Connect with our team

GenIA without governance? The risk is certain — and the bill falls on IT's shoulders

In many companies, generative AI tools are already in use even before passing through IT review. This reality reflects the speed at which GenAI has gained ground, driven by the legitimate pursuit of productivity, but often without the necessary support to ensure security, efficiency, and strategic alignment. A study by RSM shows that 91% of medium-sized companies already use generative AI at some level of their operations. Even so, 41% report difficulties with data quality and 39% point to a lack of internal capacity to effectively exploit these solutions. These numbers do not point to a problem with the technology itself, but with the way it is incorporated. When there are no clear criteria for use, definition of responsibilities, or visibility over processes, generative AI can end up delivering less than it promises, even with high investment. IT governance, in this context, takes center stage. Not as a barrier to innovation, but as a framework that allows the organization to adopt, scale, and control these tools consistently. In this article, we will explore how this governance can be built, what practices support its application, and how Skyone contributes to a more prepared and secure environment for GenAI.
Cloud 16 min read By: Skyone
1. Introduction 

In many companies, generative AI tools are already in use even before passing through IT review. This reality reflects the speed at which GenAI has gained ground, driven by the legitimate pursuit of productivity, but often without the necessary support to ensure security, efficiency, and strategic alignment.

A study by RSM shows that 91% of medium-sized companies already use generative AI at some level of their operations. Even so, 41% report difficulties with data quality and 39% point to a lack of internal capacity to effectively exploit these solutions.

These numbers don't indicate a problem with the technology itself, but with how it is incorporated. When there are no clear usage criteria , defined responsibilities, or visibility over processes, generative AI can end up delivering less than it promises, even with high investment.

IT governance, in this context, takes center stage. Not as a barrier to innovation, but as a structure that allows the organization to adopt, scale, and control these tools consistently .

In this article, we will explore how this governance can be built, what practices underpin its application, and how Skyone contributes to a more prepared and secure environment for GenAI.

Enjoy your reading!

2. Why IT governance needs to be at the heart of AI adoption

It's not uncommon for a new generative AI tool to enter a company's routine indirectly, whether through a curious marketing What starts small, however, quickly becomes structural. And when IT is called upon, the solution is often already in production, integrated (or not), and with data circulating.

This new organizational behavior—decentralized, experimental, and accelerated—demands a different response. IT governance becomes less about control and more about orchestration : ensuring that the adoption of GenAI is connected to the systems architecture, security policies, compliance standards, and the company's real objectives.

Research from AuditBoard helps to illustrate this urgency: more than 90% of companies already use GenAI, but only 25% have a formal AI governance program . Most continue improvising, and then it's not the AI ​​that fails, it's the environment that doesn't support it.

With governance, IT moves from a reactive position and returns to leading the transformation with clarity. It can create criteria, avoid redundancies, anticipate risks, and ensure that AI serves the business—and not the other way around.

This starting point leads us to the next topic: what needs to be defined before putting GenAI into production? Because, when the foundation is well-designed, the impact of AI ceases to be punctual and becomes strategic.

3. What needs to be defined before AI enters the production environment?

generative AI tool into daily life is not just about technical approval: it involves responsibility . And governance is what transforms that responsibility into clarity; about who uses it, for what purpose, under what conditions, and based on what data.

More than imposing rules, governance creates the conditions for AI to generate real value . Without it, use may occur, but it tends to be sporadic, inconsistent, and difficult to sustain over time.

Below, we list the main elements that need to be defined for the entry of GenAI into the production environment to be safe, strategic, and profitably scalable:

  • Applicable guidelines, not just formal ones : governance begins with practical criteria, not generic manuals. Establishing in which cases AI can be used, with what restrictions, and by which profiles helps avoid misunderstandings and brings autonomy with responsibility to the teams;
  • Contextualized, not theoretical, risks : assessing risks does not mean blocking innovation, but rather anticipating where it may encounter limitations, in order to proactively address them. Sensitive data, critical integrations, and supplier dependencies are points that require attention from the outset;
  • Visibility as an ally of evolution : having usage records, logs , and alerts helps to understand how AI is being used in practice, and allows for adjusting strategies based on facts, not assumptions;
  • People prepared to handle interpretive technology : GenAI depends on the user's intention. Therefore, training is not a minor detail. When people understand what they are doing, and what the tool can or cannot deliver, its use becomes more efficient, ethical, and reliable.
  • Metrics connected to business reality : governance isn't about controlling for the sake of controlling. It's about knowing if the technology is truly contributing. Therefore, defining clear indicators from the start is what allows you to assess the real impact and make adjustments without wasting time or resources.

With these points clearly defined, IT can ensure that GenAI is incorporated in a solid way, without improvisation and with room to scale. And it is from this foundation that the gains begin to appear, as we will see in the next section.

4. What does IT gain from a clear GenAI strategy?

When GenAI enters without planning, IT becomes a spectator. When it enters with strategy, IT assumes the role of architect of the transformation. And this difference changes everything : in the impact, in the scale, and in the perception of technology as an asset, not a risk.

With governance, GenAI ceases to be an isolated experiment and becomes part of the company's structure. This allows productivity to happen safely , data use to respect integrity standards , and automated flows to be traceable, auditable, and replicable with quality.

IT also begins to operate with more cost intelligence. Instead of multiple scattered tools, disconnected initiatives, and constant rework, there is rationalization . Common use cases are identified, solutions are standardized, integrations are reused, and the adoption cycle gains consistency.

But perhaps the main gain is in decision-making . With well-managed data, models operating within defined limits, and reliable results, GenAI ceases to be a gamble and becomes real support for business choices. IT stops putting out fires and starts anticipating scenarios. In practical terms, the most obvious benefits of this strategy include:

  • Productivity with safety : the automation of operational tasks is consolidated, but without compromising safety protocols. This avoids rework, reduces response time, and allows for more sustainable progress.
  • Data handled responsibly : IT takes control of how data is entered, processed, and used by AI tools, ensuring compliance , privacy, and greater confidence in the results generated;
  • Reducing structural costs : by standardizing tools and avoiding duplication, the organization reduces expenses related to licenses, technical support, and time wasted on improvised integrations;
  • Faster and better-informed decisions : with outputs , GenAI reinforces the quality of analyses and reduces dependence on subjective judgments, accelerating action with less risk;
  • Visibility and control over the entire AI lifecycle : from data input to generated results, IT can monitor, correct, and evolve the use of the technology based on evidence, not trial and error.

With a clear strategy, IT ceases to be a support line and becomes the center of transformation with GenAI. But leadership cannot be sustained through improvisation. To transform guidelines into practice and reliable routine, structure is needed .

That's where governance frameworks : not as rigid models, but as tools that help transform technical decisions into organizational alignment. Let's see how to apply this in practice?

5. Frameworks which help to structure this governance

The adoption of generative AI requires more than good intentions: it requires structure . And IT governance can rely on frameworks to accelerate this construction on a solid foundation.

Models such as ITIL ( Information Technology Infrastructure Library) and COBIT ( Objectives for Information and Related Technologies) remain important references.

  • ITIL, by organizing IT services with a focus on continuous value and operational visibility;
  • COBIT, on the other hand, offers a bridge between technology and strategy, connecting technical decisions to business direction.

However, when the topic is GenIA, one of the most relevant guides is ISO/IEC 38500, precisely because of its ability to align ethics, responsibility, and leadership with the use of technology.

ISO/IEC 38500 is the international standard that defines principles for corporate governance of information technology. Unlike other frameworks , it does not detail processes, but rather guides the leadership's actions (board of directors, councils, committees) on how IT should be governed to fulfill its ethical, strategic, and social role within the organization.

In the case of generative AI, this takes on a new layer of relevance . After all, we are talking about tools that produce content, interact with audiences, make automated decisions, and learn from business data. This requires clear policies on what can and cannot be done, who is responsible for each use, and how to ensure transparency and traceability.

ISO/IEC 38500 helps companies define these guidelines institutionally. It reinforces principles such as responsibility, transparency, strategic alignment, compliance, and ethical behavior. By following this approach, the organization demonstrates maturity , not only technically but also organizationally, in adopting GenAI, with governance that goes beyond IT and permeates all leadership .

But, as we know, not every company starts there. And when GenAI is implemented without this minimum structure, what seemed like progress can turn into rework or risk. That's what we explore in the next section: the main points of attention, and how to avoid them before they become problems. Keep reading!

6. Common challenges and how to overcome them

Not all failures stem from bad technology. Many arise from well-intentioned but poorly implemented solutions. And in the case of generative AI, this gap between expectation and reality can be costly.

A survey by MIT , reported by Fortune , indicates that 95% of executives who have adopted GenAI in their companies have already faced some incident related to the technology. Even more alarming: only 2% of organizations meet the minimum standards for responsible use.

Among the most common challenges are:

  • Tools contracted by different departments, without coordination with IT;
  • Sensitive data used indiscriminately, with the risk of leaks or breaches;
  • Content generated without traceability , making audits and corrections difficult;
  • Automated processes that get out of control, compromising consistency .

The problem rarely appears all at once. It accumulates until it becomes too large to ignore. When IT tries to intervene, it finds a fragmented environment , resistant to standardization, disorganized data, and high costs to "clean house."

To avoid this scenario, governance needs to be present from the start . Not to hinder the use of AI, but to ensure that it is used intelligently. This means:

  • Include IT in the initial decisions regarding GenAI;
  • Prioritize use cases with potential for scale and low risk ;
  • Establish minimum standards for safety, integration, and traceability;
  • Empower users based on the business context ;
  • Monitor usage with indicators that make sense for the company's strategy.

Without these premises, GenAI's potential is lost in disconnected attempts. With them, each step taken becomes value creation, not course correction.

Now that we've seen what can "go wrong," let's look at what can go right. Let's see how Skyone works to make generative AI governance viable, simple, and scalable within the reality of businesses.

7. How Skyone enables the governance of generative AI

Skyone operates where theory meets practice. We know that most companies don't start from scratch. They already have legacy systems, scattered data, teams with different levels of maturity, and pressure to innovate quickly. Therefore, our proposal is not to reinvent the wheel, but to help make generative AI work with what the company already has , in a coordinated, traceable, and scalable way.

We work to ensure that IT can:

  • To have real visibility into where and how AI is being used;
  • Establish policies that make sense for the business, not just for compliance ;
  • Integrate GenAI into existing systems , with control and security;
  • Connecting data and automation with end-to-end traceability
  • Supporting business areas without compromising technical consistency .

We do this through a platform that combines infrastructure, security, governance, and cloud computing , with an approach that respects the reality and urgency of each organization. In practice, this means taking the burden off IT as the "innovation police" and positioning it as a strategic partner in transformation.

If you want to understand how to apply this vision to your company, talk to one of our specialists! At Skyone, we are ready to help your company move beyond improvisation and deliver real value.

8. Conclusion: AI with value requires governance with direction

Governance is not synonymous with excessive control. It's what gives direction to technology when it gains autonomy. In the case of GenAI, where decisions are automated, content is generated en masse, and sensitive data flows freely, this direction is what separates progress from exposure .

What we want to make clear in this article is that IT can no longer operate on the sidelines of AI decisions. It needs to be at the core . Not to centralize, but to articulate . Only in this way can the organization create consistent criteria, operate with traceability, integrate solutions securely, and prevent innovation from becoming a sequence of improvised and unsustainable solutions.

But there is a second equally critical point: governance cannot be sustained without a prepared infrastructure . And that's where the cloud comes in, not as a destination, but as a foundation. It is in the cloud that data is organized, integrations are enabled, and control becomes possible without hindering the business.

If your IT department wants to lead the adoption of GenAI with impact and legitimacy, the next step is to ensure that the foundation is ready. For this, we recommend reading the article “Digital Transformation: From the Cloud to Artificial Intelligence” . In it, we show how the cloud becomes a direct ally of governance, and how to prepare your company so that AI is more than just a fad, but a real evolution.

FAQ: Frequently asked questions about IT governance and generative AI

Governing generative AI goes beyond understanding the technology. It's about structuring the environment so that it functions with purpose, security, and real impact. And in the middle of this journey, some questions always arise.

In this section, we answer the most frequently asked questions about the role of IT, the cloud, and governance in the responsible and strategic adoption of GenAI.

1) How should IT prepare to receive generative AI tools?

IT needs to anticipate the use of AI, rather than react to it. This starts with clarity of roles, defining practical (not just formal) policies, and visibility into the flows involving data and automation. It's also important to create adoption criteria, establish minimum security controls, and empower users based on real business risks and objectives. Preparation is not about blocking use, but about making its use safe and feasible at scale.

2) What is the role of the cloud in the governance of generative AI?

The cloud is the foundation that makes governance possible without hindering innovation. It's where companies can securely connect data, automate with traceability, and implement controls that truly work in the production environment. With the cloud, IT can integrate GenAI into the existing ecosystem, monitor usage with consistent indicators, and scale as the business matures.

3) Does IT need to be involved in choosing GenAI tools?

Yes, it's necessary. Not to impose barriers, but to ensure that the choice aligns with the architecture, security standards, and real needs of the company. When the decision is made in isolation, the organization risks creating a fragmented, expensive, and difficult-to-control environment. With IT as the facilitator, it's possible to transform isolated initiatives into integrated, secure, and scalable solutions.

Skyone
Written by Skyone

Related articles

CLOUD

Data governance for GenIA: the foundation behind innovation

8 min read
CLOUD

Data pipelines: the fastest shortcut between information and decision-making

9 min read
CLOUD

Cloud data lakes: more than a repository, a brain for your data

14 min read

Start transforming your company

Test the platform or schedule a conversation with our experts to understand how Skyone can accelerate your digital strategy.

Subscribe to our newsletter

Stay up to date with Skyone content

Speak to sales

Have a question? Talk to a specialist and get all your questions about the platform answered.