AuditBoard has released its Risk Intelligence Report highlighting significant challenges in enterprise risk management related to AI implementation.
Despite the fact that 53% of companies are adopting AI tools, many are experiencing inconsistent execution, leading to a decline in confidence and projects stalling in preliminary stages.
Key Insights from Proprietary Data
The report, which integrates proprietary platform data from more than half of the Fortune 500 companies along with insights from over 400 global risk leaders, identifies the "middle maturity trap" as a primary hurdle. This trap inhibits organizations from transforming high investment efforts in AI into long-term resilience and strategic foresight.
"Today's risk environment is more complex and dynamic than ever. Enterprises are increasingly turning to AI to navigate this threat landscape," explained Happy Wang, Chief Product and Technology Officer at AuditBoard. He further noted that while there is a considerable eagerness to invest in AI, many enterprises lack reliable execution due to insufficient governance and organizational discipline.
Challenges in AI Tool Implementation
The report presents several key findings:
- Although 53% of enterprises are implementing AI tools, only 39% are expanding AI/ML skills.
- AI adoption rates have seen a significant decrease, nearly 30% by July, after an initial strong uptake earlier in May and June. This drop is attributed to unclear governance structures, which leave many projects restricted to pilot phases.
- Less than 30% of leaders believe they are adequately prepared for upcoming AI governance requirements, underlining a significant gap in ownership and trust.
In response to emerging risks, 70% of respondents plan to enhance risk management staffing within the next two years, with 40% aiming to increase cybersecurity hires.
The "Middle Maturity Trap" and Its Impact
Organizations generally lack completion across five identified dimensions of connected risk
The report points out that many enterprises remain siloed, either in structure, systems, or decision-making processes, which prevents sustained progress and development in risk management. This "middle maturity trap" is characterized by inconsistent follow-through, with bursts of activity such as collaboration or risk tracking that are not maintained. For instance, collaboration efforts increased in July only to wane shortly after.
Organizations generally lack completion across five identified dimensions of connected risk: AI & Automation, Control Maturity, Frameworks & Coverage, Collaboration, and Risks & Issues Discipline.
Turning Governance into Strategic Strength
The report indicates that enterprises capable of overcoming this maturity trap do so by transforming risk management into a strategic advantage, characterized by a proactive governance approach. These leaders institutionalize risk oversight within board and executive proceedings and consistently practice control adoption and risk logging as ongoing management habits rather than periodic compliance checks.
Raul Villar Jr., CEO of AuditBoard, emphasized, "AI implementation is becoming a defining moment for every enterprise. Our research shows the 'middle maturity trap' isn’t a budget problem; it’s an execution gap where inconsistent governance undermines the full promise of AI. To close this gap, businesses must make governance a continuous, shared habit across Audit, Risk, and Compliance teams."
The report, which is available for download, also provides a three-phase roadmap for achieving "Connected Risk" maturity by establishing governance clarity, driving execution discipline, and scaling market leadership.
AuditBoard, the AI-powered global platform for connected risk, announces the findings of its Risk Intelligence Report - revealing a critical disconnect in enterprise risk management: while 53% of companies are implementing AI tools, many are trapped in cycles of inconsistent execution, resulting in sharp drops in confidence and deployment stalling in "pilot mode."
Proprietary platform data
The inaugural report, which combines proprietary platform data that includes over 50% of the Fortune 500 with survey insights from more than 400 global risk leaders, identifies the "middle maturity trap" as the primary barrier preventing organizations from converting high investment activity into sustained resilience and foresight.
"Today's risk environment is more complex and dynamic than ever, and enterprises are increasingly turning to AI to navigate this threat landscape," said Happy Wang, Chief Product and Technology Officer at AuditBoard. "Our data shows that enterprises are eager to experiment and invest, but the intent is not translating into reliable execution. The key difference between leaders and laggards is not budget, but the discipline to embed governance, ownership, and cadence across all risk dimensions."
Implementing AI tools
Key Findings from the Report:
- AI is the Defining Test of Risk Maturity, But Trust is Fragile
- High ambition, fragile execution: 53% of enterprises are implementing AI tools, and 39% are expanding AI/ML skills.
- Volatility in confidence: The survey found AI acceptance rates declined by roughly 30% in July, following strong initial adoption in May and June, with decision-making times lengthening. This volatility is directly linked to unclear governance, leaving adoption stuck in pilot mode.
- The governance gap: Fewer than 30% of leaders feel prepared for upcoming AI governance requirements, indicating a lack of clear ownership that undermines trust.
- Emerging risks are driving hiring: 70% of respondents expect to increase risk management staffing over the next two years, and 40% plan to increase cybersecurity staffing.
- The "Middle Maturity Trap" Hinders Resilience
- Coordination is lacking: Two-thirds of enterprises remain siloed in structure, systems, or decision-making.
- Follow-through is inconsistent: This trap is characterized by bursts of activity (such as spikes in collaboration or risk logging) that are not sustained. For instance, collaboration surged in July but quickly faded, preventing continuous progress.
- Implementation is incomplete: The report identifies five dimensions of connected risk (AI & Automation, Control Maturity, Frameworks & Coverage, Collaboration, and Risks & Issues Discipline) and shows that consistency across these dimensions is missing for most organizations.
- Leaders Turn Governance into Strategic Advantage
- The report finds that leaders who successfully break free of the middle maturity trap distinguish themselves by turning risk management into a source of foresight and trust:
- Institutionalising cadence: They make risk oversight a standing item at board and executive meetings rather than treating it reactively.
- Embedding discipline: They treat control adoption and risk logging as continuous management habits, not periodic compliance events.
- Connecting risk: They align Audit, Risk, Compliance, and Infosec on shared KPIs and institutionalise regular cross-functional engagement.
Inconsistent governance undermines
“AI implementation is becoming a defining moment for every enterprise," said Raul Villar Jr., Chief Executive Officer at AuditBoard. "Our research shows that the 'middle maturity trap' isn’t a budget problem; it’s an execution gap where inconsistent governance undermines the full promise of AI. To close this gap, businesses must make governance a continuous, shared habit across Audit, Risk, and Compliance teams.”
The report outlines a three-phase roadmap for enterprises to achieve "Connected Risk" maturity, encompassing Establish Governance Clarity, Drive Execution Discipline, and Scale Market Leadership.The full Risk Intelligence Report and action plan are available for download at their website.
