Sustaining effective AI governance and risk management requires continuous, organization-wide awareness , not just one-off or role-limited training. Option D embeds AI topics (governance, risk, ethics, privacy, and security) into the existing security awareness program , which is already a recurring and mandatory mechanism across the enterprise. This supports ongoing adaptation to rapidly evolving AI technologies, aligns with ISACA’s emphasis on integrating AI risk considerations into existing governance and risk frameworks, and ensures that staff at all levels understand their responsibilities.

Options A and C are too narrow in scope, as they target only technical staff or senior management; they help but do not create pervasive, sustainable governance. Option B can supplement internal training, but outsourcing alone does not ensure continuity or alignment with internal policies.