Perspectives | Governance

You can't fix AI slop with a checklist.

A major business publication ran a 2,000-word argument for AI governance without ever using the word. It names three real failures and offers four fixes. The fixes are good inputs to a governance system. They are not a governance system.

HBR just published a 2,000-word argument for AI governance. They never used that word.

The piece, by Matthias Holweg and Thomas Davenport, is worth reading. It names three real organizational failures caused by generative AI: verification (you can't tell what's accurate), validation (you can't tell what's human), and entropy (content degrades each time it passes through an AI system).

These are serious problems. The healthcare reimbursement example alone should alarm any executive in a risk-sensitive industry. AI generates the documentation. AI reviews it on the other end. Each pass through a probabilistic model moves the content further from ground truth. No one notices until something goes wrong.

But then the authors offer four recommendations: track data provenance, restrict AI use, define what value AI adds, and understand process implications.

These are operational suggestions. They're not wrong. They're just insufficient.

Here's the gap: you cannot implement those four steps without a control structure. Who decides where AI is restricted? Based on what criteria? Who enforces it? Who reviews it? What happens when a vendor's AI-generated documents feed your AI-based review process? Who owns that interface?

The authors are describing governance failures throughout the piece. What they never offer is a governance solution.

This matters because the instinct when facing these problems is to add more process. Issue a policy. Run training. Create a checklist. But ungoverned AI use doesn't fail because of missing checklists. It fails because accountability is diffuse, oversight is inconsistent, and no one has ownership of the control layer.

The three challenges in the article each map to a specific governance gap:

Verification requires an approval structure. Someone has to be accountable for what AI-generated content enters a workflow. That's not a task for individuals making ad hoc judgment calls. It's a function that needs to be defined, assigned, and enforced.

Validation requires an ownership structure. If human expertise is still expected to add value, that value has to be documented and auditable. "We used AI for the first draft" is not validation. A defined process with named owners and reviewable checkpoints is.

Entropy requires a monitoring structure. Content that degrades across organizational boundaries won't be caught by any individual employee. It requires someone watching the process at the level of the process, not the task.

The article's four recommendations are good inputs to a governance system. They are not a governance system.

What does a governance system actually look like? At minimum: a policy layer that defines permitted and restricted AI use by workflow; a control layer that specifies where human judgment is required and how it must be documented; clear ownership with named accountability for AI-related decisions; and a monitoring function that tracks usage and flags problems before they compound.

This isn't a technology problem. It's a structural one. The organization has to define what controlled AI use looks like before any individual can practice it consistently.

The productivity paradox the authors cite at the end is instructive. Computing spread through organizations in the 1980s and 1990s. Productivity gains were elusive for years. The improvement came not from better technology, but from redesigning work around it. Process, roles, accountability, and culture had to catch up to the tool.

We are at that same inflection point with generative AI. The technology will keep improving. The governance lag is the variable. Organizations that close that gap now won't just avoid the knowledge decay problem. They will build a durable operational advantage over those that don't.

The HBR authors are right that something is breaking. The fix isn't better individual behavior. It's building the control layer that governs what individuals are allowed to do with AI in the first place.

That's the work. And almost no organization has done it yet.

First published on LinkedIn →
← All perspectives