 100,000+ employees and delivering significant organizational impact through structured change management and governance frameworks.
More from AI Governance
The Agentic AI Workforce Revolution Is an Operating Model Problem
The organizations that will thrive in the agentic AI era are not the ones adopting fastest. They are the ones redesigning their operating models to absorb a new kind of worker.
Gen AI in Financial Services Is an Operating Model Transformation, Not a Technology Upgrade
The regulatory environment in financial services is not an obstacle to Gen AI adoption. It is the reason financial institutions that do this right will have durable advantage.