The correct answer isAbecause if IT policies do not address AI, the greatest concern is thelack of direction for AI usage. Policy provides the organization’s formal direction regarding acceptable use, roles, responsibilities, security requirements, risk handling, and compliance expectations. Without that direction, AI use may become inconsistent, unmanaged, and misaligned with business and risk objectives.
The other options are less significant as the primary concern:
B. Increased reliance on shadow ITmay happen, but it is more a possible consequence than the main concern.
C. Complexity of AI implementationis a project or technical issue, not the key governance gap.
D. Lack of best practices for AI implementationis important, but organization-specific policy direction is more critical than generic best practices.
Exact Extracts supporting the answer:
“Enterprise policies are the most influential factor in determining an enterprise’s approach to risk management.”
“The FIRST policy that governs how information is to be protected from within the enterprise especially for a breakthrough technology is the data classification policy.”
“When many corporate IT standards are outdated the best course of action is to review the standards against current requirements and determine their adequacy.”
“During the initial stages of developing a risk management program it ' s crucial that the context and purpose of the program are defined.”
These extracts support that policy is the primary mechanism for setting direction and expectations. Therefore, the greatest concern is thelack of direction for AI usage.
===========
Submit