Governance Professionals Struggle to Measure ROI and Control AI Systems
In an era where the rapid adoption of artificial intelligence (AI) has outpaced organizational capabilities to govern its use, a troubling trend is surfacing among governance professionals. According to the recent findings of the 2026 AI Pulse Poll conducted by ISACA, many organizations are finding it increasingly challenging to effectively measure, monitor, and control AI systems. A prominent voice in this discussion is Jenai Marinkovic, the CEO and board chair of GRCIE, who is also a member of the ISACA Emerging Trends Working Group. She highlighted the significant disconnect that exists in organizations regarding AI governance.
The ISACA survey engaged over 3,400 digital trust professionals, revealing that while a staggering 90% of respondents indicated that employees are utilizing AI technologies, a meager 22% expressed that the return on investment (ROI) from these AI initiatives has either met or exceeded their expectations. This alarming disparity raises questions about the value that organizations are deriving from AI and emphasizes a profound knowledge gap among governance professionals whose responsibilities hinge on maintaining transparency and control over organizational processes.
Marinkovic pointed out that the most prevalent response to inquiries about the effectiveness of AI was some variation of "I don’t know." This lack of insight is particularly concerning because it stems from professionals in critical roles involving audit, risk, and governance—individuals who ideally should have clear visibility into their organization’s AI systems and controls. "This is not a knowledge gap. It’s an observability gap," Marinkovic explained, shedding light on the challenges that governance teams face in having a comprehensive understanding of how AI operates within their organizations.
The observable gap manifests itself across various dimensions of AI governance and operations. A striking 39% of respondents were uncertain if their organizations held a documented process to shut down or override AI systems in the event of a malfunction. Even more alarming is the fact that 56% of participants reported being unaware of the time it would take to halt AI operations following a security incident. These numbers reflect a substantial oversight in planning and preparedness, which could pose significant risks to organizational integrity.
The ROI discussions yielded similarly unsettling findings. A considerable 65% of survey participants provided uncertain responses regarding the financial returns tied to their AI investments. Many indicated it was "too early to tell," "don’t know," or admitted their organizations have yet to measure the financial impact at all. Marinkovic posited that organizations are hastily deploying AI technologies while neglecting to build a framework for adequate visibility and control over these systems. She urged that the forthcoming year should prioritize the development of instruments and methodologies that empower governance teams to address these pressing questions with certainty.
In a video interview with ISMG, Marinkovic elaborated on several key issues that organizations face regarding AI governance. She detailed the reasons many still struggle to measure AI ROI effectively, highlighting the existing gaps in both AI shutdown processes and readiness for incident response. The rapid technological changes and complexity of AI have outstripped the ability of organizations to adapt their governance and oversight mechanisms, leading to a growing observability gap.
Marinkovic herself comes with a robust background spanning over two decades in cybersecurity. As an executive advisor and president of GRC for the Intelligent Ecosystems Foundation, she is not an unfamiliar figure in areas requiring cybersecurity and governance. She is also the founder of the acclaimed NextCISO Academy, where she has successfully established over 40 cybersecurity organizations across various sectors, including advanced manufacturing, healthcare, entertainment, and finance. As the inventor of ISACA’s AI Audit Toolkit, Marinkovic is at the forefront of initiatives designed to strengthen AI security and resilience.
In conclusion, the findings of ISACA’s 2026 AI Pulse Poll raise critical questions about the current state of AI governance and the potential risks of unmonitored technology deployment. As organizations strive to innovate and leverage AI for competitive advantages, they must simultaneously enhance their oversight capabilities. The emphasis on developing robust frameworks for visibility and control could be paramount to harnessing the full benefits of AI while safeguarding against inherent risks. As Marinkovic aptly noted, the call to action for organizations is not merely about understanding AI’s capabilities, but rather about diligently governing what these intelligent systems can and should do.