Frequently Asked Questions

Enterprise agility consulting is a structured practice that helps large organizations respond to change faster by aligning strategy, teams, and delivery using frameworks like SAFe®, Lean, and AI-augmented workflows. Consultants assess current-state delivery maturity, design a tailored transformation roadmap, and embed coaches directly with teams and leadership to build lasting capability — not just theoretical knowledge.

SAFe® (Scaled Agile Framework) implementation is delivered in phases: training leadership and key roles, launching Agile Release Trains (ARTs) with PI Planning, embedding SPCT coaches to guide ceremonies, and measuring business outcomes continuously. ICON's Platinum SPCT partners — among fewer than 75 SPCTs worldwide — guide each phase from readiness assessment through full organizational adoption. Initial velocity improvements are typically visible within 90 days.

Yes. ICON holds deep experience delivering compliant agile operating models for federal defense, intelligence, and civilian agencies. Our coaches have expertise in mission-driven team structures, authority-to-operate (ATO) frameworks, and compliant PI Planning at enterprise scale. We have helped federal agencies establish agile operating models that connect mission strategy directly to team-level delivery with measurable outcomes.

We use a tested and proven hybrid-style approach, combining the classroom-like experience of Zoom with the integration of collaboration software from Mural and Kahoot!. Learn more details and read testimonials.

We offer group discounts for 2 or more, as well as a discount for ICON coaching clients. Please reach out to sales@iconagility.com. If you are looking for large group training at a discounted price, please reach out to sales@iconagility.com.

Logistics/enrollment verification is typically sent out within 48-72 hours from when students pay for the class.

No. All courses use online tools accessible through your browser. We have not uncovered any compatibility issues so far. If we do, we will let you know when signing up for a class.

As long as you are okay with attending between 8 AM - 4 PM Central Time, then we are happy to have you join us!

ICON's Training Academy offers 100+ SAFe®, Agile, and AI courses including Leading SAFe® (SA), SAFe POPM, SAFe RTE, SAFe DevOps, SAFe Scrum Master, and advanced SPCT-led courses — available as open-enrollment virtual sessions and private enterprise classes for 8+ attendees. All ICON courses are delivered by SPCT-certified instructors. Browse all available courses →

AI-native agility embeds AI tools and decision intelligence directly into agile workflows — from backlog prioritization to release forecasting — rather than treating AI as a separate initiative. ICON's proprietary Hyperadaptive™ Model is a people-first framework that integrates AI into existing Agile practices iteratively, governs it responsibly, and adapts continuously as capabilities and business needs evolve. It is designed to make every team, train, and portfolio smarter over time.

Enterprise Agile transformation costs vary significantly by organization size, current maturity, and scope. For organizations with 200–500 employees, engagements typically range from $150,000 to $500,000 over 12–18 months. For Fortune 500 organizations, multi-year transformations involving SAFe implementation, LPM, tooling, and change management can range from $1M to several million dollars. ICON offers right-sized engagement models and provides a scoped estimate after a free initial discovery conversation.

Most enterprise Agile transformations take 12–36 months to achieve meaningful organizational change. Early wins — improved team velocity, clearer backlogs, more predictable delivery — are typically visible within the first 90 days. Full adoption, including portfolio alignment, lean budgeting, and cultural change, requires sustained effort over 1–3 years. ICON's structured approach establishes measurable progress within the first Program Increment (8–12 weeks) to demonstrate early ROI to leadership.

A Scrum Master is a team-level role responsible for facilitating Scrum ceremonies and removing impediments for a single team of 5–9 people. An Agile coach operates across multiple teams, release trains, or the entire portfolio — driving organizational change, developing internal capability, and aligning leadership on transformation strategy. Most enterprise transformations require both roles: Scrum Masters within each team and Agile coaches at the program and portfolio level.

Signs your organization would benefit from an Agile consulting firm include: Agile adoption stalled at the team level without scaling to programs or the portfolio; persistent misalignment between strategy and what teams are actually delivering; inability to predictably estimate or forecast delivery timelines; executive frustration with Agile not producing visible business outcomes; or a major transformation initiative (SAFe launch, LPM implementation, AI integration) that exceeds internal capability. An experienced consulting partner provides the frameworks, coaching depth, and cross-industry patterns that internal teams rarely have access to.

Organizations that successfully complete an enterprise Agile transformation typically report: 20–40% faster time to market, 25–35% reduction in delivery costs through improved flow and reduced rework, 2× improvement in team predictability, and measurable improvements in employee engagement and retention. ROI is strongest when transformation is paired with portfolio-level governance (LPM) that redirects investment from low-value to high-value work. ICON has documented outcomes across 2,000+ organizations — contact us for industry-specific benchmark data.

SAFe (Scaled Agile Framework) and LeSS (Large-Scale Scrum) are both enterprise Agile frameworks, but they differ significantly in prescriptiveness and complexity. SAFe provides a comprehensive, prescriptive operating model with defined roles (RTE, Product Manager, Business Owner), ceremonies (PI Planning, ART Sync), and portfolio governance structures — well-suited for large, complex enterprises with diverse product lines. LeSS is a lighter framework that scales Scrum principles with minimal additional roles or structure — better suited to organizations with a single product and strong existing Scrum discipline. ICON works with both frameworks and recommends based on your organizational structure, product portfolio, and transformation maturity.

ICON offers both engagement models depending on the scope and nature of the work. Fixed-scope deliverables — such as our LPM Foundation (4–8 weeks) or an Agile Maturity Assessment — are typically structured as fixed-price. Ongoing coaching, transformation support, and staffing augmentation are typically time-and-materials. We also offer retainer-based models for organizations that need sustained coaching capacity. Contact us to discuss the model that best fits your budget and transformation goals.

Yes. ICON has extensive experience delivering Agile transformation in federal agencies, defense contractors, healthcare organizations, and financial services firms — all environments with strict compliance, governance, and security requirements. Our government practice includes security-cleared Agile coaches and consultants, SAFe frameworks adapted for FISMA and CMMC compliance, and proven approaches for embedding Agile within program management frameworks like DoDAF and Earned Value Management (EVM). Agile and compliance are not mutually exclusive — ICON has helped dozens of government organizations achieve both.

Most enterprise transformations show measurable velocity improvements within 90 days of launching the first Agile Release Train (ART). Full organizational adoption — including portfolio governance, Lean Portfolio Management (LPM), and embedded coaching — typically takes 12–24 months depending on organization size, current agile maturity, and the breadth of value streams involved. ICON's proven sequencing minimizes disruption while maximizing early wins that build organizational momentum.

No. Introducing AI into a SAFe program does not require pausing or restructuring PI Planning. In fact, PI Planning is one of the highest-leverage entry points for AI augmentation — AI can pre-populate Program Boards with dependency patterns, draft Feature breakdowns from thin Epics, and score risks before the event begins. These inputs reduce Day 1 preparation time without altering the event structure. ICON coaches AI adoption inside the existing PI cadence, not around it.

The ideal starting point is the PI immediately following an Inspect & Adapt (I&A) event where the team has formally identified productivity or quality gaps. This creates a natural problem statement that an AI pilot can be framed against. If no I&A trigger exists, a standalone AI Readiness Assessment — conducted between PIs — establishes the baseline. ICON does not recommend launching AI adoption mid-PI where it competes with active iteration commitments.

The highest-impact sequence is: (1) Release Train Engineers (RTEs) and System Architects, who set the technical and process tone for the ART; (2) Product Managers and Product Owners, who control backlog quality and benefit most from AI-assisted refinement; (3) Scrum Masters and Agile Coaches, who facilitate ceremonies and model new behaviors for teams. Engineers typically receive role-specific tooling training once the first two groups have established AI workflow norms. Training engineers first without supporting PM/RTE context often leads to inconsistent adoption.

As AI tools become integrated into development, test generation, and documentation workflows, the ART's Definition of Done should be updated to reflect new quality expectations — for example, "AI-generated test scenarios reviewed and accepted" or "Release notes reviewed for accuracy against AI-drafted summary." ICON recommends updating the DoD after the first successful AI pilot (typically PI 2 of adoption), not before. Updating DoD prematurely — before teams have working patterns — creates compliance theater rather than quality improvement.

Limited, non-ceremony-changing AI tooling can be introduced mid-PI with low disruption risk — for example, adding an AI code review assistant or story writing helper that individuals opt into. However, AI changes that affect ceremonies (PI Planning prep, ART Sync inputs, System Demo outputs) should be introduced at PI boundaries to give teams time to adjust their working agreements. ICON's roadmap deliberately sequences disruptive changes to coincide with PI and I&A boundaries, preserving the stability teams depend on for reliable velocity.

ICON instruments AI adoption using the same cadence and measurement framework as SAFe PI Objectives. Leading indicators tracked during the adoption PI include: time spent on ceremony prep (PI Planning prep, ART Sync inputs), story defect escape rate, and team confidence vote scores. Lagging indicators — measured at I&A — include PI Predictability, flow efficiency, and qualitative team sentiment from retrospectives. This approach avoids vanity metrics (tool usage counts) and ties AI adoption directly to the ART health metrics leadership already tracks.

General enterprise AI roadmaps focus on technology selection, data infrastructure, and governance policies — they are typically IT-led and disconnected from day-to-day delivery. A SAFe-specific AI roadmap is sequenced around PI boundaries and ART ceremonies, targets behavior change at the team and program level, and measures outcomes using the same metrics the ART already uses (predictability, flow, quality). It also accounts for the ART's unique coordination dynamics: a change that works for one team may create cross-team friction if introduced without cross-ART alignment. ICON's roadmap methodology was developed specifically for organizations where SAFe is the operating model, not a side process.

An SPC (SAFe Practice Consultant) is qualified to coach and train teams inside an organization. An SPCT (SAFe Practice Consultant Trainer) is the highest credential in the SAFe ecosystem — qualified to train and certify SPCs themselves. SPCTs represent the top tier of SAFe expertise globally, and fewer than 3% of SAFe-certified professionals hold the credential. When evaluating training partners, asking how many SPCTs are on staff (not just SPCs) is the single most important differentiating question you can ask. All ICON public training courses are delivered by SPCT-credentialed instructors.

Yes — significantly. The SAFe certification exam is standardized, but the training experience, instructor depth, and post-class applicability vary widely between partners. Teams trained by SPCT-level instructors with real-world implementation experience consistently report higher exam pass rates, better retention of concepts, and stronger ability to apply what they learned in the next PI Planning event. The certificate is the same; the outcome is not. Organizations that treat training as a commodity purchase often find themselves re-training teams 12–18 months later because the original learning didn't translate to changed behavior.

Yes. Private group training is typically more cost-effective than public enrollment for groups of 10 or more, and it offers additional value: customized content tailored to your specific context, scheduling flexibility (including on-site delivery), and the ability to use your organization's own tools, workflows, and case studies as examples. ICON offers private training for teams of all sizes. Contact us to discuss pricing and scheduling for your cohort.

For government and regulated industry training, look for partners with: (1) a track record of delivering SAFe training inside federal agencies or regulated firms — not just commercial enterprise; (2) instructors who understand compliance constraints like FISMA, FedRAMP, CMMC, or HIPAA and can contextualize SAFe practices accordingly; (3) the ability to deliver on-site training if required by security clearance or data handling policies; and (4) full consulting capability if your agency needs post-training implementation support. ICON has delivered SAFe training and transformation across federal civilian, defense, financial services, and healthcare organizations — all with active compliance requirements.

The strongest predictor of training retention is whether the training partner also coaches implementation. Partners who only deliver training have limited visibility into whether their graduates are applying what they learned — and no skin in the game when adoption stalls. Partners who also provide coaching and consulting stay accountable to outcomes, not just seat-fills. Look for partners who can provide coaching alongside or after training, offer follow-on resources (office hours, implementation guides, internal champion support), and have case studies showing measurable ART or PI-level outcomes from their training engagements — not just exam pass rates.

Yes. ICON Agility is a Platinum SPCT Partner — the highest tier of Scaled Agile partnership, held by fewer than 3% of partner organizations globally. ICON was among the first organizations to partner with Scaled Agile and has maintained Platinum status through sustained delivery excellence, instructor credential depth, and client outcomes. All public SAFe courses offered by ICON are authorized, carry the official SAFe certification exam, and are delivered by SPCT-certified instructors.

AI improves PI Planning by reducing the preparation burden and synthesis overhead — not by changing the event structure. Before the event, AI drafts Feature → Story decompositions, surfaces historical dependency patterns, and pre-scores risks so teams arrive with working material instead of blank canvases. During the event, AI assists with dependency identification and confidence scoring in real time. After the event, AI generates stakeholder summaries and leading-indicator dashboards. None of these changes alter the PI Planning agenda, ceremony structure, or the human-driven alignment conversations that make the event valuable.

The highest-impact and lowest-disruption starting point is pre-event preparation — specifically Feature → Story decomposition and dependency surfacing in the 2–3 weeks before the event. This is where teams spend the most unproductive time and where AI creates the clearest leverage: teams arrive at Day 1 with drafted material rather than blank canvases, preserving facilitation time for alignment rather than authoring. Introducing AI during the live event without this foundation first is a common mistake — it adds cognitive load at exactly the moment when teams need focus.

AI identifies cross-team dependency patterns by analyzing historical velocity data, team coupling metrics, and backlog relationships from prior PIs. It surfaces dependency clusters that are statistically likely based on how teams have interacted before — not just what teams manually flag. This pre-population is then reviewed and validated by RTEs and Product Managers before the event, so the Program Board discussion on Day 2 starts from a documented baseline rather than a discovery exercise. AI doesn't replace the dependency conversation; it gives it a better starting point.

The RTE's role becomes more strategic, not diminished. Instead of spending pre-event time coordinating manual data gathering, Epic breakdowns, and risk compilation, RTEs direct AI-generated inputs — reviewing AI-drafted dependency maps, validating pre-scored risks, and focusing pre-event coaching on alignment gaps rather than content creation. During the event, the RTE still facilitates all ceremonies and manages the room. Post-event, the RTE reviews AI-generated stakeholder summaries before distribution. The facilitation expertise and organizational judgment of the RTE remain central; AI handles the data synthesis and administrative preparation.

If your organization is running its first PI Planning event, focus on running a clean, well-facilitated event before introducing AI. The value of AI augmentation in PI Planning depends on having historical PI data — velocity patterns, dependency records, past risk outcomes — to train against. Without this baseline, AI inputs will be generic rather than organization-specific, and teams will be managing both a new ceremony and a new tool simultaneously. ICON recommends running at least one full PI before introducing AI augmentation, then using the Inspect & Adapt retrospective data from that PI to calibrate the AI inputs for the next cycle.

Measure against the same metrics you already track for PI health: PI Predictability (planned vs. actual PI Objectives), confidence vote scores at the end of Day 2, number of dependencies identified vs. missed, and ROAM outcome distribution (how many risks were mitigated vs. accepted). Compare these metrics across the PI before AI introduction and the PI after. Leading indicators to watch mid-PI include: time spent on pre-event preparation by RTEs and Product Managers, and the number of dependency surprises that surface mid-PI rather than during planning. ICON instruments these as standard outputs of AI-augmented PI Planning engagements.

Yes — and distributed PI Planning is often where AI creates the most immediate value. In distributed events, the overhead of pre-event coordination is highest (time zones, async communication, late-arriving material), and the real-time synthesis burden falls most heavily on facilitators. AI-generated pre-event outputs (story decompositions, dependency maps, risk registers) give distributed teams a shared starting point before the event begins, reducing the coordination overhead that causes distributed PI Planning events to run long or produce weak commitments. AI-generated Day 1 summaries are also particularly valuable in distributed settings where not all participants can attend every breakout session.

Yes. ICON has coached agile transformation inside healthcare organizations where HIPAA compliance, PHI data handling, and clinical data governance are active constraints throughout the engagement. Our coaches understand that agile practices in healthcare cannot be applied generically — every ceremony, backlog item, and team workflow must be compatible with the organization's compliance posture. We have delivered SAFe implementations in health systems where HIPAA-aware sprint reviews, clinical data access controls, and PHI risk registers were built directly into the team's Definition of Done and ART-level governance processes.

Healthcare organizations face a unique adoption challenge: clinical staff have high-stakes, workflow-intensive roles that leave little bandwidth for transformation activities. ICON addresses this by right-sizing SAFe ceremonies for clinical contexts — keeping iteration reviews short, sprint cadences aligned with clinical schedules, and change management explicitly designed for staff with patient care responsibilities. We also work with clinical informatics and health IT teams to bridge the gap between technology delivery and care delivery, so SAFe practices improve outcomes on both sides of the organization.

Yes — and EHR implementations are one of the highest-leverage contexts for agile methods in healthcare. Traditional waterfall EHR implementations routinely exceed budget and timeline while delivering systems that clinical staff resist using. Agile approaches — particularly SAFe — allow healthcare organizations to deliver EHR capabilities in increments, get clinical feedback before go-live, and course-correct based on real workflows rather than requirements written 18 months earlier. ICON has supported EHR modernization programs in health systems where iterative delivery, clinical user feedback loops, and change management ran simultaneously throughout the implementation.

Clinical staff change management requires a fundamentally different approach than enterprise IT transformation. ICON structures change management for healthcare around three principles: (1) respect for clinical workflow — changes are introduced in ways that don't increase cognitive load during patient-facing work; (2) clinical champions — we identify and develop internal clinical champions who model new behaviors for their peers, rather than relying on top-down mandates; and (3) evidence-based rollout — adoption metrics are reviewed by clinical leadership at each major milestone, with adjustments made before scaling. This approach consistently produces higher adoption rates than generic change management programs that don't account for the clinical context.

Healthcare organizations that complete a well-executed SAFe transformation typically see: faster time-to-production for digital health capabilities (one ICON health system client reduced cycle time by 33%); improved alignment between clinical leadership and health IT delivery teams; better prioritization of patient-facing features over internal technical work; and reduced rework from mid-implementation requirement changes. The strongest outcomes occur when the transformation addresses both the technology delivery side (Agile Release Trains, PI Planning, team-level Scrum) and the portfolio governance side (LPM, Epic ownership by clinical and operational leaders), so that investment decisions are visible and aligned to patient outcomes.

Yes. Agile and regulatory compliance are not mutually exclusive in financial services, though poorly implemented agile transformations often create the perception that they are. ICON has guided SAFe transformations at financial institutions operating under SEC, FINRA, CFPB, OCC, and state banking regulations. Our approach embeds compliance checkpoints directly into the SAFe governance structure — compliance reviews become PI gates rather than waterfall stage gates, audit trails are maintained through iteration artifacts, and risk management is integrated into LPM portfolio governance rather than treated as a separate process. Regulatory compliance is a constraint we design around, not a reason to avoid agile delivery.

Financial services SAFe adoption differs from commercial technology adoption in three key ways: governance structures are more complex (multiple business lines, risk functions, and compliance layers), technology platforms are older and more interdependent (legacy core banking, insurance, and trading systems), and the cost of a failed delivery is higher (regulatory fines, customer trust, and systemic risk). ICON addresses these by starting with a comprehensive current-state assessment that maps the existing governance and compliance structure before designing the ART boundaries, then sequencing the SAFe rollout to minimize disruption to production systems and regulatory reporting cycles. Executive and compliance leadership alignment is a prerequisite we establish in Program Increment 1, not an afterthought.

Financial services organizations typically see three categories of LPM ROI: (1) Investment reallocation — LPM makes portfolio-level investment decisions visible, enabling leadership to redirect funding from low-value maintenance work to high-return digital initiatives. Organizations routinely find 15–25% of their portfolio budget is allocated to work with no clear business outcome when they implement transparent LPM governance. (2) Faster delivery of regulated products — LPM streamlines the approval process for new financial products and features, reducing time-to-market by aligning compliance review with Portfolio Epics rather than individual change requests. (3) Reduced program failures — portfolio visibility surfaces cross-ART dependencies and funding gaps before they produce late-stage project failures. ICON has documented all three ROI categories across financial services clients including wealth management, commercial banking, and insurance organizations.

Audit trail requirements in financial services are non-negotiable, and ICON treats them as design constraints from the beginning of an engagement rather than compliance checkboxes at the end. We work with the client's compliance and audit teams to map existing documentation requirements to SAFe artifacts — iteration plans, PI Objectives, release notes, and change records — ensuring that the agile delivery artifacts satisfy audit requirements without creating duplicate compliance documentation. Where tool support is needed (Rally, Jira, Azure DevOps), ICON's tooling practice configures traceability from Epic to Feature to Story to code change, producing the artifact chain required by internal and external auditors. We have delivered this approach in organizations subject to SOX, Basel III, and state banking examination requirements.

Yes. ICON has coached agile transformation programs where core banking system modernization, digital channel development (mobile banking, online account opening, digital wealth management), and payment platform upgrades were the primary delivery objectives. These programs require specific expertise in managing the interface between legacy core systems and new digital channels — a complexity that generic agile coaches frequently underestimate. ICON's approach includes dedicated architecture runways for modernization work, Feature-level integration patterns for legacy-to-digital connectivity, and ART boundaries that account for the risk profile of core system changes versus front-end digital delivery.

AI policy defines what is permitted — approved tools, acceptable use cases, data handling requirements, and compliance obligations. AI governance is the operational system that enforces those policies in real time. The critical distinction: a policy document can exist on paper without any mechanism to verify it is being followed. Operational AI governance provides continuous visibility into what AI systems are actually doing, behavioral controls that enforce policy at runtime, and auditable evidence that compliance is real rather than assumed. Most organizations have AI policies. Far fewer have AI governance. The gap between them is where organizational risk lives.

SAFe organizations operate AI at scale — across multiple ARTs, Value Streams, and potentially dozens of teams simultaneously. This creates governance challenges that don't exist in smaller environments. Developer teams embed AI directly into repos, pipelines, and IDE workflows, often bypassing centralized review. Autonomous agents invoke tools, access data, and trigger actions across systems without a human in the loop for each step. The SAFe governance challenge is not whether to approve a tool — it is whether you have visibility into how AI is being used across your entire delivery organization, who owns accountability at each layer, and whether your governance controls can actually be proven to work. ICON helps SAFe organizations build governance frameworks that match the scale and speed of their Agile Release Trains.

AI governance maps onto SAFe's existing leadership and accountability structures rather than creating a parallel bureaucracy. At the Portfolio level, governance sets AI risk thresholds, approved tool categories, and compliance obligations that cascade to ARTs. At the ART level, the RTE and Product Management own AI governance checkpoints inside PI Planning — surfacing AI-related risks, validating tool permissions, and reviewing behavioral controls as part of the planning process. The Lean-Agile Center of Excellence (LACE) is the natural owner of enterprise AI governance standards, continuous monitoring policies, and the governance maturity roadmap. Teams operate within guardrails established by these layers. Governance is not added as overhead — it is embedded into the cadences that already exist.

The highest-priority AI risk categories in enterprise environments are: Prompt injection — adversarial inputs that redirect AI agent behavior; data leakage — AI systems that expose sensitive or proprietary information through outputs or logs; tool misuse — agents with permissions broader than their stated purpose; excessive permissions — AI systems that can access or modify more than they need to operate; unsafe code generation — AI-generated code that introduces security vulnerabilities; and shadow AI — developer-embedded AI tools that operate outside centralized visibility. Governance frameworks must address these categories continuously, not in annual reviews. The risk landscape changes faster than policy cycles can track.

ICON approaches AI governance as an operational design problem, not a compliance documentation exercise. Our SPCT-certified coaches assess your current AI visibility posture — what systems exist, who owns them, what permissions they hold, and whether behavioral controls are enforceable. We then design governance frameworks that integrate with your existing SAFe cadences: PI Planning governance checkpoints, ART-level AI risk registers, LACE governance ownership models, and Portfolio-level compliance thresholds. The deliverable is a governance system your organization can operate and prove to auditors — not a policy document that lives in SharePoint. Engagements typically start with an AI Governance Readiness Assessment to baseline current state before designing the target operating model.

Proof-based compliance means you can demonstrate — with real-time, auditable evidence — that your AI governance controls are working right now, not just that policies exist. Regulators and enterprise auditors are increasingly asking not "Do you have controls?" but "Can you prove those controls are functioning?" This requires three capabilities: continuous visibility into what AI systems exist and how they behave; enforcement mechanisms that block or alert on out-of-policy behavior as it happens; and evidence generation that produces auditable records of compliance activity over time. Organizations that cannot provide this evidence cannot credibly claim AI compliance, regardless of how thorough their policy documentation is. ICON helps build the operational infrastructure that makes proof-based compliance achievable.

Traditional IT governance was designed for static systems: approve the software, configure the controls, audit annually. AI systems are fundamentally different — they evolve, invoke external tools, access dynamic data, and change behavior over time without any code change. An AI agent approved last quarter may behave differently today based on new training data, updated tool integrations, or changed prompt configurations. This means governance cannot be a point-in-time activity. Continuous visibility, runtime behavioral monitoring, and dynamic risk scoring are required because the systems being governed are themselves dynamic. The organizations that attempt to govern AI with traditional IT governance frameworks consistently discover that their governance exists only on paper.