Eight years of briefing boards and audit committees taught us one reliable pattern: directors overestimate the technical knowledge they need and underestimate the leverage of an ordinary, well-aimed oversight question. AI oversight is still oversight. Here are the five questions we would put on the next agenda, and what a good answer looks like for each.

1. What AI do we actually have?

Ask for the inventory: systems built, systems bought, and AI embedded in vendor platforms nobody calls AI. A good answer is a list with owners and risk tiers. A bad answer is a confident estimate. In our experience the inventory exercise itself surprises management — HR screening tools, customer-service bots and security products routinely turn up uncatalogued.

2. Who approved each one — and could they stop it?

Accountability is the question regulators ask first, so the committee should ask it before they do. A good answer names a person per system, with an approval record and a kill-switch authority. "The AI working group" is not a person. Neither is the vendor.

3. What evidence do we hold that these systems work as claimed?

Not the vendor's brochure — evidence: testing results, validation reports, monitoring data. If the answer is a demo someone watched, the committee has found its gap. The standard the committee should expect is the standard it already applies to financial controls: independent testing, documented, repeatable.

The committee should ask about AI exactly what it asks about financial controls: who owns it, who tested it, and where is the evidence?

4. What happens when one of them fails?

Models drift, hallucinate and get attacked in ways conventional software does not. A good answer includes an AI-specific incident playbook, a tested fallback for any process that depends on a model, and clarity on regulatory notification duties. "IT has an incident process" usually means the AI scenarios have never been rehearsed.

5. Which regulations apply to each system — and who checked?

In the UAE, a single system can sit under federal data protection law, central bank expectations and free-zone regulation at once — plus the EU AI Act if outputs reach EU markets. A good answer is a regime-per-system mapping with a named reviewer and a date. A bad answer begins with "broadly speaking".

What to do with weak answers

A weak answer to any of these is not a crisis; it is an audit plan. Commission the inventory, then the gap assessment, in that order — everything else depends on knowing what you have. And insist that whoever performs the assessment has no stake in the answer: no build contract riding on the result. Assurance is only worth the independence behind it.

Key takeaways

  • AI oversight needs persistence, not technical depth — the standard oversight questions work.
  • Inventory first: every other control depends on knowing what AI you run, including vendor-embedded AI.
  • Demand evidence, not demos — independent testing documented to the standard of financial controls.
  • Weak answers define the audit plan; insist the assessor is independent of the build.

We run board and audit-committee sessions on exactly this — an hour of questions, a quarter of better oversight.