There is a quiet panic spreading through boardrooms right now, and it has nothing to do with whether AI works. It has to do with whether anyone can prove it.
The numbers behind that panic are real. Hyperscalers are on track to spend roughly $675 billion on AI infrastructure this year alone. Meanwhile, MIT’s Project NANDA found that 95% of enterprise AI pilots deliver no measurable P&L impact. S&P Global reported that 42% of companies abandoned most of their AI initiatives last year which is more than double the rate of the year before. Forrester is now predicting a market correction with enterprises deferring a quarter of their planned 2026 AI spend into 2027. Even the debt markets have weighed in: Citi identified a measurable credit spread penalty for companies classified as AI adopters without evidence of return. Spending without proof is now literally priced into the cost of capital.
I am not here to argue with the data. The data is right.
I am here to argue with the response.
Key Takeaways
- The disappointing AI ROI is real, but the boardroom response is the danger. The reflex to add steering committees, business cases, and approval gates rebuilds the rigid structures that already neutralized cloud and agile.
- This creates Governance Debt. Controls that outlast the uncertainty they were built to manage compound quietly, like technical debt – except a legacy operating structure has no migration project.
- Build for velocity instead. Replace approval gates with kill cycles, measure ROI at the portfolio level rather than per use case and put a sunset clause on every control. The winners out-decide their peers; they don’t out-govern them.
The Control Reflex: Why AI Governance Backfires
When boards see numbers like these, they react the way boards have always reacted: with control. AI steering committees and per-use-case business cases. ROI attestation before funding. Approval gates between pilot and production. Governance councils that meet monthly to review initiatives that move weekly.
Every one of these mechanisms is individually defensible. That is exactly what makes them dangerous.
I have spent my career on both sides of this dynamic, as a CIO running technology for telecom operators in Latin America, and later advising enterprises on transformation at Accenture, IBM, and Ericsson. And I can tell you what happens next, because I have watched it happen with every major technology wave: the control structure built to manage today’s uncertainty becomes tomorrow’s constraint. It outlives the problem it was created to solve. Nobody is ever promoted for dismantling a governance committee.
I learned this the hard way by inheriting the aftermath of one. At a Latin American operator a major CRM transformation had been put in front of a review board and killed on grounds that were individually hard to argue with: the projected budget was steep, the internal skills weren’t fully in place, and the business wasn’t deemed ready. Every objection was reasonable. The board did exactly what it was designed to do. And while we sat on a defensible “not yet” a competitor moved, modernized its customer platform, and took ground we never fully recovered. The control worked perfectly. The company lost anyway. That is the trap: the most dangerous governance failures don’t look like failures at all, they look like prudence.
We have seen this exact movie before. Cloud and agile both promised speed. In most enterprises they delivered something closer to “the same speed with more meetings.” The technology arrived, the operating model absorbed it, neutralized it, and carried on. The gains didn’t disappear, they were quietly strangled by slow decisions and diffused accountability.
The ROI panic is now rebuilding that machinery, at speed, with the best of intentions. Except this time there is a difference that should worry every executive: when the constraint is a legacy system you can eventually migrate off it. When the constraint is a legacy operating structure there is no migration project. It just becomes how the company works. I call this Governance Debt: the accumulated drag of controls that outlast the uncertainty they were built to manage. Like technical debt it compounds quietly and like technical debt the interest is paid in speed.
The Wrong Diagnosis: It’s Not an AI Adoption Problem
Here is the tell that we are solving the wrong problem. In one of the most striking findings of this cycle 97% of executives report personally benefiting from AI yet only 29% see significant organizational ROI.
Read that gap carefully. It is not an adoption problem. It is not a model-quality problem. And it is emphatically not a control problem. It is a compounding problem. Value is being created at the level of individuals and teams and the organization has no mechanism to aggregate it, redirect it, or build on it. Adding oversight to that situation does not create compounding. It adds friction to the one place value actually exists.
Look at what the successful 29% actually have in common: AI tied to revenue outcomes, business teams owning the workflows, and the whole effort treated as organizational redesign rather than technology deployment.[1] Notice what is not on that list: more approval gates.
The organizations seeing returns did not out-govern their peers. They out decided them.
What to Build Instead: A Velocity-First AI Operating Model
If the answer isn’t heavier oversight, what is it? Three structural moves none of which require a committee:
Replace approval gates with kill cycles. Don’t make initiatives prove their worth before they start, make them prove it on a clock. Every AI initiative launches with pre-agreed kill criteria and a fixed time box. The discipline shifts from “may we begin?” to “did we learn enough to continue?” That is governance measured in velocity, not meetings.
Measure ROI at the portfolio level, not the use case. Demanding a business case from every individual experiment guarantees you will only fund the safe, incremental, and ultimately unimportant. Venture and private equity investors figured this out decades ago: the portfolio carries the math so the individual bets can take real risk. It is the same logic that drives value creation across a portfolio of companies, you manage the aggregate, not the average. Boards should hold leadership accountable for portfolio-level return and learning rate, not for the survival of any single pilot.
Put a sunset clause on every control. Any governance mechanism created to manage AI uncertainty should carry an expiration date and a renewal test: what decision did this body accelerate this quarter? If the honest answer is none, it isn’t governing, it’s accumulating. This is how you keep Governance Debt off the balance sheet. Controls that can’t justify their existence in terms of speed are the new technical debt written in org charts instead of code.
The Real Risk: Rigidity, Not AI
I wrote recently about the hidden risk of AI transformation – The Hidden Risk of AI: Building Transformation Programs for a Future That May Not Exist: building rigid multi-year programs for a future that may not exist. The ROI panic is that same risk wearing a more respectable suit. Rigidity in the name of innovation and rigidity in the name of fiscal discipline produce the identical outcome – an enterprise that cannot move when the landscape shifts. And the landscape is shifting quarterly.
The correction Forrester predicts will happen. Budgets will tighten and they should. But the companies that emerge ahead will not be the ones that built the most rigorous AI oversight. They will be the ones that built the fastest honest decisions about what to fund, what to scale, and above all, what to kill.
The last generation of legacy systems was written in COBOL. The next one is being written in committee charters. Choose carefully which one you build.
Frequently Asked Questions
Why are 95% of enterprise AI pilots failing to show ROI?
According to MIT’s Project NANDA, 95% of enterprise AI pilots deliver no measurable P&L impact. The cause is rarely the technology or the model. Value is created at the level of individuals and teams but most organizations have no mechanism to aggregate that value, redirect it, or build on it which is a compounding problem, not an adoption or model-quality problem.
Does adding more AI governance improve AI ROI?
Usually not. Steering committees, per-use-case business cases, and approval gates add friction to the place where AI value actually exists. Organizations reporting significant ROI did not out govern their peers they out decided them by tying AI to revenue outcomes, giving business teams ownership of workflows, and treating the effort as organizational redesign rather than technology deployment.
What is Governance Debt?
Governance Debt is the accumulated drag of controls that outlast the uncertainty they were created to manage. Like technical debt it compounds quietly and its interest is paid in speed. Unlike a legacy software system, a legacy operating structure has no migration project, it simply becomes how the company works.
How should boards measure AI ROI by use case or by portfolio?
At the portfolio level. Demanding a business case from every individual experiment funds only the safe and incremental. As venture and private equity investors learned long ago, the portfolio carries the math so individual bets can take real risk. Boards should hold leadership accountable for portfolio-level return and learning rate, paired with pre-agreed kill criteria and time boxes for each initiative, not for the survival of any single pilot.
Rob Purks CIO & Management Consultant 
Leave a comment