DISCUSSIONS, debates, associations and businesses built around artificial intelligence (AI) or the desire to learn more about AI, have grown exponentially since the public release of ChatGPT on Nov 30, 2022.
While AI itself was not a new concept or technology, mass access of powerful tools in the hands of the public-at-large for free marked a turning point. Three years on, many businesses and boards are still catching up.
Having attended countless workshops, dialogues and conferences for board members – including those hosted by the Institute of Corporate Directors Malaysia (ICDM) – I have had many conversations with board members and company leaders around this very topic. Most are still deliberating the approach or treatment of AI and have not made tangible decisions or plans. Despite the growing interest and discourse around AI, the translation of that enthusiasm into concrete decisions and actions remains slow.
Also, technology (including AI) often still ranks low among board priorities, even as digitalisation continues to be a necessity in today’s landscape. ICDM’s research shows that only 15% of boards currently prioritise technology risks, and just 26% have taken tangible steps to strengthen digital oversight. Meanwhile, the Khazanah Research Institute has flagged real concerns: slow adoption of AI, unintended consequences like job losses, cybersecurity and privacy concerns, and the risk of malicious uses like deepfakes and fraud.
Despite all this, AI is still treated in many boardrooms as a technical concern that is for the IT or operations teams to handle. This raises the critical question: Who is responsible and therefore, concerned about the impact of AI? How should boards and directors approach AI?
AI belongs in the boardroom
For boards and directors – strategic thinking, financial acumen, risk management, governance knowledge, and leadership skills, with a growing emphasis on digital literacy, ESG expertise, are essential. Today, AI literacy is also a core leadership competency. All leaders and boards need a working understanding of how AI is used across the organisation, the risks it introduces externally and internally, and how it connects with broader responsibilities – from ethics and compliance to reputation and stakeholder trust.
Deepening the knowledge beyond the superficial to ask focused, incisive questions such as: Where is AI deployed in our business? How robust are the plans we have to guard the organisation/business against impersonation, especially deep fakes? How confident are we in the quality of our data? What checks are in place to reduce bias, misinformation, or failure? And when something goes wrong, can we explain what happened and justify the outcome? Are we ready to be held accountable for decisions made with the help of AI? Or are we ready to accept people who need AI to do their work?
These are not abstract concerns but real-world examples of the practical impact of AI, especially the related risks which may result in discriminatory outcomes, privacy breaches, to reputational damage.
It starts with clear oversight
Once we understand the potential impact of AI, we need to take ownership of how it is addressed and governed. Developing a clear framework that outlines the organisation’s risk appetite around AI, board priorities, accountability to alignment of usage with company values, strategy, and stakeholder expectations, the process needs to start with a clear view from the top. This means proactively embedding AI conversations as a regular and critical point in board discussions and planning, and integrating the priority in charters, risk registers, and audits or ethics reviews.
Some boards form dedicated subcommittees or appoint a lead director for digital and technology oversight. What matters most is consistency. Boards should receive regular reporting on AI usage: what tools are in place, who are using them for what purpose, why they are used, and how the usage and outcomes are monitored. Just as we have done with ESG and cybersecurity, AI governance must now become part of the board’s core agenda.
Planning for disruption
Disruption is inevitable, its occurrence rising with the advent of AI. As such, the board’s preparedness has to evolve ahead of current state. Regular reviews, tests and updates on governance frameworks are a start, but they must hold up under scrutiny and pressure. This shows how fast AI risks—flawed algorithms, misinformation, deepfakes, and data breaches—can escalate into real damage, highlighting the urgency for boards to prioritise preparedness. Boards must look and plan ahead to prepare themselves and include these risks into business continuity and crisis planning to ensure survival. Agility and resilience in the face of these emerging threats is the only way forward.
Asking hard questions now is a necessary step to ensure our organisations can react quickly and effectively when it matters the most: Where are our weak points? Are our safeguards strong enough? Are protocols up-to-date, clear and well tested? Are we prepared and equipped to respond swiftly and effectively? Have we done sufficient stress testing and scenario planning to prepare ourselves?
It is not just about investing in the right technology. Effective governance especially in the age of AI requires the right people, capabilities, structures, and forward thinking mindsets in place. Innovation matters, but without accountability, it can become a liability.
Are our boards ready?
Board members will not always have all the answers, but they should be confident to engage with AI-related topics. That starts with assessing whether the board has the right mix of expertise.
Does the board have directors who understand digital systems, ethical implications and cyber risks? Where gaps exist, rebalancing should be considered. AI governance is not a solo effort, and it requires diverse perspectives, shared responsibility and a culture that supports ongoing learning.
Directors do not need to become technical experts overnight, but they do need continuous exposure to real-world examples, case studies and a sense of what’s coming next. Given the pace of change, it is about building the confidence to engage constructively and making informed decisions.
Looking ahead
AI will shape the future of every organisation. That is certain. It is also certain that boards must proactively respond quickly and strategically to be in a position of strength to lead with clarity, confidence, and credibility. Our role as directors is not just to manage what is in front of us today, it is to prepare our organisations for what is ahead and still unknown.
That future now includes AI—and we cannot afford to sit on the sidelines.
This article is contributed by Institute of Corporate Directors Malaysia president and CEO Michele Kythe Lim.
