Home Cross-Cutting Organizational Enablement
SECTION X

Organizational Enablement

People and processes are as critical as technology. These controls establish governance bodies, roles, training programs, and change management practices to enable successful AI adoption.

People & Process
10 Control Objectives

Control Objectives

ORG-01

Governance Body Effectiveness

Establish effective governance bodies (councils, boards, committees) that make timely decisions and enforce policies.

Primary Risk Addressed

Governance decisions not made or enforced

Key Metric

Decision cycle time

ORG-02

Role and Accountability Clarity

Ensure every agent has a named accountable owner with clear responsibilities.

Primary Risk Addressed

Gaps or overlaps in responsibility

Key Metric

% agents with named accountable owner

ORG-03

RACI Completeness

Define RACI matrices for all governance activities to clarify who decides, acts, and informs.

Primary Risk Addressed

Confusion over who decides, acts, or informs

Key Metric

% governance activities with RACI defined

ORG-04

Executive Training Coverage

Ensure executives understand AI governance to make informed strategic decisions.

Primary Risk Addressed

Leadership decisions without understanding

Key Metric

% executives completing training

ORG-05

Developer Training Coverage

Train developers on secure, compliant agent development practices.

Primary Risk Addressed

Insecure or non-compliant development

Key Metric

% developers certified

ORG-06

Business User Training Coverage

Train business users on proper agent usage to prevent misuse and maximize value.

Primary Risk Addressed

Misuse or underutilization of agents

Key Metric

% business users completing training

ORG-07

Governance Liaison Effectiveness

Maintain effective liaisons between governance and business units to ensure alignment.

Primary Risk Addressed

Business units disconnected from governance

Key Metric

Business unit satisfaction score

ORG-08

Change Management Execution

Execute effective change management to overcome resistance and drive governance adoption.

Primary Risk Addressed

Resistance and adoption failure

Key Metric

Governance adoption rate

ORG-09

Communication Effectiveness

Communicate governance requirements effectively to ensure stakeholder awareness.

Primary Risk Addressed

Stakeholders unaware of governance requirements

Key Metric

Awareness survey score

ORG-10

Feedback Mechanism Utilization

Capture and act on feedback to continuously improve governance practices.

Primary Risk Addressed

Governance not improving from input

Key Metric

Feedback volume and action rate

Quick Reference

IDObjectivePrimary Risk AddressedKey Metric
ORG-01Governance Body EffectivenessGovernance decisions not made or enforcedDecision cycle time
ORG-02Role and Accountability ClarityGaps or overlaps in responsibility% agents with named accountable owner
ORG-03RACI CompletenessConfusion over who decides, acts, or informs% governance activities with RACI defined
ORG-04Executive Training CoverageLeadership decisions without understanding% executives completing training
ORG-05Developer Training CoverageInsecure or non-compliant development% developers certified
ORG-06Business User Training CoverageMisuse or underutilization of agents% business users completing training
ORG-07Governance Liaison EffectivenessBusiness units disconnected from governanceBusiness unit satisfaction score
ORG-08Change Management ExecutionResistance and adoption failureGovernance adoption rate
ORG-09Communication EffectivenessStakeholders unaware of governance requirementsAwareness survey score
ORG-10Feedback Mechanism UtilizationGovernance not improving from inputFeedback volume and action rate
Previous

IX. Financial Governance
Next

XI. Continuous Improvement