Every week I sit in a boardroom where someone mentions AI. And almost every time, the conversation starts in the wrong place.
It starts with tools. It starts with vendors. It starts with what a competitor is supposedly doing. What it almost never starts with is the most important question: what problem are we actually trying to solve, and do we have the foundations to solve it well?
Australian organisations are investing in AI at pace. Boards are demanding a strategy. Executives are under pressure to show progress. And the result, in most cases, is a collection of disconnected experiments that cost more than expected, deliver less than promised, and create new risks nobody planned for.
This is not a technology failure. It is a governance and architecture failure. And it is fixable — but only if you start in the right place.
The real reason AI initiatives fail
The research is consistent. Somewhere between 70 and 85 per cent of AI projects do not deliver the business value that justified them. The most common reasons have nothing to do with the quality of the models or the capability of the vendors.
They fail because:
- Nobody owns it. AI adoption sits across IT, operations, legal, and the business units simultaneously — and accountability diffuses to nothing. When something goes wrong (and it will), nobody knows whose problem it is.
- The architecture wasn’t ready. AI systems need clean, governed, accessible data. Most enterprise environments have none of these things in sufficient quantity. Organisations discover this six months into an implementation, not six months before it.
- Governance was an afterthought. Policy, risk assessment, and ethical review were meant to happen ‘once we understand what we’re building.’ They never happen, or they happen too late to shape anything meaningful.
- The use case was vendor-led. The organisation bought a solution looking for a problem, rather than identifying a problem and evaluating solutions.
Sound familiar? It should. I see this pattern constantly across sectors, across organisation sizes, and across levels of technical maturity.
The Australian context raises the stakes
Australian organisations face a specific set of pressures that make this problem more acute.
The Privacy Act amendments are reshaping what responsible data use looks like, and AI systems that ingest customer data are squarely in scope. The Australian Signals Directorate has published AI guidance and is actively factoring AI security practices into its broader cybersecurity expectations. ASIC and APRA are watching how boards govern technology risk, and AI is increasingly part of that conversation.
Government agencies face an additional layer: the ISM, procurement rules, and accountability frameworks that make ungoverned AI adoption not just operationally risky, but potentially legally and politically exposed.
The pressure to ‘do something with AI’ is real. But the pressure to do it accountably is growing faster than most organisations have adapted to.
What getting it right actually looks like
Don’t get me wrong, I am not arguing against AI adoption. we use AI often both within our business, but also with and our for clients. What I am arguing for is adoption that is deliberate, governed, and architecturally sound. The organisations I see doing this well share three characteristics.
They started with governance, not tools. Before any procurement decision, they asked: who owns AI in this organisation? What is our risk appetite? What data can we use, and what are the controls? What do we do when something goes wrong? These questions take weeks to answer well. They save years of remediation.
They treated architecture as a prerequisite, not a constraint. They mapped what AI needed from their data environment — and fixed what wasn’t ready before expecting results. This is unglamorous work. It is also the difference between an AI proof of concept that dies after three months and one that scales.
They chose use cases based on business value, not vendor capability. They identified problems worth solving: significant, measurable, and addressable, and then evaluated whether AI was actually the right answer. Sometimes it wasn’t. That clarity saved them significant cost.
The conversation executives should be having
If you are a CIO, CTO, CISO, or board member reading this, these are the questions worth asking before your next AI conversation:
- Who is accountable for AI governance in our organisation, and what authority do they have?
- Is our data environment genuinely ready to support the AI use cases we are pursuing?
- Have we mapped the regulatory and reputational risks of our current AI activity?
If you cannot answer those three questions confidently, you are not ready to scale. You may not even be ready to pilot.
The technology is the easy part. The organisation is the hard part. And the organisation is where Fugleman Group focuses.
David Browne is Principal Consultant at Fugleman Group, an Australian advisory practice specialising in enterprise architecture, technology strategy, cyber security, and AI governance. Ready to have a different AI conversation? Visit go.fugleman.com.au/booking for a free initial consult.