A new global study from Optro (formerly AuditBoard) warns that enterprises are accelerating AI adoption far faster than they are building the controls required to manage it creating what the company calls a widening “AI oversight gap.”
Released on March 23, 2026, the Optro 2026 Risk Intelligence Report reveals that while 85% of organisations now consider AI central to business strategy or operations, most continue to rely on governance models designed for legacy technology systems, not human‑AI interaction. The result is a growing risk surface created not by algorithms themselves, but by how people use them.
“AI adoption is moving faster than organisations can govern it.”
— Kristin Colburn, Dayforce
According to the study, 34% of respondents identified employees entering sensitive data into AI tools as the leading source of risky AI‑usage behaviour. Another 21% cited inadequate training, while an equal percentage pointed to operational pressure to move quickly often pushing teams to bypass safety protocols.
Governance fragmentation is amplifying the challenge. AI oversight responsibilities are dispersed across departments, with IT holding just 25% of ownership, followed by risk management (18%), cross‑functional committees (17%) and dedicated AI governance teams at only 10%.
This diffusion extends into incident response. Issues related to AI are most often handled jointly by risk, compliance and internal audit teams (29%), senior leadership (27%), and IT or engineering (24%). Even authority over shutting down malfunctioning AI systems often described as a critical “kill switch” is scattered across multiple functions, leaving many organisations without clear operational command.
The impact is already visible. In the past year, 40% of organisations reported inaccurate AI outputs, 33% noted policy breaches involving AI, and 28% received customer complaints linked to AI‑driven processes.
“Governance is becoming the core work of the AI‑driven enterprise.”
— Guru Sethupathy, Optro
Despite the governance divide, the report highlights positive momentum: nearly three‑quarters of enterprises expect to increase their spend on governance, risk and compliance (GRC) technology in the coming year. Top priorities include AI governance solutions (43%), regulatory compliance tools (41%) and upgrades to core GRC platforms (38%).
Optro emphasises that mature AI governance should function as a continuous, integrated capability one that enables innovation rather than constraining it. The most sought‑after features in next‑generation tools include automated AI risk assessments, integration with enterprise GRC systems, regulatory mapping and third‑party AI evaluations.
