AI Risk Management for the Enterprise: AI Risk Management for the Enterprise, by Justin Ryan and Linda A. Kresl
Take charge of AI in your organization with practical, step-by-step risk tools that help you spot problems early, make confident decisions, and become the trusted person others turn to when AI is on the line.
1.1 Why Traditional Risk Management Falls Short
1.2 Core Principles of AI Risk Management
1.3 The Risk Manager’s Evolving Role
2.1 AI Technology Primer for Risk Professionals
2.2 The AI Lifecycle and Risk Touchpoints
2.3 Taxonomy of AI Risks
3.1 The NIST AI Risk Management Framework
3.2 Complementary Frameworks and Standards
4.1 Designing AI Governance Architecture
4.2 Policy Framework Development
4.3 Culture and Change Management
4.4 Case Study: Financial Services Governance Transformation
5.1 Risk Identification and Inventory
5.2 Quantitative Risk Assessment Techniques
5.3 Qualitative Risk Assessment Methods
5.4 Continuous Risk Monitoring
5.5 Case Study: Healthcare AI Risk Assessment Program
6.1 Data Quality and Governance Controls
6.2 Model Development and Testing Controls
6.3 Deployment and Operations Controls
6.4 Third-Party AI Risk Management
6.5 Case Study: Manufacturing Predictive Maintenance Controls
7.1 Understanding Bias in AI Systems
7.2 Fairness Metrics and Assessment
7.3 Mitigation Strategies and Best Practices
7.4 Case Study: Credit Decisioning Fairness Program
8.1 Privacy Challenges Unique to AI
8.2 Privacy-Preserving AI Techniques
8.3 Regulatory Compliance Framework
8.4 Case Study: Healthcare AI Privacy Implementation
9.1 Adversarial Attacks on AI Systems
9.2 AI-Enabled Threat Landscape
9.3 Security Controls and Defense Strategies
9.4 Case Study: Financial Institution AI Security Program
10.1 Model Performance Degradation
10.2 System Dependencies and Integration Risks
10.3 Business Continuity and Disaster Recovery
10.4 Explainability and Transparency Requirements
10.5 Case Study: Retail Supply Chain AI Operations
11.1 Capability Maturity Model for AI Risk
11.2 Assessing Your Current State
11.3 Roadmap Development
11.4 Building the Right Team
12.1 Key Risk Indicators for AI
12.2 Dashboard and Reporting Design
12.3 Risk Appetite and Tolerance Setting
12.4 Communicating AI Risk to Stakeholders
12.5 Case Study: Technology Company Risk Reporting Framework
13.1 AI Incident Classification and Severity
13.2 Incident Response Playbooks
13.3 Crisis Communication Strategy
13.4 Learning from AI Incidents
13.5 Case Study: Social Media AI Content Moderation Incident
14.1 Autonomous Systems and Robotics
14.2 Artificial General Intelligence (AGI) Considerations
14.3 Quantum AI and Advanced Computing
14.4 AI in Critical Infrastructure
15.1 Adaptive Risk Management Principles
15.2 Collaboration and Knowledge Sharing
15.3 Ethical Leadership in AI Risk Management
15.4 Your Path Forward
This comprehensive guide bridges the gap between traditional enterprise risk management and the emerging challenges of artificial intelligence. Written specifically for risk managers in large organizations, it transforms abstract AI concepts into actionable frameworks, real-world practices, and proven strategies.
The book addresses the fundamental shift facing risk professionals today: AI is no longer a future consideration but a present reality that demands new approaches to identification, assessment, and mitigation. Rather than replacing existing risk management principles, this guide shows how to evolve them for an AI-enabled world.
Each chapter opens with a realistic scenario drawn from actual enterprise experiences, illustrating the human and organizational dimensions of AI risk. These stories ground complex concepts in relatable situations, making the technical accessible and the theoretical practical.
The content balances governance frameworks with technical understanding, emphasizing the NIST AI Risk Management Framework while incorporating insights from EU AI Act, ISO standards, and industry-specific regulations. Readers will find detailed case studies from healthcare, financial services, manufacturing, and technology sectors, demonstrating how leading organizations have successfully integrated AI risk management into their operations.
Throughout the book, Key Concepts boxes provide deeper explanations of complex topics and direct readers to authoritative resources for continued learning. Visual elements including risk matrices, decision trees, assessment frameworks, and process flows enhance comprehension and provide ready-to-adapt templates.
This guide equips risk managers with the knowledge, tools, and confidence to lead their organizations through the AI transformation—not as passive observers of technological change, but as strategic enablers of responsible innovation.
Justin is an AI risk and governance leader whose career spans enterprise cybersecurity, privacy, and sensitive data management across the U.S. Air Force, EY, JPMorgan Chase, and USAA. He built and led two large-scale programs, Enterprise Cyber Risk and Sensitive Data Management, translating regulatory demands into metrics, decision rights, control ownership, and executive-ready reporting. At USAA, he currently leads Sensitive Data Management and the bank’s AI initiative to automate feedback and solutioning, delivering a 30% productivity increase. Earlier, he created an AI toolset that streamlined SDM operations and generated $2.6 million in savings.
At JPMorgan Chase, he owned firm-wide policies and controls for data lifecycle, privacy, and records management, and provided independent challenge across major cyber uplift programs. At EY, he delivered GDPR/Privacy-by-Design initiatives at Cisco, established a CREST/CBEST-aligned red-team program for HSBC, and supported a Fortune Five incident response with zero media leakage. His Air Force tenure culminated in managing 188 personnel across intrusion response, threat hunting, forensics, and sensor operations.
Mr. Ryan’s academic and executive education includes an Executive Master of Cybersecurity (Brown University), an M.S. in Technology Commercialization (Northeastern University), a B.S. in Management (Bellevue University), and two A.A.S. degrees from the Community College of the Air Force. He completed Harvard Business School’s Program for Leadership Development (PLD 29, 2023) and earned MIT‘s certificate in Artificial Intelligence: Implications for Business Strategy (2025). In progress: USAII’s Certified Artificial Intelligence Transformation Leader (expected 2026) and Cornell’s Product Management 360 Certificate (expected 2026). Core certifications include CISSP, CRISC, GICSP, GCIH, and CEH.
Beyond line roles, Mr. Ryan serves as an AI Risk SME for ISACA, reviewing the 2025 Securing AI Review Manual, and previously advised ISACA’s CRISC exam question set. He has held board and committee positions with the CyberTexas Foundation, CREST (Executive Board, U.S. launch), InfraGard San Antonio, and regional cybersecurity and military affairs committees. He has collaborated with Los Alamos National Laboratory as part of the PathScan UI commercialization effort and has presented executive KRI reporting via Tableau to C-suite stakeholders.
Mr. Ryan’s publications include AI Data Privacy and Protection (2024) and Modern Medicine, Powered by AI (2024). His current focus is on end-to-end AI governance, integrated with enterprise model-risk and security frameworks, enabling high-stakes AI to scale responsibly.
Linda has held a variety of professional and management positions with world-class organizations such as DoE, DoD, The Boeing Company, Yahoo!, Hewlett Packard, PriceWaterhouseCoopers, Grupo Bimbo, and Nike. From 2001 to 2016, Ms. Kresl established and led her own consultancy specializing in Business Intelligence (BI) and Enterprise Data Architecture. With more than 20 years of professional experience, she has focused on developing enterprise-scale Business Intelligence solutions, Enterprise Information Management frameworks, and Data Governance/Data Quality improvement programs.
Since 2022, Ms. Kresl has expanded her expertise into AI, earning a certification in Artificial Intelligence from the Massachusetts Institute of Technology (MIT). Her current work centers on ethical AI implementation, AI-assisted data governance, and applied machine learning for business and government transformation. She has contributed to AI-driven research in areas such as explainable AI in healthcare, defense data strategy modernization, and data ethics in automation—bridging her deep data architecture background with next-generation AI applications.
Ms. Kresl has served on the Board of Directors for the Data Administration Management Association International (DAMAi) as Past Vice President of Member Services and as Past President of the Global Chapter. She also served on the IAIDQ Board of Directors as Vice President of Conference Services.
Her professional speaking engagements include presentations at the MIT Information Quality Symposium (2007–2010, 2020); ECCMA Technical Seminar (held alongside the ISO/TC 184/SC 4 meetings (2016) and IAIDQ (2008). Her publications include featured articles in DMReview (2002–2004) and Oracle Toolbox, focusing on enterprise data management and governance practices. As a contributing author, she played a significant role in the development of the book AI Data Privacy and Protection, The Complete Guide to Ethical AI, Data Privacy, and Security.
Ms. Kresl is a member of the Data Warehouse Institute (TDWI), holds MIT Chief Data Officer and Data Quality certifications, is a certified DW2.0 Architect, and has earned the MIT Professional Certificate in Artificial Intelligence. She also holds a degree in Computer Science from Idaho State University. As a Pentagon contractor, Ms. Kresl leads the implementation of a comprehensive Data Governance Strategy for a defense agency, serving as Lead Consultant and driving AI-enabled modernization initiatives that strengthen enterprise data capabilities across the defense landscape.
Please complete all fields.
