Event Recap: Integrated Governance for AI and Enterprise Risk

Recently attended an educational session hosted by the ISACA Puget Sound Chapter focused on Integrated Governance and Enterprise Risk Management in the age of AI. The session, presented by Krishna Sheshabhattar, Head of Governance at Atlassian, explored how organizations can move governance from framework to practice using a scalable Hub-and-Spoke operating model. 

Key Concepts Discussed

Integrated Governance

Governance was described as a system of policies, processes, and controls that guide organizational decision-making. Effective governance aligns strategic objectives with regulatory obligations while integrating risk management, ethical practices, and continuous improvement.

Hub-and-Spoke Operating Model 

A centralized governance “hub” defines enterprise policies, frameworks, and oversight, while cross-functional teams — including product, cybersecurity, finance, legal, and HR, act as “spokes,” implementing policies and managing risks within their domains.

Frameworks and Templates 

Standardized frameworks and reusable templates help scale governance programs across organizations, including policy lifecycle management, exception handling, training programs, and remediation governance.

AI-Assisted Governance 

An interesting example demonstrated how AI tools can assist governance processes by reviewing policy exceptions, mapping risks to enterprise risk registers, and generating risk narratives, while ensuring human governance leaders retain final decision authority.

Key Takeaway

Effective governance today requires balancing centralized oversight, decentralized execution, and responsible use of automation and AI. The session reinforced how structured governance models can help organizations scale risk management while maintaining agility.Always great to learn alongside the regional governance and cybersecurity community.