Safety culture and AI: Why the GRC must lead in building responsible work environments

Artificial intelligence is no longer a future promise, but a concrete and growing presence in the daily lives of companies. A recent global survey, conducted with more than 32 thousand employees from 47 countries, reveals that 58% of professionals already use AI tools at work, and a third of them do so on a daily or weekly basis.

The gains are real. Efficiency, agility, innovation and improvement in the quality of deliveries are the main points highlighted by those who have integrated AI into their routines. But along with the benefits, there are also important alerts, especially when it comes to security, compliance, and corporate responsibility. The GRC (Governance, Risks and Compliance) needs to take the lead at this time.

Source: The Conversation.

Opportunity and risk go together

The ease of use and free access to platforms such as ChatGPT made AI a common tool, even among collaborators who are not part of technical areas. However, the study shows that nearly half of the users (47%) have used AI inappropriately. Even more worrying: 48% said they had entered sensitive information into the systems, such as financial or customer data, and 44% admitted to violating the company's internal rules in this process.

These actions, often motivated by lack of knowledge or clear guidelines, have already caused significant losses in different sectors. Operational failures, data exposures, and reputational damage are just a few of the observed consequences.

The absence of policies accelerates the problem

The invisible use of AI, one that is neither declared nor monitored, has become common. 61% of professionals do not reveal when they use the technology. More than half (55%) present AI-generated content as if they were authors, and two-thirds don't even know if its use is allowed in their organizations.

In other words, risk is being silently and continuously amplified, fueled by the absence of governance.

Only 34% of companies have clear policies regarding the use of AI. And only 6% formally banned generative tools, which indicates a large internal regulatory vacuum. Meanwhile, the pressure for adoption is only growing. 50% of employees fear being left behind if they don't start using AI now.

The role of GRC in building safe environments

The challenges surrounding AI are not just about technology, but about how it impacts processes, people, and responsibilities.

Developing clear policies, implementing security controls, reviewing usage practices, and empowering teams are just the first steps. Artificial intelligence needs to be incorporated into company culture with criteria, accountability, and governance, which includes:

• Mapping the specific risks of AI in business processes.
  
• Review of information security, privacy, and ethics policies.
  
• Continuous training on the safe and critical use of tools.
  
• Adoption of solutions that provide traceability, control, and evidence of use.
  
• Development of a culture of transparency and constant learning.
  

Organizations that invest in digital literacy and develop psychologically safe environments tend to reap more consistent benefits from adopting AI. It's not just about avoiding risks, but about creating a solid foundation for sustainable innovation.

According to research data, professionals who are more familiar with the tools and who have undergone formal training tend to better verify the results of AI, understand its limits and, as a result, achieve better results. However, only 47% of respondents say they have received any type of training.

This demonstrates the size of the opportunity that GRC areas have in their hands. More than overseeing, they must lead the change.

AI has already transformed the way we work, now the next step is to ensure that this transformation happens with responsibility and long-term vision. This will only be possible with the GRC at the center of the strategy, supporting leadership and empowering employees with clear guidelines, technical training, and appropriate tools.

If your organization hasn't yet structured a robust policy for using AI, now is the time.

Information security and the integrity of corporate data depend on concrete actions and an environment where transparency is encouraged, not punished. The future of AI at work is promising, provided it is governed with intelligence.

Click here and talk to a Vennx expert.