A governing board carries a fiduciary duty of oversight, and AI is now one of the risks that duty covers. When an AI-influenced decision is questioned, the board is asked who decided and who was accountable. These are the questions a president and board should be able to answer to show they are exercising that oversight. This guide lays out a starting set of eight, drawn from the twenty-five-question board diagnostic I use with presidents and their boards, grouped by authority, visibility, oversight, and durability. They map to what the recognized frameworks expect: the NIST AI Risk Management Framework's focus on accountability, ISO/IEC 42001's managed governance, and where EU rules are heading for the institutions they reach. The full twenty-five are linked below.
When an AI system inside a university is questioned, the question that follows is direct: who decided this, a person or the algorithm, and who is accountable for it? In higher education, authority is shared across the board, the administration, and the faculty, which is exactly what makes the question of who actually decides, and who is accountable, easy to lose. A board's ability to answer it is not a technicality. It is how the board shows it is meeting its duty to oversee the institution's risks.
The eight questions below are a starting set, drawn from a twenty-five-question board diagnostic I use with presidents and their boards. They are the entry point, not the whole of it.
Why these questions matter
A governing board carries a fiduciary duty of oversight, and AI has become one of the material risks that duty now covers. Being able to answer these questions is how a board demonstrates it is exercising that oversight.
They are also not arbitrary. Each maps to what the recognized frameworks already expect. The NIST AI Risk Management Framework's Govern function is built around organizational accountability for AI decisions. ISO/IEC 42001 defines AI governance as a managed system with named roles and responsibilities. And the EU AI Act, for the institutions it reaches, points the same way, toward human oversight assigned to accountable people. Accreditors are also beginning to ask for AI governance that is documented and auditable, not only described.
The questions below are the test. Run your board through them. The ones that draw a fast, clear answer are handled. The ones that draw a pause are where the governance work begins.
Authority and accountability
Who is the single named person accountable for AI governance at the institution?
Who can approve a new AI tool, who can expand its scope, and who can shut one down?
Where is the Human Authority Line™ for each AI system that influences an academic or operational decision, the point where the system's recommendation ends and a person's judgment takes over?
Visibility and classification
Can the institution produce a current inventory of the AI running across it, including the AI embedded in the platforms and vendor systems it already uses?
Have those systems been classified by risk level?
Oversight and response
When the AI is wrong about a student, who finds out first, and how?
Can the institution produce a complete audit trail for an AI-influenced decision, and the governance documentation behind it, when it is asked for?
Durability
Is the governance built to evolve as the tools and the rules change, or is it a static policy document written for a moment that has already passed?
Beyond the eight
These are the starting set. The full twenty-five, organized to the board's meeting calendar, are in the guide here: 25 Questions Every Higher Education Board Should Ask About AI. Turning the answers into documented authority, oversight, and accountability a board can stand behind is the work I do with presidents preparing their institutions, from the same side of the table, as a founding university president who built an institution from the ground up. See how this applies to higher education