New Signals from Advanced AI Models
Recent developments in the United States related to the control of access to, and limited deployment of, certain advanced AI models have sent an important signal: AI is no longer just an ordinary technology tool. As AI models become more powerful, the question is no longer only “What can AI do?”, but also “Into what kind of system should AI be introduced, under what control mechanism, and with what governance responsibility?” This is not only a question for major technology companies or government regulators. It is also a very practical question for every business that is considering the use of AI in management, operations, finance, sales, human resources, data analytics or cybersecurity.
AI Does Not Make a Business Better by Itself
Over the past few years, AI has often been described as a tool that helps businesses increase productivity, reduce costs, automate processes and make faster decisions. That is true, but only partly true. AI does not automatically make a business better. AI is an amplifier. If a business has good data, clear processes, transparent delegation of authority, strong internal controls and solid management capability, AI can amplify those strengths. The business can analyze faster, respond better, serve customers more effectively and manage risks more proactively. But if the governance foundation is weak, AI will also amplify those weaknesses.
When the System Is Weak, AI Makes Risks Spread Faster
Incorrect data can be processed faster. Inaccurate reports can be presented more convincingly. Confusing processes can be automated on a larger scale. Poor decisions can spread more quickly. Cybersecurity risks can become more serious. And dependence on a few key individuals can be hidden behind the impression that the business has already “gone digital” or “adopted AI”. This is a point that many businesses easily overlook. The issue is not whether a business uses AI or not. The issue is what kind of governance system the business is introducing AI into.
AI Forces Businesses to Revisit How They Operate
A business may use AI to support cash flow planning. But if data on receivables, inventory, project progress and payment schedules is not updated properly, the analysis will not be reliable. A business may use AI to support sales and customer service. But if customer data is scattered across departments, there are no consistent data entry standards, and no one is clearly responsible for managing the data, AI will only make that fragmentation appear more sophisticated. A business may use AI to support financial analysis. But if management reporting does not reflect the real state of the business, AI may only help produce better-looking reports, without helping management make better decisions. A business may also use AI to support human resources, legal, procurement or operations. But if authority is unclear, approval processes are loose and internal controls are weak, AI can accelerate the very deviations that already exist in the system.
The Issue Is Not the Tool, but the Governance System
Many businesses begin the AI conversation by asking which tool to use, which software to buy, or which process to automate first. But the more important question is whether the current governance system is clear enough, clean enough, disciplined enough and safe enough for AI to amplify. When a business is still small, many things can be handled through the founder’s experience, the flexibility of a trusted team and separate Excel files. But as revenue grows, the number of customers increases, cash flow becomes more complex, the workforce expands, data multiplies and external partners become more deeply involved, the old way of managing the business begins to show its limits. In that context, AI is not the starting point. AI is a test of the quality of the company’s governance.
Data, Processes and Delegation of Authority Are the Foundation
AI can only create value when the input data is sufficiently reliable. Yet in many businesses, data still sits separately in accounting, sales, warehouse management, production, projects, human resources and individual Excel files. Each department may interpret the same indicator differently. Revenue, costs, receivables, inventory, gross margin, delivery progress or customer performance may be recorded inconsistently. In that situation, the problem is not a lack of software or a lack of AI. The problem is that the business does not yet have data discipline. It is not clear which data is official. It is not clear who is responsible for updating, checking and using the data. It is not clear which data supports management, which data supports financial reporting, and which data supports risk control. In the age of AI, data governance is no longer a technical matter. It is a core part of corporate governance.
Processes and delegation of authority must also be reviewed before automation. If a process is already confusing, introducing AI may simply make that confusion move faster. If an approval process is already weak, AI may accelerate decisions that are not sufficiently grounded. If responsibilities between departments are unclear, AI may generate more information but not more accountability. Therefore, before automating, a business needs to answer very basic questions: who is responsible for this task, who has the authority to decide, who checks the work, who is ultimately accountable, what data is used as the basis for decision-making, and what mechanism is in place when deviations occur. These are governance questions, not technology questions.
Internal Controls and Cybersecurity Need to Be Upgraded
When AI is introduced into business operations, the boundaries between people, data, systems and decisions become more complex. An employee may use AI to draft emails, analyze contracts, prepare reports, develop pricing proposals, process customer data or support purchasing decisions. This can increase productivity, but it also creates new risks: sensitive data may be entered into inappropriate tools, AI outputs may be used without verification, inaccurate content may be sent externally, or important decisions may be based on uncontrolled analysis. Therefore, businesses need to upgrade internal controls for the AI environment. The purpose is not to ban AI, but to ensure that AI is used within a clear, safe and responsible framework.
Cybersecurity is also no longer solely the responsibility of the IT department. AI increases the value of data, and therefore also increases the risks surrounding that data. A fraudulent email can be written more convincingly. A voice impersonation call can sound more persuasive. A malicious link can be disguised more subtly. A compromised account can cause greater damage if the business does not have proper access control and authorization in place. Cybersecurity must therefore be seen as part of enterprise risk management. Business owners and leadership teams need to understand which data is critical, who has access, which systems are essential, which operations would be affected if those systems were disrupted, and whether the business has a response plan in place.
The Role of Business Owners and Leadership Teams
The most important point is that AI cannot be delegated entirely to the technical team. The technical team can implement tools, but it cannot replace leadership in deciding where AI should be used, what level of risk the business is willing to accept, which data must be protected, how decisions should be controlled, and how effectiveness should be measured. These are responsibilities of the business owner, the executive team and, where applicable, the Board of Directors. The stronger AI becomes, the more important senior-level governance becomes. Business leaders do not need to become AI engineers, but they do need to understand enough to ask the right questions, set the right principles and require the right control systems.
Start with a Review of the Governance System
Before investing heavily in AI, businesses should begin by reviewing their current governance system. A cash flow review helps the business understand how it actually generates, retains and uses cash. A data and management reporting review helps determine whether leadership is making decisions based on reliable data or only on fragmented pieces of information. A process, delegation and internal control review helps determine whether the business is operating through a system or still depending too heavily on a few individuals. A cybersecurity review helps assess how well data, accounts, systems and business operations are protected. This is not a step that slows down AI adoption. On the contrary, it is the way to help businesses adopt AI more safely, more substantively and with more sustainable value creation.
EPS Investing
Strengthening Businesses. Unlocking Capital.
Photo: Ngô Thanh Tùng
EPS Investing Looks at AI from a Corporate Governance Perspective
At EPS Investing, we look at AI from the perspective of corporate governance, operations and sustainable growth. Before discussing tools, we help businesses review the more fundamental foundations: cash flow, data, processes, delegation of authority, internal controls, cybersecurity and management capability. In the age of AI, the advantage does not belong only to businesses that adopt technology earlier. It belongs to businesses with a governance system strong enough for technology to amplify the right things.





