The Real Reason Nothing Gets Done
Ask a room of CFOs about their AI governance plan and, according to Root Idea founder and advisor to finance teams, the honest answer is usually a variation on: we know we need one, and we haven't started. The instinct is to diagnose this as apathy or incapacity. The actual cause, the argument runs, is how the problem gets framed.
AI governance is routinely presented as a sweeping enterprise undertaking — new committees, comprehensive policy frameworks, months of cross-functional planning before a single control is in place. Framed that way, the sheer scale of the task becomes its own obstacle. Organisations freeze not from indifference but from the weight of a mandate that feels impossibly large before it has even begun.
A Historical Parallel Finance Leaders Already Know
The counterargument draws on disciplines finance professionals have actually lived through. Sarbanes-Oxley compliance programmes in 2004, by this account, bore little resemblance to the mature capabilities organisations run today. Cybersecurity did not begin with sophisticated incident response. Six Sigma was not the starting point for quality management. Each discipline arrived at sophistication through successive, practical improvements — not through a single comprehensive design.
The implication for AI governance is direct: finance leaders have built governance incrementally before. The territory, however novel the technology, is not unfamiliar. What is required is permission to start small.
Reported · unverified
Reportedly, Root Idea said that you can't govern what you can't see.
Two Steps That Require No New Headcount
Rather than waiting for board sign-off on a governance architecture, two immediate moves are proposed — neither demanding new resources, only attention.
The first is mapping where AI is already influencing the business. Many organisations have policies covering approved tools but lack visibility into where AI is genuinely shaping processes and decisions: which teams depend on it, what data employees are feeding into it, and where AI-generated analysis is informing choices that leadership may assume are entirely human-authored.
The second is interrogating whether existing controls were designed for how work actually happens now. The example offered is instructive: approval workflows were typically built on the assumption that a person assembled, reasoned through, and could defend the underlying analysis. If AI now generates that analysis and an approver reviews only the output, the control still formally exists — but the assumption beneath it has shifted. The reviewer may be validating a conclusion that no one on the team genuinely reasoned through. That is not necessarily an indictment of using AI in the workflow; it is an argument for asking whether the control remains fit for purpose.
The Mindset Underneath the Method
What is analytically interesting here is less the specific tactics than the cognitive reframe being offered to a leadership cohort that is used to launching programmes rather than growing disciplines. The argument is essentially that perfectionism — the instinct to design a complete governance system before acting — is itself a governance failure. Organisations that are making the most progress, by this account, are those identifying their areas of greatest uncertainty and improving them iteratively.
The closing appeal — inviting peers to share what first practical step their organisation took — is consistent with this posture: governance matures faster when practitioners share what is actually working, not just what frameworks say should work.
Progress as the Point
The underlying thesis is straightforward: good governance rarely appears all at once. Every organisation that eventually develops a strong AI governance capability begins in the same place — understanding how AI is influencing decisions today, and strengthening oversight where it matters most. That starting point may not look like a programme. But it is, by this reasoning, precisely how one begins.
