CIOs thrive on innovation, including breakthroughs that promise to cut costs while speeding up or improving operations. That’s the ideal. In the real world, however, risk always accompanies innovation. Risk management can help CIOs, especially those in high-stakes industries, ensure that innovation doesn’t come at an unacceptable price.
CIOs in high-stakes industries must embed governance into the innovation lifecycle from the very outset, said Mieko Shibata, CIO at R&T Deposit Solutions, a firm that provides deposit funding and liquidity solutions to U.S. financial institutions. She noted that her organization integrates policy, oversight, and technical safeguards from ideation through deployment. An architecture review board evaluates both new technologies and architectural changes with input from product, compliance, technology, security, legal, and finance teams. “We also monitor key risk indicators monthly in IT governance forums to ensure our innovation efforts remain within the organization’s defined risk appetite.”
Ensuring Governance
Shibata said she believes establishing a cross-functional governance charter that defines roles, responsibilities, and guiding principles is essential for long-term innovation and success for high-stakes enterprises. “The charter should align innovation goals with the organization’s risk appetite and regulatory obligations,” she said.
R&T’s strategic initiatives are grounded in the enterprise’s risk appetite statement and guided by principles, including resilience, security, modernization, and automation, Shibata explained. “Stewards, such as our AI innovation lead, champion responsible technology adoption across the organization,” she said.
John Brunn, CIO and CISO at AI platform provider Domino Data Lab, also stressed the importance of a strong governance plan. His firm works with many major high-stakes enterprises, including the U.S. Navy, Lockheed Martin, Allstate, and AstraZeneca. “CIOs need to validate that their organizations have a defined data governance program, have solid access control, and continuous monitoring to ensure their highly sensitive data isn’t being utilized via shadow IT or shadow AI programs,” he said.
CIOs should adopt a governance approach that integrates risk management into every stage of innovation and transformation, suggested Dwight Moore, CIO at IT products and services provider SHI International. He said a strong starting point is identifying and applying a risk-based governance foundation. “Frameworks like those provided by NIST are particularly valuable because they align across multiple regulatory requirements — including HIPAA, GDPR, and PCI DSS — while helping organizations identify gaps, prioritize safeguards, and maintain compliance without stifling innovation.”
The National Institute of Standards and Technology (NIST) publishes guidelines and standards on cybersecurity that organizations might adopt to support their risk management efforts.
Building a Framework
Moving forward, Brunn advised building a Responsible, Accountable, Consulted, and Informed framework to support ownership and agreement between stakeholders. “This must include responsibility for controlling sensitive data, tooling deployment and operation, and cost considerations,” he said. “It requires clear, understood work instructions, procedures, and proper training.”
Brunn also recommends risk assessments to ensure proper coverage and alignment with business risk tolerance. “KPIs and operational metrics should be defined to measure the success of the program,” he added.
In a cutting-edge field like AI, high-stakes firms must also ensure that framework principles translate to the work of data scientists and AI engineers, Brunn said. “Tooling and data sets must be equipped with versioning and collaboration mechanisms that allow users to learn and fail, and easily compare different results.”
Avoiding Mistakes
One of the most common mistakes high-stakes CIOs make is adopting a rigid, compliance-only mindset. “When CIOs focus solely on meeting regulatory requirements, governance can become disconnected from business and technological realities,” Moore warned. “Such rigidity stifles innovation and reduces the framework’s ability to evolve alongside the organization’s strategic objectives.”
According to Brunn, a big mistake made by many high-stakes CIOs is failing to account for AI governance while simultaneously supporting innovation. “AI governance not only guides data and technology utilization, but also ensures alignment with corporate policies and societal values,” he said. “This approach combines technical, legal, and ethical perspectives to address issues such as bias, privacy, accountability, and transparency.”
Final Thoughts
Adaptability and transparency are critical to long-term success, Moore said, explaining, “Since technology evolves rapidly, CIOs must avoid static governance models and, instead, build policies that can scale and adjust to new demands.”
Transparency is equally important, he noted. “This requires clarity in the decision-making process, well-defined escalation paths, and open communication about governance decisions,” he said. Meanwhile, transparent models should be used to build trust, reduce internal resistance, and encourage collaboration across business and technical teams, he added.
Governance should be a launchpad, not a gatekeeper, Shibata warned. “CIOs must reframe governance as a dynamic capability that builds trust, accelerates responsible experimentation, and ensures that innovation aligns with both mission and ethics,” she said.
