Skip to content
Bizzi AI Governance Framework
Pillar I: AI Organization · § 03

Governance oversight

The AI Governance Board oversees every AI decision with strategic, financial, or reputational weight. Its job is not to micromanage models. Its job is to set risk appetite, approve the few high-impact initiatives needing explicit sign-off, and keep AI decisions consistent across squads.

Context

Section titled “Context”

In most companies, AI oversight lives nowhere or sits in a steering committee meeting twice a year and rubber-stamping slides. Both fail. We run a small board with explicit decision rights, a short agenda, and a clear list of things it does not decide. The board convenes and decides.

Composition

Section titled “Composition”

The Board has four required seats:

  • CEO (Chair). Owns the link to business strategy. Confirms every AI commitment is one we defend to customers.
  • CPTO. Owns technical feasibility and integration across the product portfolio.
  • CPTO. Owns the security threat model. Final voice on red-team findings and incident severity.
  • Legal Director. Owns regulatory exposure, vendor liability, and disclosure obligations.

The CoE Lead attends every session as an invited expert without a vote, to brief the Board on technical state. Final Board composition is locked in CHANGELOG v1.1.

Cadence

Section titled “Cadence”
  • Quarterly. Four meetings a year, 90-minute slot. Standing agenda: portfolio review, KPI deltas, risk register, open incidents, BAGF amendments.
  • Ad-hoc. Convened within 24 hours for SEV1 incidents or for high-impact initiatives needing approval before the next quarterly slot.

Decision rights

Section titled “Decision rights”

The Board decides:

  • Approval of high-impact AI initiatives (the threshold is defined in §8).
  • The risk appetite statement. The level of model risk we tolerate, and where.
  • Material amendments to BAGF. Adding pillars, changing commitments, removing standards.
  • Response to SEV1 incidents and any external disclosure to customers, regulators, or the press.

The Board does not decide:

  • Individual model or prompt approvals. Those belong to the CoE.
  • Squad-level AI feature roadmaps. Those belong to Product Owners.
  • Hiring or staffing inside the CoE. That belongs to the CPTO line.

Escalation path

Section titled “Escalation path”

Issues escalate through four tiers:

  1. Squad. SEV3 and SEV4 resolved at the squad with the embedded Steward.
  2. CoE. Escalated when a fix requires a standard change or touches more than one squad.
  3. CPTO or Legal. Escalated when the issue carries security or regulatory exposure.
  4. AI Governance Board. Escalated for SEV1, for any decision changing risk appetite, or for any external disclosure.

Standards mapping

Section titled “Standards mapping”