Five Questions Every Board of Trustees Should Be Asking About AI

In my experience advising institutional leaders, boards of trustees represent both the greatest source of potential governance strength and the most significant governance gap when it comes to AI. Most boards I encounter fall into one of two categories: those that have not yet engaged with AI as a governance topic at all, and those that have engaged but are asking the wrong questions. The first group treats AI as an operational matter that belongs with the CTO. The second group asks questions like 'What AI tools are we using?' and 'How far behind are we compared to our peers?' Neither set of questions addresses the fiduciary obligations that boards actually hold.

There are five questions that every board of trustees should be asking, and most are not. First: who in this institution holds the authority to approve AI systems that affect clinical decisions, academic outcomes, or financial commitments, and is that authority documented? Second: what is our institutional liability exposure if an AI system produces a harmful outcome, and have we mapped that exposure across every domain where AI is currently deployed? Third: do we have a documented governance framework for AI that our accreditors, regulators, or insurers could review today if requested? Fourth: where have we drawn the line between AI-assisted and human-required decisions, and who has the authority to move that line? Fifth: how would we know if AI is being used in our institution in ways that have not been sanctioned or reviewed?

These questions matter because boards carry fiduciary responsibility for institutional governance. When an AI system produces a harmful clinical outcome, when an accreditor finds inadequate AI oversight, when a regulator investigates algorithmic bias in admissions, the board cannot credibly claim it was a technology problem that belonged with the IT department. The board's obligation is to ensure that the institution's governance structures are adequate for the risks it faces. AI has changed the risk landscape. The governance structures must change with it.

I encourage every board chair reading this to put AI governance on the agenda for the next board meeting, not as an information item, but as a governance item. Request a documented AI governance framework from your executive team. If one does not exist, that is the finding. And it is a finding that demands action, not another quarter of waiting.