Passer les menus de navigation
Logo Acorn

From control to trust: why AI auditing is becoming a cornerstone of modern governance

From control to trust: why AI auditing is becoming a cornerstone of modern governance

During a recent AI Rendezvous hosted by Rennes School of Business, Emad Shafik—former DBA participant and now Senior Executive at Gartner—shared insights into one of the key challenges organisations face today: how to govern artificial intelligence in a way that sustains trust.

Drawing on both his doctoral research and his experience advising senior leaders on large-scale technology transformations, he highlighted a shift in focus. The issue is no longer technological capability, but institutional readiness. As AI systems become embedded in decision-making processes, organisations are entering what he describes as a “governance gap”—a growing disconnect between rapid adoption and the ability to oversee, explain and control outcomes.

A growing gap between adoption and trust

AI adoption is accelerating across sectors, yet trust in these systems remains uneven. This gap is not primarily due to a lack of awareness, but to structural limitations in existing governance models.

Traditional frameworks were designed around human decision-makers—individuals who can be held accountable, provide explanations and operate within traceable processes. AI systems challenge each of these assumptions.

Three characteristics, in particular, complicate governance:

Autonomy: systems increasingly operate with limited human intervention, making accountability more difficult to assign
Opacity: many models, particularly those based on deep learning, lack interpretability
Scalability: errors or biases can spread rapidly across systems and contexts

These features reshape the risk landscape, often leaving organisations deploying AI at scale without equivalent oversight mechanisms.

The rise of shadow AI

Another key issue raised during the discussion is the emergence of “shadow AI”—the informal and unregulated use of AI tools by employees.

When governance frameworks are perceived as too rigid or disconnected from operational needs, individuals may bypass them altogether. External tools are adopted, internal data may be exposed, and decision-making processes become less transparent.

This dynamic highlights a central tension: governance that is too limited creates risk, while overly restrictive governance can encourage non-compliance. Effective approaches must therefore balance control with usability.

Beyond technical audits: towards broader accountability

In this context, Shafik’s research focuses on ethics-based auditing (EBA), an approach that extends beyond purely technical validation.

Rather than assessing only model performance or code, EBA considers the broader system in which AI operates. This includes the organisation deploying the system, the decisions it informs and the longer-term consequences it generates.

This perspective reframes auditing as a multidisciplinary process, integrating technical, ethical, legal and organisational dimensions, and aligning governance with a more comprehensive understanding of accountability.

What makes an AI audit effective?

A central element of this work is a framework for evaluating the effectiveness of AI audits, structured around four interdependent dimensions:

  • Procedural effectiveness: the extent to which the audit follows a rigorous and transparent process
  • Substantive effectiveness: the ability to identify meaningful risks and drive improvements
  • Transactive effectiveness: the efficiency of the audit in terms of resources used
  • Normative and epistemic effectiveness: the extent to which the audit generates knowledge and informs broader practices

While organisations often prioritise procedural compliance, greater impact tends to come from substantive and normative dimensions, which support learning and long-term improvement.

Governance as a leadership challenge

AI governance is not solely a technical issue; it is also a matter of leadership and organisational culture.

More mature organisations tend to share several characteristics:

  • leadership teams aligned on AI-related risks and responsibilities
  • clearly defined and operational governance models
  • performance indicators that go beyond compliance to assess outcomes

In this sense, governance becomes a strategic capability, influencing not only risk management but also trust, engagement and overall organisational performance.

The link between transparency and engagement

This perspective is reinforced by research presented during the session, based on a survey of 13,000 employees conducted with ChooseMyCompany.

The findings indicate a strong link between transparency in AI practices and employee engagement. Organisations that clearly communicate how AI is used, how decisions are made and what safeguards are in place tend to report higher levels of trust and confidence among employees.

Conversely, a lack of clarity around AI-driven processes can weaken engagement and organisational cohesion.

From compliance to competitive advantage

As regulatory frameworks such as the EU AI Act continue to develop, organisations are under increasing pressure to formalise their governance approaches. However, some are already moving beyond compliance.

In these cases, AI auditing is approached as a strategic tool—supporting better alignment between technology and organisational values, strengthening decision-making processes and reinforcing trust with stakeholders.

The ability to audit and govern AI effectively therefore becomes not only a risk management mechanism, but also a foundation for responsible innovation.

Developing leaders for the AI era

These challenges also highlight the role of executive education. Rennes School of Business’s DBA in Data Science and Artificial Intelligence is designed to bridge the gap between research and practice.

The three-year doctoral programme brings together senior executives, entrepreneurs and data specialists, enabling them to explore topics such as AI governance, ethics and transformation while continuing their professional activities.

By combining academic rigour with practical application, the programme aims to equip leaders to navigate complex technological environments and support responsible organisational development.

Discover the Doctorate of Business Administration