A clean, repeatable structure that turns your governance data into the risk and assurance view a board needs.
A good AI governance board pack is short, consistent and the same shape every time. Boards form judgement across meetings, so a stable structure lets them see movement — a coverage figure rising, an open risk closing, a readiness date approaching — rather than re-learning a new layout each quarter. The sections below give a complete, uniform template. Each is a page or less, and each ties back to a maintained record so the pack reflects the real state of the estate rather than a narrative assembled for the meeting. The framing aligns with the governance and accountability expectations set out in the OECD AI Principles, ISO/IEC 42001 and the NIST AI Risk Management Framework.
Open with the shape of the estate: how many AI systems are in scope, how they break down by risk tier, and what changed since the last meeting — newly identified systems, systems retired, tiers that moved. This orients the board before any detail and answers the first question every board asks: what AI do we run, and is it growing in places we should watch.
State the proportion of in-scope systems that have the expected controls in place, ideally split by risk tier so high-risk systems are visible separately. Coverage is the headline measure of whether governance keeps pace with adoption. Show the trend, not just the number, so the board can see whether the gap between deployed AI and governed AI is widening or closing.
Controls that were verified once and never revisited give false comfort. Report how current the supporting evidence is — for example, the share of controls whose evidence is within its expected refresh window versus those overdue. Evidence freshness turns "we have controls" into "we can show they are still operating," which is what assurance actually means.
Give an honest list of the most significant open issues, each with an owner, a severity and a target date. Boards trust a pack more when it surfaces problems than when everything is green. Keep this to the material items and show progress on the ones raised previously, so the board can see the remediation pipeline moving.
Summarise where the organisation stands against the regimes that apply — commonly the EU AI Act for high-risk systems, plus relevant sector rules. A simple per-regime view works best: what is in place, what is outstanding, and the dates that drive the work. Be precise about gaps rather than implying full compliance; an honest readiness picture is more defensible and more useful.
Close with what AI is costing and whether that cost is attributed to the teams and use cases driving it. A cost view tied to owners and outcomes lets the board see where spend concentrates and whether value justifies it, rather than reacting to a single aggregate number.
The discipline that makes this template work is that every figure is generated from the same living records the rest of the year — inventory, controls, evidence, issues, readiness and cost. When the pack is a view of that record rather than a hand-built artefact, it stays consistent meeting to meeting and stands up to scrutiny if a regulator or auditor asks how the numbers were produced.
How TrustedAIGov helps. The Governance Platform holds the portfolio, control coverage, evidence, open issues, readiness and cost data behind each section, so the board pack is produced from a live record in the same shape every cycle. It is designed to support board oversight and to stay aligned with the governance and accountability expectations in the OECD AI Principles, ISO/IEC 42001 and the NIST AI RMF Govern function.
Generate the same clear risk and assurance view every cycle, straight from your governance data.