AI governance has become a boardroom priority, but the spotlight may be pointed in the wrong direction. As organizations scrutinize new tools, the focus on the technology rather than the user obscures a growing human risk: the accumulation of authority inside high-privilege leadership roles.

Srilakshmi Tariniganti, a Technology Risk Manager at global business and digital transformation partner Sutherland, suggests the biggest governance gap stems from the social dynamics of leadership. With over two decades of experience designing and implementing enterprise-wide risk and compliance frameworks, she has built a career helping organizations manage threats and support organizational growth. For her, the most overlooked risk is the human element of leadership itself.

"In high-privilege roles, authority accumulates automatically, often without intention. The question is how organizations ensure that power does not become a risk. Without meaningful oversight, the role itself becomes the exposure, creating harm first for employees and then for the company, a consequence that is too often overlooked," says Tariniganti. The risk of concentrated power persists, she says, because many organizations find their oversight models struggling to keep pace with their growth.

• Governance theater: As a company matures, familiar controls can become outdated, their loopholes well-known. The result is a system that offers an ineffective defense against the risk of internal fraud. "Old methods like independent audits, segregation of duties, and dashboards still serve a purpose, but governance has matured beyond them. Today, these controls are limited to documentation and just check for policy adherence. It's easy to work around these models because people know the ins and outs. This gap forces a question: If traditional models are becoming governance theater, what does effective oversight look like?"

One path forward, she proposes, is a model of governance that elevates oversight beyond policy adherence to surface the informal networks and decision-making patterns that exist beyond any org chart. Tariniganti outlines three pillars of this approach, which often exist in fragments within highly regulated industries.

• Map it out: "Dynamic Relational Oversight maps both formal and informal networks to identify patterns of favoritism. If I am favoring one person repeatedly, or someone is favoring me, it becomes a trigger point. My boss can then intervene and question why one person is consistently involved in those decisions," she says. This kind of visibility forces influence out of the shadows and into a space where patterns can be questioned before they harden into power.

• Show your work: "Context-Aware Decision Review examines the reasoning behind a decision by questioning why a choice was made, whether the justification is reasonable, and if there is proof to support it," explains Tariniganti. "This goes beyond a simple policy or document review. This is where real governance comes into play." By shifting scrutiny from outcomes to reasoning, this approach exposes whether decisions are grounded in sound judgment or quietly shaped by bias and habit.

• Musical chairs: "With Rotational Transfer Panels, the members are never fixed; they are always rotating," she continues. "If I am a member today, tomorrow someone else will take my place. This constant rotation ensures that no single person can hold concentrated power, which makes the entire oversight process unpredictable by design." By design, rotation breaks predictability, ensuring that oversight cannot be anticipated, managed, or quietly captured by any single individual.

In her view, real oversight requires shifting away from subjective assessments of leadership intent and toward objective data that reveals how power actually operates across decisions, relationships, and outcomes.

• Data over denial: "As a risk leader, I can't just accept a person's claim that they are not biased. You have to assess it with objective data." As some leaders become fixtures in their roles, their influence can become concentrated, and the risk of "over-trust" in a single person can grow. "That itself is a vulnerability," Tariniganti explains. "That vulnerability matters because the modern threat is often internal fraud. If you miss one of those instances because of misplaced trust, the consequences can be enormous."

• Beyond the inner circle: This level of mature governance doesn't just mitigate risk; it can have a positive impact on the business. By creating a structure for accountability, it can push leaders to move beyond their trusted inner circles and actively cultivate a more resilient and diverse organization. "These frameworks encourage self-introspection. A leader is prompted to ask why they are favoring one person, and then start to find if there is someone else who can become a part of the team. That is how a positive impact is created, when any high-profile role goes out of their path to look for more people like that."

Fragments of these frameworks already exist in highly regulated industries like banking and healthcare, where the stakes of internal failure are high. But perhaps the most persuasive argument for integrating them into a holistic system is that this level of oversight functions as a form of protection for leaders, providing them with a significant benefit: defensible transparency. "Ultimately, this model also protects the high-profile roles it oversees," Tariniganti concludes. "No one can question a leader's decisions because they have all their reasons and evidence in place. It provides them with the tools to resist any kind of negative questions."