Back to course overview
Module 5Capstone 25 min

Capstone: Governance program

Assemble and present a complete AI governance program — risk map through roadmap — for Meridian or your own organization, and earn the AI Governance & Risk Leader credential.

Your capstone assembles everything into a complete, presentable AI governance program — the deliverable a Chief AI Officer, a CISO, or a GRC lead would take to a board. Do it for Meridian, or (better) for your own organization, where the work is real and immediately useful. This is the artifact that proves you can stand up AI governance, which is among the most in-demand leadership capabilities of this era.

The program document (the deliverable)

  1. 1Executive summary — the AI risk posture in a paragraph a board member grasps: how many systems, how many high-risk, the top exposures, and the ask. If they read only this, they should know the stakes and the plan.
  2. 2Risk map (Module 1) — the inventory and tiering; where AI risk concentrates.
  3. 3Regulatory position (Module 2) — the gap analysis: what applies, where you stand, the biggest exposures. Frameworks: NIST AI RMF as the operating model, EU AI Act (+ local rules) as the compliance target.
  4. 4Governance structure (Module 3) — the charter: principles, roles/accountability, decision rights, the intake gate.
  5. 5Controls & evidence (Module 4) — the control matrix for the high-risk systems, with the audit/evidence approach.
  6. 6Incident response (Module 5) — the plan and notification obligations.
  7. 7Roadmap (Module 5) — the sequenced path from today's maturity to managed, with the first 90 days concrete and the business case for funding.

The presentation (10 minutes to the board)

  1. 1The stakes (2 min): what AI the org runs, the concentration of risk (lead with the high-risk system), and the cost of getting it wrong — legal, financial, reputational. Make the board feel the exposure.
  2. 2Where we stand (2 min): the honest gap — regulatory and control. Honesty here builds the credibility to ask for resources.
  3. 3The program (3 min): the structure and the controls, framed as how the org will scale AI safely — enabler, not brake. Show the intake gate and the high-risk controls concretely.
  4. 4The plan & the ask (3 min): the roadmap's first 90 days, the resources needed, and the argument that this funding buys both risk reduction and the ability to pursue the valuable use cases currently stalled.

Peer review & credential

  1. 1Review one peer's program: is the risk map defensible, the regulatory read accurate, the charter's accountability real (named owners, authority to say no), the control matrix traceable, the roadmap honestly sequenced? Rubric: risk assessment / regulatory analysis / governance design / controls & evidence / roadmap & business case (20% each).
  2. 2Incorporate your reviewer's strongest finding before final submission — governance programs improve under adversarial review exactly like the technical systems did.
  3. 3Submit the program document, the presentation, and your peer review.

Passing earns AI Governance & Risk Leader (credential format EDOVA-GRC-2026-XXXX): you build AI risk taxonomies and impact assessments, apply the NIST AI RMF and the EU AI Act, design model and data governance, implement controls with auditable evidence, plan for incidents, and sequence a program leadership will fund. In a moment when every organization is deploying AI and few know how to govern it, this is the credential that says you can make AI safe to scale.

Where this completes the picture

You've now closed the loop the whole catalog draws: engineers build AI (Foundations → Agents), operators run it (LLMOps), defenders secure it (Securing AI Systems), and governance leaders make an organization accountable for all of it. The controls and evidence your program demands are exactly what the technical courses produce — and what Edova's products (Sentinel's access governance, Meld's data integrity, Vigil's monitoring) generate continuously and automatically. Governance is where it all becomes a program an organization can answer for. You can now stand that program up. The executive altitude above this program — board-level strategy, portfolio, and ROI — is Enterprise AI Strategy & Governance, this course's leadership pair and the final course in the AI Security & Governance track: you now run at operator depth what it charters from the boardroom.