You have conducted an AI governance assessment. You have a scorecard with seven pillar scores, a composite maturity level, and a 90-day roadmap. Now you need to present the findings to the people who control budget, set priorities, and bear ultimate accountability: the board of directors, the executive committee, or the CEO.
This is where most governance efforts stall. Not because the findings are weak, but because the presentation is built for practitioners, not decision-makers. Board members do not need to understand the difference between Level 2 and Level 3 maturity across 31 sub-dimensions. They need to understand three things: what is the risk, what does it cost to fix, and what happens if we do nothing.
This guide provides a structure for a 20-minute board-level AI governance briefing that answers those three questions and leads to a decision.
Before You Build the Presentation
Understand your audience. Board members and senior executives in Oman typically have deep operational or financial expertise but limited exposure to AI governance as a formal discipline. They are not hostile to the topic — they are aware that AI is a priority, particularly given the national AI strategy and the PDPL enforcement that took effect in February 2026. But they have limited time, and they are evaluating your presentation against every other initiative competing for attention and budget.
Your job is not to educate them about AI governance. Your job is to help them make a decision. Every slide, every data point, and every recommendation should serve that purpose.
Slide 1: Context (2 Minutes)
Open with the regulatory and strategic context — not the framework. The board needs to know why AI governance is on the agenda now, not why it is theoretically important.
State three facts. First, the PDPL became fully enforceable on 5 February 2026 — organisations must now demonstrate data protection compliance, including for AI systems that process personal data. Second, the MTCIT 2025 General Policy requires human oversight, transparency, and accountability for AI systems used in government and public-facing services. Third, the Oman 2026–2030 Digital Economy Roadmap commits to a national AI platform, expanded AI investment, and targets 10% of GDP from the digital economy by 2040 — organisations that cannot demonstrate responsible AI governance will be excluded from this growth.
Do not open with "AI is transforming every industry." The board knows this. Open with what has changed in their regulatory and competitive environment in the past six months.
Slide 2: What We Found (5 Minutes)
Present the radar chart. One image, seven axes, the organisation's actual scores. This is the most powerful slide in the presentation because it communicates the governance profile instantly — no one needs to read a table to see that one axis is dramatically shorter than the others.
Below the chart, provide the composite score and its interpretation. For example: "Our composite AI governance maturity score is 2.1 out of 5.0, which places us in the 'Foundational Gaps' band. We have early-stage practices in some areas, but no pillar has reached a level where governance is documented, consistent, and measurable."
Then highlight the two lowest-scoring pillars by name and give a one-sentence explanation of what the score means in operational terms. For example: "Pillar 2 (Accountability) scored 1.4 — we have no designated AI governance body, no documented ownership of AI systems, and no escalation path for AI-related incidents. Pillar 5 (Data & Ethics) scored 1.6 — we have no bias testing process, no mechanism for individuals to challenge AI-driven decisions, and our privacy notices do not address automated processing."
Avoid presenting all seven pillars in detail. The board needs to see the shape and know the critical gaps. Detailed pillar-by-pillar analysis belongs in a supplementary appendix they can read after the meeting.
Slide 3: What This Means (5 Minutes)
Translate scores into consequences the board cares about. There are three categories.
Regulatory exposure: under the PDPL, the organisation's current data governance practices around AI systems may not meet the requirements for lawful processing, transparency, or data subject rights. Penalties can reach OMR 2,000 per violation, but the greater risk is regulatory scrutiny, mandatory audits, and reputational damage. If the organisation operates AI systems that process personal data without documented governance, the compliance gap is immediate.
Operational risk: AI systems operating without defined ownership, monitoring, or change management processes are accumulating unquantified risk. Model drift, data quality degradation, and integration failures are not hypothetical — they are inevitable for unmonitored systems. The question is not whether a failure will occur but whether the organisation will detect it before it causes harm.
Strategic cost: Oman's 2026–2030 roadmap is expanding government AI procurement, public-private partnerships, and digital economy initiatives. Organisations that cannot demonstrate AI governance maturity — through certifications, documented frameworks, or assessment results — will be at a disadvantage in competing for these opportunities.
Be specific to your organisation. Replace generic risk language with concrete examples drawn from the assessment. "Our credit-scoring model has no documented bias review" is more powerful than "we face fairness risks."
Slide 4: What We Recommend (5 Minutes)
Present the 90-day roadmap as three to five specific actions, each with an owner, a cost estimate, and a measurable outcome. The board does not approve frameworks — it approves actions and budgets.
Structure each recommendation as a single sentence: "We recommend [action] by [date], led by [name/role], at an estimated cost of [amount], which will move Pillar [X] from Level [current] to Level [target]."
For example: "We recommend appointing an AI Governance Sponsor at the executive level by June 2026, at no incremental cost, which will establish the accountability structure required by the MTCIT policy and move Pillar 2 from Level 1.4 to Level 2.5." Or: "We recommend engaging an external AI governance assessment against the 7-Pillar model by July 2026, at an estimated cost of OMR 3,500–5,000, which will produce a detailed gap analysis, a standards-alignment report, and a 12-month governance roadmap."
Keep the total number of recommendations to five or fewer. A board that is asked to approve ten actions will approve none. Prioritise the actions that address the lowest-scoring pillars and the most immediate regulatory exposure.
Slide 5: Decision Required (3 Minutes)
Close with an explicit ask. State what you need the board to approve today, and what will happen next if they do.
For example: "We are requesting board approval to (1) designate an AI Governance Sponsor from the executive committee, (2) allocate OMR [amount] for an external governance assessment, and (3) schedule a follow-up presentation in 90 days to report on progress. If approved, we will begin the assessment in [month] and return with a detailed governance roadmap and updated maturity scores."
Do not end with "any questions?" End with a decision. Questions will follow naturally.
Common Objections and How to Address Them
Board members may raise predictable concerns, and preparing for them strengthens your credibility.
"We are not really using AI yet." If the organisation uses any automated decision-making, algorithmic processing, or machine learning — including vendor-provided tools — it is using AI. The MTCIT policy and the PDPL do not distinguish between internally developed and purchased AI systems. Governance obligations apply to both.
"This sounds expensive." The 90-day actions you are proposing are low-cost, high-impact. Appointing a governance sponsor costs nothing. A focused external assessment costs a fraction of what the organisation has already invested in AI tools. The cost of not governing — a regulatory finding, a biased decision that reaches the press, a system failure that disrupts operations — is orders of magnitude higher.
"Can we not just ask IT to handle this?" AI governance is not an IT function. It requires input from legal, compliance, operations, HR, and leadership. Delegating it to IT is the "diffusion of accountability" problem described in Pillar 2 — and it is precisely what the assessment has flagged.
After the Presentation
Send the board a one-page summary within 24 hours: the radar chart, the composite score, the three to five recommended actions, and the decision requested. Attach the full scorecard as an appendix. This document becomes the reference point for the 90-day follow-up and ensures the discussion is not lost between board meetings.
If the board approves the recommended actions, begin immediately. Momentum after a governance presentation has a short half-life. The first visible action — an appointment, an assessment kickoff, a policy draft — should happen within two weeks.
This is part of the Practitioner Guides series. For the conceptual foundation, see The Seven Pillars series.