I’ll start with an analogy, if you’ll indulge me. AI can give you a blueprint for building a boat, including instructions on how to sail. But it matters whether you’re on the retention pond next to my house or launching into the Colorado River.

I have spent the past year building AI systems that encode real risk management expertise into working tools. Not enterprise query assistants or document drafters. Systems that produce client-ready enterprise risk registers, risk bearing capacity and retention analysis, statement of values and BI worksheets, policy and loss run analysis, and more. The kind of professional judgment that used to take a consulting team or risk management department weeks to assemble, compressed into hours and sourced to the standard an underwriter or CFO would expect.

The opportunities are extraordinary, but so are the governance risks. Speaking only for myself, there are a few I think deserve more attention.

Consulting Beyond Competence

The scariest AI risk isn’t hallucination. It’s when the answer is right and the person using it has no idea what they’re holding.

A large potential customer requires SQF certified suppliers. SQF is a food safety standard major retailers use to qualify their supply chain. Your company needs a food fraud prevention plan to win the business. Easy prompt. The output looks excellent. The problem is not that the template is wrong. It’s that the template is not the work.

For a cold storage warehouse, the right answer depends on what’s in those 55-gallon drums, your operations, sourcing geography, SQF code requirements, GFSI expectations, receiving controls, whether imported ingredients create additional regulatory obligations. If the product is fruit puree, the fraud vectors are specific: dilution with water, substitution with cheaper varieties, added sugars to mask dilution, and mislabeling of origin. Different products require completely different assessments.

That is not a template problem, it’s a judgment problem. AI can produce something polished, accurate, useful and still completely wrong for the situation.

The Right Way to Use It

Don’t start by asking AI to write the plan. Start by asking AI for the relevant standards. For our food fraud example, that should take you to the applicable SQF Code, the SQFI Food Fraud Guidance Document, SQFI Approved Supplier Program Guidance, and the SSAFE Food Fraud Vulnerability Assessment Tool.

Those are the tools AI should be helping you find from reputable sources. Not a finished plan. The starting materials.

Then trust but verify. Go to the source. Confirm what AI told you. Confirm it applies to your operation. Confirm the source has the credibility and weight you should be relying on. If you are consulting in your lane, you already know what that looks like.

Revenge of the Liberal Arts & Sciences – Pedagogy Matters More Than Prompting

People think building reliable AI projects is mostly about prompting. It is not. It is pedagogy, assurance of learning, repeatable and testable learning objectives, source discipline, and catching what does not hold up.

I first heard “pedagogy” helping to build Butler University’s Davey Risk Management & Insurance Program. Pedagogy is not just what you teach. It is how you prove someone actually learned it. Assurance of learning means tying outcomes to evidence, rubrics, minimum thresholds, and review when results fall short.

That is exactly what is missing from most AI implementations. Guardrails and responsible AI describe intent. They do not create a testable quality system. That system has more in common with proving to an accreditor that a student learned the material than asking a model to produce better prose.

The discipline that makes AI reliable is not a technology discipline. It is a teaching discipline.

Who Owns What You Build?

The intellectual property question is just as urgent. If you read about Butler University’s student-run captive insurance company in The New York Times, you can only imagine what I can teach Claude to do with captive feasibility studies.

A repeatable captive feasibility engine built inside an AI platform is extremely valuable. And depending on your employment agreement, it may not belong to you.

My agreements are clear. The things I build belong to my company. I know the deal and I am fairly compensated for it. But not everyone has that deal.

Employment agreements signed years ago were written to cover spreadsheets and client files, not project cookbooks, prompt architectures and AI skill libraries. If you are the builder, do you understand what you’re giving away? If you are the company, do you understand what is being built, and can you stop the IP from walking out the door?

The Disclaimer Gap

Most consulting disclaimers I see were not written for AI. Standard protective language says the work is advisory, based on conditions observed and information supplied by the client. That language was written for a world where a human did their research, reviewed the operation, and produced a deliverable based on decades of professional judgment.

But when AI generates the deliverable, nobody observed conditions, and the client supplied nothing, the gap between what the disclaimer describes and what actually happened is where the exposure lives. This is a good time to ensure your disclaimers were designed for this fact pattern.

The Opportunity

The opportunities are enormous for the people and companies who do it right. The problem is few people mitigate a risk they haven’t experienced yet. Risk Managers hear it all the time: “that has never happened before”. I’ve never died before either. It doesn’t mean I don’t spend time thinking about how to prevent it.

The problem is you don’t get a hug for the fire that never happens or a high-five for the prevented fatality. That is why risk management always lags innovation.

Hallucination, bias, and job replacement are risks worth talking about. But AI can also correctly tell you how to do something you have absolutely no business doing. Anyone who knows me knows I have no business operating a boat. AI can’t look me in the eye and know the degree to which I’d be a moron on the high seas. That’s the judgment it will never have.

These are the risks we should be talking about. &