As artificial intelligence adoption accelerates across Indian enterprises, concerns around governance, risk management, ROI measurement and workforce readiness are becoming increasingly difficult to ignore. According to 2026 AI Pulse Poll by ISACA, which surveyed 265 digital trust professionals in India and over 3,400 globally, 86% of employees are already using AI in their organisations. However, only 35% believe their AI investments have met or exceeded ROI expectations. While nearly half of organisations now have formal AI policies, up from 32% a year ago, one in five still operates without an active AI governance framework.
The findings reveal a widening gap between AI adoption and organisational preparedness. AI is being used extensively for productivity gains (56%) and task automation (55%), yet many organisations remain unclear about the business value being generated. Around 21% of respondents say it is still too early to assess AI’s return on investment, while another 18% admit they simply do not know. The survey also highlights significant governance and operational concerns. Twenty percent of organisations lack a formal AI policy, while 35% of professionals are unsure whether their organisation even has a shutdown or override mechanism in place should an AI system fail. At the same time, AI literacy is rapidly becoming a business imperative, with 82% of respondents saying AI knowledge is now critical to their profession and 57% expecting AI-related roles to grow over the next year. Against this backdrop, emerging risks such as privacy violations (73%), misinformation and disinformation (72%), intellectual property loss (55%) and social engineering attacks (53%) are pushing AI governance beyond the IT department and into the boardroom.
Also read: India’s AI Boom Faces Reality Check as ROI and Governance Lag
In this exclusive conversation with Tech Achieve Media, RV Raghu, Director – Versatilist Consulting India Pvt Ltd, ISACA India Ambassador, discusses whether India is scaling AI faster than it is governing it, the growing governance gap, the importance of AI literacy, and the steps organisations must take to ensure AI adoption delivers sustainable business value.
TAM: Are Indian enterprises rushing to deploy AI before clearly defining business outcomes and success metrics?
RV Raghu: This is a challenge that many organisations are aware of, yet they continue to move ahead. Not just the AI Pulse Poll, but several other ISACA interactions indicate that AI adoption is often driven by FOMO, which is the fear of missing out. Organisations see competitors adopting AI or hear success stories on social media and feel compelled to do the same.
The challenge is that AI is not like previous technologies such as ERP systems or cloud computing. Those technologies could be adapted to specific business contexts and then managed relatively predictably. AI is very different. Unless organisations have a clear understanding of the use case, expected outcomes, available data, associated risks and management processes, it becomes difficult to measure ROI.
Many organisations are still experimenting with basic use cases such as chatbots and customer service automation. Even in these areas, we see friction. Customers frequently complain that chatbots fail to understand their issues or escalate them appropriately. In many cases, companies are effectively shooting an arrow first and then trying to draw the target around it. That is not an ideal way to deploy any technology. Until organisations define what they want AI to achieve and how success will be measured, ROI discussions will remain premature.
TAM: One in five organisations still lacks a formal AI governance framework. Is India scaling AI faster than it is governing it? What risks does this create?
RV Raghu: Absolutely. AI introduces a broad range of risks that organisations often underestimate. There are strategic risks if businesses invest in the wrong AI solutions without a clear business case. There are governance and compliance risks related to regulations, privacy and accountability. There are reputational risks if AI-driven systems fail or generate inaccurate outcomes.
Operational risks are particularly significant because AI systems often behave in ways that are not fully understood. Even the developers building advanced AI models acknowledge concerns around emergent behaviour and explainability. The ISACA research highlights concerns such as privacy violations, misinformation, disinformation, intellectual property loss, social engineering attacks and regulatory challenges. Organisations are also struggling to separate genuine productivity gains from workforce reduction narratives. The reality is that many organisations are deploying AI without fully understanding how decisions are made, how data is processed or what risks exist downstream. That creates a potentially dangerous environment.
TAM: How aware are organisations of these operational risks, especially the possibility of AI systems failing or producing unintended outcomes?
RV Raghu: There is a significant knowing-doing gap. Many organisations understand that risks exist, but they are under pressure from stakeholders, competitors and market expectations to deploy AI quickly. While it is relatively easy to start using AI tools, managing them effectively is far more difficult. For example, many SaaS providers are embedding AI capabilities into their offerings. Organisations may not fully understand how their data is being used, what the AI model is learning from it, or whether valuable intellectual property is indirectly becoming part of broader AI training systems. Traditional cybersecurity incidents often have measurable timelines. In an AI environment, organisations may not even know where a data leak occurred, who accessed the information, or how it was subsequently used. That lack of visibility is one of the biggest operational challenges facing enterprises today.
TAM: The study also found that 82% of professionals believe AI literacy is now critical and 57% expect AI-related job growth. How should Indian organisations rethink workforce development?
RV Raghu: AI literacy must become universal across the organisation. Today, AI capabilities are embedded into everyday business applications. Employees are already using AI features to draft documents, analyse information and automate routine tasks. However, employees need to understand where AI can be used safely and where caution is required. For example, handling sensitive personal information or proprietary business data requires a completely different level of awareness. Beyond end users, risk professionals, auditors and compliance teams also need AI expertise. They must understand how to evaluate AI-related risks, audit AI systems and assess governance controls.
Equally important is the need for boards and executive leadership teams to understand AI. They face increasing pressure to adopt AI while simultaneously managing reputational, regulatory and operational risks. Without sufficient AI literacy at the leadership level, organisations will struggle to establish the right controls and governance structures.
TAM: Privacy breaches, misinformation and intellectual property concerns are emerging as major AI-related risks. Has AI governance become a boardroom issue in India?
RV Raghu: I certainly hope so. AI governance needs to become a board-level priority because the risks extend well beyond technology. Organisations are investing in powerful capabilities without always understanding how to manage them responsibly. One of the first steps should be establishing a formal AI policy. Every organisation should clearly define where AI can be used, where it cannot be used, and what safeguards are required.
For instance, a design company handling highly specialised intellectual property may need stricter controls than other organisations because AI systems could potentially learn from proprietary designs and expose valuable knowledge elsewhere. A formal policy provides the foundation for risk management, auditing, privacy controls and employee training. It creates clarity around acceptable use and helps organisations make informed decisions. There is also a growing need for transparency. Customers may increasingly expect to know whether they are interacting with a human being or an AI system. Similar to product labelling requirements, AI disclosures could become an important aspect of governance in the future.
TAM: What advice would you give to enterprises that are planning significant AI investments over the next few years?
RV Raghu: My strongest recommendation would be to invest in people and skills first. Technology alone is not the answer. Organisations need employees who understand AI, its opportunities and its risks. Skilled teams are better equipped to evaluate technologies, identify potential issues, develop governance frameworks and make informed investment decisions. Once organisations build AI literacy, they can have more meaningful discussions about budgets, controls, compliance requirements, regulatory implications and business outcomes.
India is entering a period where multiple regulatory developments, including the Digital Personal Data Protection framework and future AI-related regulations, will converge. Organisations that fail to build internal expertise could find themselves caught in a perfect storm of compliance, security and governance challenges. The simplest and most effective starting point is skilling. Build awareness, create expertise and ensure the organisation understands what it is deploying before scaling AI initiatives.
