AI governance - what the NSW AI Operational Policy means for Audit and Risk Committees
15 Jun 2026AI governance meets the audit and risk mandate: what the NSW AI Operational Policy means for Audit and Risk Committees
The NSW AI Operational Policy introduces a mandatory regime for the governance, assurance and acceptable use of artificial intelligence across NSW Government. For Audit and Risk Committees, the more important point is how the policy has been built. It does not establish a parallel oversight structure. It is designed to operate through the governance, risk and assurance machinery agencies already maintain under the Government Sector Finance Act 2018 and TPP20-08. The policy even shares the same annual attestation cadence as TPP20-08, with both statements falling due on 31 October, and it explicitly encourages agencies to incorporate AI compliance into existing audit, risk and assurance programs, including internal audit plans and governance, risk and compliance processes.
That design choice places AI squarely within the remit of the ARC, but it also creates a boundary that committees need to draw with some care. This paper sets out what an ARC needs to know about the policy, what it needs to do, and what it should expect from its agency. With the policy now published, the implementation clock has started, and committees should be turning their attention to it during the current oversight cycle.
How the policy is constructed
The policy sits within a deliberately layered model. Australia’s eight AI Ethics Principles provide the overarching national guidance and are adopted as a mandatory compliance requirement. The NSW AI Operational Policy then sets the minimum requirements for governance, assurance and acceptable use. Beneath it, the AI Assessment Framework, or AIAF, is the mandatory risk assessment tool applied to AI use cases, supported by the NSW AIAF Platform as the authoritative all-of-government register. Agencies may add their own requirements on top, but cannot strip the minimum away.
The policy expresses its requirements through two standards. Standard A, Accountability, sets out who is responsible for what. It requires each agency to designate an Accountable Official at senior executive level, to stand up or adapt a governance board, and to establish an assurance function. Standard B, Acceptable Use, sets out the principles employees must follow when using AI, covering the protection of government information, meaningful human oversight, personal accountability for AI-assisted work, critical assessment of outputs, and adherence to law, policy and ethics. Agencies must update their ICT Acceptable Use Policy to align with Standard B.
The AIAF itself has been reframed around the AI use case rather than the product or platform. A single product such as a general-purpose assistant may support many use cases, each with a different risk band and data context, so assessing the product once does not substitute for assessing how it is used. The framework now relies on universal registration of all AI use, a deterministic screening step to decide whether a full assessment is required, and portfolio-level aggregation so that risk concentration and automated decision prevalence can be monitored across the register.
Where the ARC sits in this picture
TPP20-08 is founded on the Institute of Internal Auditors’ Three Lines Model, and the cleanest way for a committee to locate itself within the AI policy is to map the policy’s roles onto those lines. The agency’s AI governance board, which the policy expects to include executive-level membership and a mix of legal, ethics, data, privacy, cyber and AI expertise, is a management and oversight function. The assurance function, which the policy expects to operate at director level, is a management assurance role concerned with verifying controls and compliance. Internal audit remains the independent third line, and the policy anticipates that internal audit will conduct annual audits of high-risk and critical-risk AI uses. The ARC, as it always has been, is the independent committee that advises the Accountable Authority on whether all of this is working.
This mapping matters because the policy uses the words governance and assurance in a management sense, and those words can be misread. The AI assurance function is not third-line independent assurance, and the AI governance board is not the ARC. Because the policy permits agencies to use existing functions, some will be tempted to lean on the committee to fill a gap. An ARC cannot become the AI governance board. It has no executive powers, holds no management function, and its members are independent appointees who are not employees of the agency. The committee’s role is to provide independent oversight of the agency’s AI governance and assurance arrangements, not to own them. Keeping that distinction visible is itself one of the more useful things a committee can do in the first year of implementation.
It is also worth noting a scope difference. TPP20-08 applies to the General Government Sector agencies listed in its Annexure J and excludes State Owned Corporations and universities. The AI Operational Policy reaches more broadly and does include State Owned Corporations. Most committees will be overseeing an agency that is in scope of both instruments, but the two do not map onto an identical population, and the AI attestation is directed to the NSW Office for AI through Digital NSW reporting rather than to Treasury.
For committees that prefer a single reference point, the appendix to this paper maps each element of the AI Operational Policy to the specific TPP20-08 anchor that brings it within the committee’s remit, alongside the oversight angle the committee would take. It is designed to be lifted out and used on its own as a one-page cheat sheet.
What the ARC needs to know
The first thing a committee needs to recognise is that AI is now a named emerging risk that already falls within its existing charter. The model ARC charter in TPP20-08 requires the committee to seek assurance from management that emerging risks, including cyber and climate, are being identified and addressed, and to review the effectiveness of the agency’s monitoring of compliance with applicable laws, regulations and government policies. AI is the next named risk category in that line, and the AI Operational Policy is precisely the kind of mandatory government policy whose introduction the committee is already obliged to track. No charter amendment is strictly required to bring AI within the committee’s view, although agencies may choose to make the coverage explicit.
The committee should also understand the key roles the policy creates, because they determine who it will be questioning. The Agency Head, who in TPP20-08 terms is the Accountable Authority, remains ultimately responsible for compliance and for any risk arising from non-compliance. The Accountable Official is the senior executive who carries day-to-day responsibility for implementing the policy and is the natural witness for AI matters before the committee. The governance board approves the level of oversight for each use case and is accountable for matters such as transparency, appeal and redress, service continuity and the annual review of oversight effectiveness. The assurance function approves risk bands, monitors higher-risk systems and escalates non-compliance. Above the agency, the NSW Office for AI maintains all-of-government visibility, and the AI Review Committee provides expert advice on critical-risk and selected high-risk use cases and on post-incident review.
Finally, the committee should be clear on the compliance architecture. From the 2027 reporting period, agencies will provide an annual attestation of compliance to the Office for AI by 31 October, endorsed by the AI governance board and approved by the Agency Head. The shared deadline with the TPP20-08 attestation is an opportunity rather than a coincidence, and it allows a committee to sequence its AI oversight so that it feeds the broader assurance cycle.
What the ARC needs to do
The practical work begins with the committee’s own agenda. AI governance and assurance should appear as a standing item and be reflected in the committee’s annual work plan, treated as a named emerging risk rather than a one-off briefing. From that footing, the committee can seek assurance on the foundational steps: that an Accountable Official has been designated and notified to the Office for AI, that a governance board has been stood up or an existing board’s remit extended, that an assurance function has been established, that the ICT Acceptable Use Policy has been updated to reflect Standard B, that AI literacy training has been made available, and that AI use is being registered in the AIAF Platform.
The committee’s influence over the internal audit plan is one of its most direct levers. Under TPP20-08 the committee recommends approval of the risk-based audit plan, and it should now satisfy itself that the plan reflects AI proportionate to the agency’s portfolio, including the annual audits of high-risk and critical-risk uses that the policy anticipates. It is reasonable for the committee to probe whether internal audit has, or can access, the capability to audit AI systems credibly, since this is a genuine resourcing and skills question rather than a formality.
The committee should also expect to engage with the AI attestation before it is finalised. Although the AI statement is not lodged with Treasury, the committee’s standing oversight of compliance and external accountability gives it a clear interest in reviewing the attestation, in sighting any disclosure of non-compliance, and in offering advice to the Agency Head ahead of approval. The portfolio-level data held in the AIAF Platform is, for these purposes, the AI equivalent of the agency’s risk register, and the committee can reasonably ask to see portfolio views covering adoption, risk concentration, the use of sensitive data, the prevalence of automated decision-making, and the audit status of higher-risk use cases.
Running through all of this is the independence boundary discussed above. The committee should confirm that the agency has not conflated the ARC with the AI governance board, and that the assurance function is understood as a second-line management function rather than as a substitute for independent assurance. Where the highest-risk use cases are concerned, the committee should look for genuinely independent coverage rather than management self-review presented as audit.
What the ARC should expect from its agency
A committee is entitled to expect a coherent operating model rather than a collection of disconnected obligations. That means a named Accountable Official and a governance and assurance design that is mapped to existing structures, a complete and maintained AIAF register with portfolio reporting, and evidence that controls are proportionate to risk. For the use cases that matter most, the committee should expect to see meaningful human oversight, transparency statements on public-facing systems, accessible appeal mechanisms where AI affects people’s rights and interests, a non-AI service option where AI interacts with the public, and tested business continuity arrangements for AI dependencies that support critical services. It should also expect that AI outputs informing decisions are captured and retained as State records.
Above the level of individual controls, the committee should expect an implementation plan with milestones running to the 2027 attestation, and a candid account of capability and resource gaps. The policy expressly invites agencies that lack the resources or expertise to implement AI governance and assurance to notify the Office for AI, and a committee should regard an honest disclosure of a gap as a sign of maturity rather than a failing. Most of all, the committee should expect AI to be integrated with the agency’s existing cyber, privacy, procurement and recordkeeping obligations rather than managed as a separate silo, because that integration is the whole intent of a policy that has been written to strengthen, and not duplicate, the frameworks agencies already operate.
A closing observation
The AI Operational Policy does not ask Audit and Risk Committees to do something unfamiliar. It asks them to apply the discipline they already bring to financial controls, cyber risk and compliance to a fast-moving and unevenly understood technology, and to do so while holding the line on their own independence. The committees that handle this well will be the ones that treat AI as an emerging risk within their established mandate, that use their influence over the internal audit plan to secure proportionate and genuinely independent coverage, and that resist any drift toward owning a risk that properly belongs to management. The shared October deadline is a reminder that AI assurance and the agency’s wider assurance obligations are now part of the same annual rhythm.
This paper reflects the NSW AI Operational Policy as published and the current TPP20-08 Internal Audit and Risk Management Policy for the General Government Sector. Committees should confirm their analysis against any implementation guidance subsequently released by the NSW Office for AI.
Appendix: an ARC cheat sheet
This table maps each element of the NSW AI Operational Policy to the TPP20-08 anchor that brings it within the committee’s mandate, and the oversight angle a committee would take. It is intended to be used on its own as a one-page reference. You can download a PDF Version Here.
| AI Operational Policy element | What the policy requires | TPP20-08 anchor | ARC oversight angle |
|---|---|---|---|
| The policy as a mandatory government policy | Compliance with Standards A and B and the eight AI Ethics Principles | Model ARC charter, Compliance and ethics; CR 3.1 | Review the effectiveness of the agency’s monitoring of compliance with this new mandatory policy, as the charter already requires for changes in key laws and government policy |
| AI as a category of risk | Identify, assess and treat AI risk across the lifecycle via the AIAF | CR 1.2; clauses 1.2.11–1.2.13 (emerging risks; cyber and climate named); model charter, Risk management | Treat AI as the next named emerging risk; seek assurance it is being identified and addressed within the existing AS ISO 31000:2018 framework |
| AIAF risk assessment and the AIAF Platform register | Register all AI use; assess use cases; maintain a central register and portfolio data | CR 1.2 (framework; integration 1.2.5; risk register linked to objectives) | Use portfolio-level AIAF data as the AI equivalent of the risk register; request views on risk concentration, sensitive-data use and automated-decision prevalence |
| Accountable Official (senior executive) | Senior executive nominated to implement the policy | CR 1.1 (Accountable Authority’s ultimate responsibility; delegation of functions permitted) | Identify the Accountable Official as the standing witness for AI matters; confirm the delegation is real and resourced |
| AI governance board | Executive-level board accountable for risk oversight, transparency, redress, continuity and effectiveness review | Three Lines Model (Figure 1); CR 3.1 | Recognise this as management and oversight, not the ARC; oversee whether it operates effectively without absorbing its function |
| AI assurance function | Director-level function approving risk bands, monitoring higher-risk systems and escalating non-compliance | Three Lines Model (second line); CR 3.1 | Distinguish second-line management assurance from third-line independent assurance; do not treat it as a substitute for internal audit |
| Annual audits of high and critical-risk AI uses | Audit the highest-risk uses at least annually | CR 2.1–2.3; model charter, Internal audit; clause 2.3.7 (ARC recommends approval of the audit plan) | Ensure the risk-based internal audit plan reflects AI proportionately; press for genuinely independent coverage of critical-risk uses, and test internal audit’s capability and resourcing |
| Monitoring and lifecycle reassessment | Monitor medium, high and critical-risk systems and reassess on change | CR 1.2 (continual monitoring); model charter, Risk management | Seek assurance that monitoring and reassessment processes operate effectively, including human oversight |
| Incident response, override, appeal pathways, alternative channels | Plans and mechanisms for higher-risk AI; escalation pathways | Model charter, Risk management (business continuity) and Compliance and ethics | Confirm AI incidents surface to the committee appropriately and are distinct from the cyber-incident pathway |
| Recordkeeping of AI outputs | Capture and retain AI outputs as State records | Model charter, Compliance and ethics (State Records Act obligations) | Seek assurance recordkeeping obligations are met where AI informs decisions |
| Annual AI attestation (31 October) | Attestation endorsed by the governance board and approved by the Agency Head | Requirements for an Attestation Statement; Annexure C; model charter, External accountability | Review the AI attestation and any non-compliance disclosure before approval; sequence with the TPP20-08 attestation given the shared deadline |
| Independence boundary | Agencies may use existing functions | CR 3.1 independence; clauses 3.1.21–3.1.22 (no executive powers, no management function) | Confirm the agency has not conflated the ARC with the AI governance board |