Inside AI - Ep 1: Governance is Not the Brakes

Jan Esman:
Welcome to Inside AI, the podcast where we bring you our unfiltered insights from people who are shaping AI programs.

Today we have Jeroen Bolluijt. He is our leading consultant in artificial intelligence. He's currently working with the Australian Government Department of Health, Disability and Ageing and he has over 20 years of experience across transformation and digital delivery. My name is Jan Esman. I lead CTO Consulting's enterprise strategy consulting division and I'm here to explore his outlook on these important questions for all of us.

I wanted to say that you're hearing from Jan and Jeroen today. These are our opinions and our views are not necessarily those of the organisations we work for. So this is our conversation that we're sharing with you.

Before we start, you and I talked about a really interesting perspective about AI. It feels like AI is creating the new race car — enormous amounts of power, great possibilities in our future — but it seems as though everybody's more concerned about the brakes rather than the path ahead.

Today we want to explore what that looks like in terms of AI and the controls that are necessary, but also why you so often hear about alignment and vision. The tools we’re bringing to bear are not ones which respond well to brakes.

So I think that's a really good metaphor, and hopefully that becomes a purposeful vehicle for this conversation.

Jeroen, tell us your overview of AI and the race car analogy.

Jeroen Bolluijt:
Yeah, thanks for having me. I love to talk about race cars — might even be more interesting than AI, but we’ll do a bit of both.

I use the race car analogy a lot because what I hear people saying is: AI is the powerful engine — the models — but clearly we need brakes as well, otherwise you spin out of control.

When we look at the brakes, what I see across departments — and also in sectors like banking and energy — is that people focus heavily on controls, and rightly so. No one would race a car without brakes.

But what I do see is that organisations tend to design those brakes quite low in the organisation. There are frameworks — ISO standards, NIST, government standards — and they are quite detailed. Governance teams design controls requirement by requirement, which leads to a proliferation of controls.

The result is that we end up with many controls across the organisation, and often teams design new ones on top of existing ones.

To me, there are two issues. Yes, we need brakes — but we already had brakes before AI. So can we reuse what we already have? What is truly AI-specific risk versus what already existed?

And the AI-specific controls tend to sit quite low in the organisation.

In the Australian Government context, there’s also a tension between managing risk — and the fallout if something goes wrong — and delivering on the mission. AI promises increased service delivery, but it also triggers a strong risk response.

Jan Esman:
You get both sides, right? The opportunities are enormous, but the risks of not getting it right are also significant.

It feels like agencies have the compute and the tools, but confidence is what’s missing. What does that look like in practice?

Jeroen Bolluijt:
For me, confidence comes from moving away from pure control or assurance thinking.

There’s a strong focus on governance, which makes people think: AI equals risk, so we must control it. But governance is only useful if it enables value.

You hear phrases like “we want the boom without the gloom”. Governance helps prevent the gloom, but that only matters if you’re also achieving the boom.

If teams don’t have confidence to use AI, you won’t get either.

I see three steps:

1. Transparency

2. Confidence

3. Value

And they need to happen in that order.

Jan Esman:
I like how you describe the visibility of the track. How do you connect transparency and alignment?

Jeroen Bolluijt:
Back to the race car.

You’ve got the engine — traditional and AI — and you’ve got the brakes. Great. The car is ready.

Now imagine I blindfold you before you drive. How far will you get?

Not far.

That’s what I mean by transparency. Without visibility, people hesitate or don’t start at all.

In organisational terms, transparency means understanding how to go from an idea to realised value. What is the use case process? How do I know I’m progressing?

Alignment then means agreeing on that process — and how to respond when things don’t work.

But transparency alone is not enough.

Jan Esman:
Because people still need to use it.

Jeroen Bolluijt:
Exactly. Confidence comes from doing — or seeing others do it.

If people don’t use it, there is no value. The value comes from repeatedly delivering outcomes.

So the question becomes: how do you build confidence so teams can not only finish laps, but go faster each time?

Jan Esman:
Can you give a real-world example?

Jeroen Bolluijt:
Yes. In a healthcare setting, an organisation developed an AI assistant to support staff working with elderly people.

They followed a structured approach:

• Experimentation

• Proof of concept

• Operational deployment

Then — and this is key — continuous improvement.

AI evolves rapidly, so you need a deliberate improvement step.

And this highlights something important: most AI projects are not really about AI — they are change programs.

Jan Esman:
That’s a strong point.

So what does good governance actually look like?

Jeroen Bolluijt:
Good governance is almost invisible.

If users feel friction, governance is too heavy.

Governance is not the goal — it’s a means to an end. The goal is value aligned to strategy.

The best governance is simply there, supporting the process without getting in the way.

Jan Esman:
What should leaders focus on?

Jeroen Bolluijt:
Work backwards from outcomes.

AI itself is not the outcome — business value is.

To achieve that, organisations need capability. But capability only develops if people trust AI.

And trust comes from usage.

There’s a loop:

Use → Confidence → Trust → Capability → Value

But it can also work in reverse.

Jan Esman:
So how do you create a positive loop?

Jeroen Bolluijt:
You start with transparency.

If people understand how to use AI and see others using it successfully, they gain confidence. Positive experiences increase usage, which builds trust and capability.

That’s why smaller, manageable initiatives are effective starting points.

Jan Esman:
So decentralised experimentation?

Jeroen Bolluijt:
Exactly. Exploration should sit as close as possible to the problem owner.

Not always easy, but that should be the design principle.

At the same time, we need to think about enterprise-level controls — not just controls within individual systems.

If we can control things like agent behaviour at an enterprise level, we can safely enable decentralised experimentation.

Jan Esman:
That creates a strong balance — enterprise governance with local innovation.

Jeroen Bolluijt:
Yes, and it leads to a federated model:

• Centralised controls

• Decentralised experimentation

That’s how you unlock both control and speed.

Jan Esman:
Final question — what’s the one key takeaway?

Jeroen Bolluijt:
Simple:

Transparency first.
Confidence second.
Trust as the outcome.

None of these are primarily technology problems.

But solving them is what enables organisations to get real value from AI.

Jan Esman:
Brilliant. Thanks, Jeroen — great conversation.

Jeroen Bolluijt:
Thanks for having me. Looking forward to the next one.