CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership May 29, 2026

AI Is Making Decisions. Who's Owning Them?

Data Breach Today Archived May 29, 2026 ✓ Full text saved

GSK's Nancy Paul on Why Static Governance, Risk and Compliance Fail in AI Era Traditional governance, risk and compliance principles still hold, but periodic, checklist-driven governance is a dangerous mismatch for AI systems that continuously evolve and make millions of decisions per second, said Nancy Paul of GSK.

Full text archived locally
✦ AI Summary · Claude Sonnet


    Artificial Intelligence & Machine Learning , Governance & Risk Management , GRC AI Is Making Decisions. Who's Owning Them? GSK's Nancy Paul on Why Static Governance, Risk and Compliance Fail in AI Era Suparna Goswami (gsuparna) • May 29, 2026     Credit Eligible Get Permission Video Player 00:00 00:00 Nancy Paul, principal, governance, risk and compliance, GSK Traditional governance, risk and compliance fundamentals, which include risk-based thinking, change management, incident response and continuous assurance, still hold in an artificial intelligence-driven environment. What must change is the assumption that systems remain predictable after deployment, said Nancy Paul, principal, governance, risk and compliance at pharmaceutical manufacturer GSK. See Also: Know Thy Enemy: Threats to Cyber Resilience "We have to wake up. And in a dynamic AI environment, we cannot have a static governance. It will become a dangerous mismatch. Traditional things have to be there, but the stasis has to go," Paul said. "For governance to be effective, it must be embedded in the workflow itself and not treated as a document or a review checkpoint. Teams need to know who approves decisions, what testing is mandatory and where accountability sits before incidents occur, not after." When no single function controls the outcome, accountability gets lost between teams. The most effective governance model maps roles across the full decision life cycle early, so when something goes wrong, the organization already knows who owned what, she said. In this video interview with ISMG, Paul also discussed: Why AI traceability requires preserving decision lineage, not just documentation; How governance must evolve from compliance theatre to operational controls; Why AI governance is now a board-level conversation requiring a top-down approach. Paul is a GRC professional with 15 years of experience across highly regulated industries. Her expertise spans AI governance, privacy, audit and assurance, cloud governance, incident management, and regulatory frameworks, including HIPAA, ISO 27001, SOC 2, GDPR and MDSAP.
    💬 Team Notes
    Article Info
    Source
    Data Breach Today
    Category
    ◇ Industry News & Leadership
    Published
    May 29, 2026
    Archived
    May 29, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗