eleved.ai Get the free framework
The Field Guide

Issue 2 · Governance, Risk & Compliance

The Committee Is Not the Strategy

Committees matter, but a committee without authority, decision rights, escalation paths, and an operating rhythm becomes a place where AI work gets observed rather than led.

June 17, 2026 D1 Governance & Org Structure 6 min read

We open the governance pillar with the question every other AI decision quietly depends on: who is actually allowed to decide?

The AI task force has met four times since January. It has a charter, a shared drive, a standing agenda, and a name that fits nicely on a slide. What it does not have, as far as anyone in the room can tell, is the authority to approve anything.

So it studies. It reviews tools. It forms a subcommittee to look into the other subcommittee’s recommendation. Meanwhile, two buildings over, an enrollment team has already wired a chatbot into its inquiry process, and a department chair has quietly standardized on one writing tool for all the adjuncts grading first-year comp. Neither of them asked the task force. Both would tell you, reasonably, that they could not wait two more months for a meeting to produce a maybe.

This is the part of AI readiness that nobody puts in a demo. It does not look like technology. It looks like a calendar invite.

Where this sits

This is the first of several issues on the first Compass pillar, governance, risk and compliance. The pillar asks one question in a lot of different costumes: how does the institution make responsible AI decisions? Policy, data rules, security, vendor contracts, board oversight, all of it hangs off the answer. And the answer does not start with a document. It starts with something more basic, which is why we start here.

The institutional question

Who is allowed to decide on AI at your institution?

Not who advises. Not who convenes. Who decides. When a dean wants to pilot a tool that touches student records, who gives the yes or the no, how long does that take, and what happens to the people who need an answer before the process can produce one?

Most campuses have stood up a group of some kind. That was the right instinct. The trouble is that a group is not the same thing as an answer, and a lot of these groups were built to be seen rather than to decide. They have membership but not authority. They have a charter but not a clock.

What this looks like in practice

The first place it breaks is the gap between advisory and binding. A committee that can only recommend is, in effect, a committee that can only wait. Its recommendations go up to someone who was not in the conversation, sit for a while, and come back changed or not at all. People learn quickly whether a group’s decisions are real, and they calibrate how much of their time to spend on it accordingly.

The second place it breaks is speed. If approving a low-risk tool takes a full semester, the process has not prevented risky AI use. It has just guaranteed that the AI use will happen somewhere the process cannot see it. Slow governance does not stop shadow systems. It manufactures them. A reasonable test: how long does a yes take here, and is that fast enough that a busy person would actually choose to ask?

Speed has a cousin worth naming separately, which is rhythm. AI does not move on an academic calendar. New tools, new features switched on inside the tools you already own, new risks, all of it arrives in weeks, not semesters. A body that gathers once a month to react is structurally behind the thing it is supposed to govern, and it falls further behind every time the campus goes quiet for a break. The question is not only how fast a single decision moves, but whether the group meets often enough, and keeps a short enough loop between noticing something and ruling on it, to stay roughly even with a field that does not pause when the institution does.

The third place it breaks is accountability. Ask who is responsible if an AI tool produces a biased outcome or leaks something it should not have, and you often get a thoughtful silence. A governance body that owns the approval but not the consequence is only doing half the job, and it is the comfortable half.

There is a version of this that works, and it is less dramatic than it sounds. It usually means sorting decisions by risk, so the low-stakes uses can be approved close to the ground while the genuinely consequential ones go to a smaller group that actually has the authority to rule on them. It means naming a person, not just a body, who owns the institution’s AI posture. And it means writing down the escalation path before the hard case arrives, not during it.

For resource-constrained institutions, this is where the standard advice gets unhelpful. You may not have the staff for a standing twelve-person committee, and you should not pretend otherwise. But the absence of bandwidth is not the absence of decision rights. Three people who clearly own the call will move an institution further than a large group that meets monthly to be briefed. Smaller can be faster, if smaller is also clearer.

The failure worth naming directly is the one that looks like diligence. A committee can study the question indefinitely, and from the outside that can resemble caution. Often it is just the place where decisions go to be discussed instead of made. Governance is supposed to be how the institution acts responsibly, not the reason it never has to act at all.

The Compass connection

In the Compass framework this is Domain 1, governance and organizational structure, and it sits at the front of the governance pillar for a reason. Policy, data governance, security, vendor management, and board oversight are all downstream of it. You cannot enforce a policy if no one can say who owns enforcement. You cannot manage a vendor relationship that three departments each think belongs to someone else. Decision rights are the hinge the rest of the pillar swings on, which is why a vague answer here quietly weakens every domain that follows.

Questions worth putting on the agenda

A useful exercise for a cabinet or a governance group is to answer these out loud and notice where the room goes quiet.

  • Does our AI body actually decide, or only recommend, and does everyone affected know which one it is?
  • How long does it take to approve a new, low-risk AI use, and would a busy colleague rather wait for that or just route around it?
  • Who is accountable, by name, if an AI system we approved causes harm?
  • Which decisions should be made locally, and which are consequential enough to require a central yes?
  • When two divisions disagree about an AI tool that touches both, who breaks the tie?

The bottom line

A committee is a good place to think. It is a poor substitute for the authority to act. The institutions that handle AI well over the next few years will not be the ones with the busiest task forces or the longest charters. They will be the ones where, when the question comes, someone is actually allowed to answer it.

The committee is not the strategy. The decision is.

Also published on LinkedIn: read this issue on the newsletter .

New issues weekly on LinkedIn

Get the next Field Guide

Each issue lands here first as the canonical archive. Subscribe on LinkedIn to get the next one in your feed — one part of institutional AI readiness at a time, no hype.

Subscribe on LinkedIn
The framework underneath

Where the Field Guide comes from

The Field Guide is built from Eleved's Higher Ed AI Readiness Framework: five pillars and 23 domains for helping institutions move from scattered AI activity to practical institutional readiness. Compass is the assessment and planning tool in the works from eleved.ai to support and build on that framework — a way to turn these questions into a current-state picture and a plan an institution can actually run.

Compass is in early development. Join the early-access list to help shape it and be first in line when it opens.

No spam — just a note when Compass opens. Your details stay private.