In a video call with what looked like his Chief Financial Officer and two colleagues, an Arup finance employee was asked to authorise an urgent transaction. The conversation seemed normal. The faces were familiar. The voices matched. Within hours, fifteen wire transfers had moved $25 million into five Hong Kong bank accounts.
Then he called head office.
Nobody had asked him to authorise anything. The CFO had been at his desk all afternoon. The colleagues had no idea what he was talking about. Every face on that call had been an AI-generated deepfake, built from publicly available footage of Arup executives on LinkedIn and YouTube. He had been the only human in the room.
I opened my closing keynote at the IIA General Audit Management Conference at Aria Las Vegas in March 2026 with that story. The audience was 1,200 Chief Audit Executives, Chief Risk Officers, and senior governance leaders. The atmosphere was not what you might expect at an AI talk in 2026. There was no buzz of excitement about productivity gains. There was the very specific quiet of senior professionals realising the legal, ethical, and reputational stakes have just shifted beneath their feet.
Because here is the through-line connecting every major AI failure of the last few years.
They had the technology. What they didn't have was Responsible AI.
They didn't have oversight.
The case studies have moved from "interesting examples" to "litigation evidence" with breathtaking speed.
The Dutch Toeslagenaffaire. An automated childcare benefits algorithm flagged 35,000 families as fraudulent. Many came from immigrant backgrounds. Many were single mothers. The algorithm used nationality as a risk indicator. Amnesty International later described the system as racial profiling baked into the design. Many of those families lost everything: homes, marriages, livelihoods. Over 1,100 children were taken into foster care. By the time the truth came out, the entire Dutch government had resigned. That is what happens when AI Ethics is not embedded in design.
Mobley v. Workday. A US federal court has now ruled that AI vendors can be held liable as agents of their employer-customers, allowing the first nationwide AI hiring class action to proceed. The plaintiff was rejected by AI screening tools more than 100 times. The "we just provide the tool" defence is dead. The era of Responsible AI as a legal obligation, not a brand exercise, has arrived.
Anthropic and the Pentagon. The AI company refused to drop ethical guardrails on autonomous weapons and mass surveillance, even at the cost of a $200 million Pentagon contract. The company was subsequently designated a "supply-chain risk to national security," the first such designation ever applied to an American AI company. Rival labs and startups have rushed to fill the vacuum, building what Anthropic refused to build. Every AI guardrail is now a competitive choice. Every choice has a price.
These are not edge cases. They are the new baseline.
The question for every leader in 2026 is no longer should we adopt AI. It is: who is making sure we can explain it, defend it, and sustain it?
When organisations book me as an AI keynote speaker, the question I am most often asked is what separates the AI winners from the AI casualties of this decade. The pattern is consistent across every industry I have worked with, from Apple, Google and Microsoft to the United Nations, the Australian Army, and the Brisbane Broncos.
The winners treat Responsible AI, Explainable AI, and Ethical AI as the foundation of sustainable innovation, not as a brake on it.
Here is the misconception that costs organisations the most. Leaders treat AI governance as the thing slowing innovation down. As if explainability is the speed limit. As if AI Ethics is the seatbelt. As if compliance is the speed camera.
It is the opposite.
Governance is not the brake. It is the steering wheel.
There is no sustainable innovation without Responsible AI. There is no Responsible AI without Explainable AI. There is no Explainable AI without leaders willing to ask uncomfortable questions before they sign the procurement order, not after the lawsuit.
This is the principle that anchors my work as a futurist and Adobe AI brand ambassador. And it is the principle the audit profession has, perhaps quietly, been preparing for its entire history.
When I work with boards, audit committees, and executive teams navigating AI deployment, I give them three questions.
Three is enough. Three is rememberable. Three is auditable. Three is the difference between sustainable innovation and a public crash.
If your AI system makes a decision that affects a customer, an employee, or a regulator, can you show your working? Can you point to the variables that drove the outcome?
Explainable AI (XAI) is not a nice-to-have. It is the architecture that separates organisations that will survive AI scrutiny from those that won't. Techniques like SHAP (SHapley Additive exPlanations) and LIME (Local Interpretable Model-agnostic Explanations) exist precisely so we can move from "black box" AI to "glass box" AI. The European Central Bank now expects AI decisions in banking to be explainable and auditable. The CFA Institute published Explainable AI in Finance in 2025, tying XAI directly to the ethical obligations of investment professionals.
If your answer to a regulator's question is "the model just decided," you do not have AI governance. You have a black box and a prayer.
When a journalist asks why your AI did what it did, when a regulator opens an inquiry, when a court calls for discovery, can you produce a coherent answer?
Not a marketing answer. Not a values-statement answer. A legally and ethically coherent one.
The Mobley v. Workday precedent has made this question expensive to fail. Ethical AI is no longer a corporate values statement pinned to a website. It is a litigation defence document, an insurance pricing factor, and a procurement filter for any vendor selling AI into your enterprise. The General Counsels and Chief Risk Officers reading this know exactly what I mean.
If your AI decisions cannot survive a forensic audit, your organisation cannot survive a forensic audit of your AI.
Will this AI system, this data set, this energy bill, this reputational exposure, still be defensible in five years? In ten? In front of future shareholders, future regulators, future generations?
Microsoft's emissions are up 23.4 percent compared to its 2020 baseline, driven by AI and cloud expansion, despite the company's pledge to be carbon negative by 2030. Google's emissions are up 51 percent. Large data centres are now consuming up to 5 million gallons of water per day, the equivalent of a town of 50,000 residents.
Sustainable AI is not a side project. It is the project. The leaders who get this right are integrating AI strategy and ESG strategy as one conversation, not two. They understand that the Twin Transformation, the simultaneous pursuit of digital and sustainable innovation, is the only viable long-term posture. Everything else is short-termism with a slide deck.
If your organisation cannot answer all three for a given AI deployment, that is not a problem to solve later. In the language of the audit room I was speaking to at the IIA, that is a finding.
Here is what the framework looks like in practice for the leaders I work with.
At board level: Add the Three Questions to your AI risk appetite statement. Every major AI deployment now requires a written response to all three before procurement is approved. This is exactly the kind of governance hygiene that turns into competitive advantage at scale.
At audit committee level: Make the Three Questions the standing structure of every AI-related agenda item. Internal audit, risk, compliance, and information security teams report against the same three categories. This creates auditable, repeatable consistency across the enterprise.
At executive level: Treat the Three Questions as a procurement filter. Any AI vendor whose product cannot satisfy them is, by definition, an unacceptable third-party risk. Audit your vendors' algorithms with the same rigour you audit their financials.
At organisational culture level: Make the Three Questions part of every team's AI literacy training. The Arup deepfake fraud succeeded not because the finance employee was negligent, but because the organisation had not embedded a culture of verify, then trust into financial controls. Cultural change is the deepest moat against AI risk.
The organisations crashing in 2026 are not the ones lacking technology. They are the ones lacking the oversight to steer it.
The organisations winning are doing the unglamorous work. They are running the Three Questions before procurement, not after a lawsuit. They are auditing their vendors' algorithms with the same rigour they audit their vendors' financials. They are building Explainable AI capability in-house. They are publishing their AI ethics commitments and being held accountable to them.
Most importantly, they are treating Responsible AI not as a department, not as a compliance line item, but as a discipline that lives in every team that touches an AI system. From the procurement officer to the chief audit executive to the CEO who signs the strategy.
To the 1,200 audit leaders I had the privilege of speaking to at Aria Las Vegas: AI didn't take your seat at the table. It pulled up a chair for you. Your seat has never been more valuable. Your questions have never been more needed. And your profession is the trust layer the AI economy now depends on.
To every leader reading this: you don't need to predict the future of AI. You need to govern the AI you already have, right now, today, in the systems running inside your organisation.
Sustainable innovation is not a slogan. It is the compound interest of every Responsible AI decision you make this quarter.
Start with three questions.
The Three Questions Framework is a board-level diagnostic for any AI deployment, developed by futurist Anders Sörman-Nilsson. The questions are:
If an organisation cannot answer all three for a given AI initiative, the deployment carries unacceptable ethical, legal, and reputational risk.
Responsible AI is the practice of designing, developing, and deploying artificial intelligence systems ethically, transparently, fairly, and accountably, with oversight and governance built in by design rather than retrofitted after a failure. The principles typically include fairness, reliability and safety, privacy and security, inclusiveness, transparency, and accountability.
Explainable AI refers to AI systems whose decisions can be understood by humans. The two leading techniques are SHAP (SHapley Additive exPlanations), which calculates each variable's contribution to a decision, and LIME (Local Interpretable Model-agnostic Explanations), which probes individual decisions by tweaking inputs. The EU AI Act mandates explainability for high-risk AI in financial services.
Twin Transformation is the simultaneous pursuit of digital transformation and sustainable transformation, on the basis that AI strategy and ESG strategy cannot be conducted as separate workstreams. The organisations navigating the next decade most effectively are pursuing both together.
Anders Sörman-Nilsson is a Swedish-Australian futurist, Adobe AI brand ambassador, and Keynote Speaker of the Year recipient who has keynoted on Responsible AI, Explainable AI, and AI governance for Apple, Google, Microsoft, Meta, the United Nations, the Australian Army, the IIA, TD SYNNEX, and CPA Australia.
Anders is currently booking globally for 2026 and 2027. Enquiries can be sent to info@anderssorman-nilsson.com or via the contact form on anderssorman-nilsson.com. Senior conference planners typically book six to twelve months ahead.
Watch the full IIA keynote on Responsible AI, Ethical AI and Sustainable Futures, delivered at the IIA General Audit Management Conference, Aria Las Vegas, March 2026.
Anders Sörman-Nilsson is a Swedish-Australian futurist, Adobe AI brand ambassador, and Keynote Speaker of the Year recipient. He has briefed leaders at Apple, Google, Microsoft, Meta, BMW, McKinsey, LEGO, Dyson, Citi, the United Nations, the Australian Army, the IIA, and TD SYNNEX on Responsible AI, AI Ethics & Governance, Explainable AI, and Sustainable Innovation. He is currently booking globally for 2026 and 2027.
Enquiries: info@anderssorman-nilsson.com Website: anderssorman-nilsson.com