AI governance by exception: are manual checks already failing?

TL;DR: Manual, inconsistent governance checks do not scale as AI portfolios grow, according to Collibra, and Gartner predicts that by 2027, 60% of organisations will fail to realise expected AI value because governance frameworks are fragmented. The deeper issue is that governance models built for periodic review break when policy enforcement must run continuously.

NHIMG editorial — based on content published by Collibra: Control Tower, OOTB controls to govern AI by exception

By the numbers:

• Gartner predicts that by 2027, 60% of organizations will fail to realize the expected value of their AI use cases due to fragmented governance frameworks.

Questions worth separating out

Q: How should security teams implement exception-based governance for AI systems?

A: Start by encoding each recurring governance requirement as a control with a clear failure condition, a run schedule, and an assigned owner.

Q: Why do manual governance checks fail as AI portfolios grow?

A: Manual checks fail because they cannot keep pace with the number of assets, versions, data sources, and policy obligations that appear as AI use expands.

Q: What breaks when governance controls are not tied to trusted metadata?

A: Controls lose context and begin to produce weak or misleading results.

Practitioner guidance

• Map AI governance checks to exception workflows Convert recurring review items into controls that fire only when a model, dataset, or policy condition fails.
• Tie each control to governed metadata Anchor every check in trusted relationships among models, versions, owners, data assets, and quality scores.
• Set operational thresholds for policy drift Define the score, version state, or ownership condition that causes a failure notification, then make the threshold visible to both control owners and reviewers.

What's in the full article

Collibra's full blog post covers the operational detail this post intentionally leaves for the source:

• The exact control-building workflow for creating a query, setting a run schedule, and customising failure notifications.
• The example logic behind the "Data Quality Issues on Training Data" control and how its hourly validation is configured.
• The governed metadata relationships used to connect models, versions, data assets, owners, and quality scores.
• The product-specific views for Candidate status, Failed Assets, and control history that support remediation and audit trails.

👉 Read Collibra's post on Control Tower OOTB controls for AI governance →

AI governance by exception: are manual checks already failing?

Explore further

View Full Forum →  |  NHI Foundation Course →