Linkedin
Lucid Virtual Solutions
Schedule A Call

Embedding AI risks and ethics in organisational culture

We’re past the point of adoption. Planned, or unplanned, AI is now woven into the operational fabric of organisations worldwide, powering everything from recruitment tools and customer service chatbots to advanced decision-making systems that shape organisational strategy. This growing prevalence of AI brings unprecedented opportunities for innovation, productivity, and growth. However, these benefits come packed with a growing array of risks and ethical challenges that organisations cannot afford to ignore.

A core question is no longer whether AI ethics and risk need to be addressed, but how to embed them into the heart of organisational culture.

Embedding AI risks and ethics. Why bother?

Do we really need to go here? The transformative promise of AI is accompanied by risks that run the gamut from algorithmic bias and model “hallucinations” to privacy breaches, decision opacity, regulatory non-compliance, and broader threats to fairness and trust. Unlike many traditional technologies, AI systems can change and “learn” over time, amplifying positive outcomes but also the potential for negative and unintended consequences.

Embedding AI risks and ethics into organisational culture achieves several goals:

  • It builds AI literacy and risk awareness across all levels
  • It aligns AI use with organisational values and reputation,
  • It enables proactive identification and mitigation of risks before they escalate
  • It increases trust (internally and externally), accelerating adoption and innovation
  • It ensures compliance with evolving legal and regulatory frameworks
  • It supports sustainable, human-centred innovation that is responsive to changing risks over time.

Organisations with strong existing risk management cultures, clear values, and clear governance structures are already well positioned to lead this space.

AI_building_a_risk_culture

What standards to we have to lean on?

ISO/IEC 42001:2023 is the world’s first international management system standard dedicated to AI. It sets comprehensive requirements for establishing, implementing, maintaining, and continually improving systems.

  • It covers all aspects of AI lifecycle management: policy, leadership, planning, support, operation, performance evaluation, and continual improvement.
  • Its structural alignment with other ISO management standards (e.g. ISO 27001 for information security, ISO 9001 for quality) enables integration across functions.
  • It spells out normative controls related to AI policy, roles and accountabilities, data quality, transparency, human oversight, impact assessment, competence and awareness (i.e. training needs), supply chain management, continual monitoring, and improvement.

AS ISO/IEC 42001:2023 mandates that organisations:

  • define and communicate roles and responsibilities
  • plan and deliver training and awareness activities proportional to the scope and risks of AI use
  • document and maintain risk assessments, and
  • involve L&D and HR in establishing competence frameworks for those working with or accountable for AI.


The Australian Policy for the Responsible Use of AI in Government v1.1 (released September 2024) provides a unified framework for embedding responsible AI into public sector agencies, and offers critical practical insights for all organisations.

Key features relevant to L&D and organisational culture include:

  • Accountability. Agencies must appoint accountable officials for AI oversight and implementation within 90 days.
  • Transparency. A public transparency statement must be published within 6 months, outlining AI use, compliance, and risk mitigation. This statement should be regularly updated.
  • Training. Agencies are strongly encouraged to provide foundational AI training for all team members, with additional role-specific modules for those developing or procuring AI systems.
  • Integration: AI governance must complement, not duplicate, existing frameworks for data, privacy, cybersecurity, risk management, and ethics.
  • Continuous improvement. Ongoing monitoring, feedback loops, and adaptability are core; the policy is designed to evolve in response to technological and regulatory shifts.


The policy positions learning, accountability, and transparency at the heart of responsible AI, providing a scaffold not only for government, but as a leadership model for industry and non-profits.

Examples of leadership in this space.

At Lucid, we’re keen observers of the early adopters and the various approaches these organisations have taken. In terms of best-practice, Microsoft (not surprisingly) is a blueprint case study that follows the proven method of ‘perfect planning = perfect execution’.  Every organisation is different, and these other examples contain points-of-difference in their approach that may apply to your organisation or team:

Unilever

Unilever, a multinational consumer goods giant, are transparent with the ce and ethics into their organisational culture. Some takeaways:

  • Unilever established an AI assurance function as part of its broader data and analytics governance, building on a longstanding commitment to corporate responsibility and ethical leadership.
  • All new AI use cases, whether internally developed or purchased, must be submitted for evaluation using a standardised template (model card), which captures business purpose, team composition, data flows, risk domains (e.g. explainability, bias, privacy), and anticipated impacts.
  • Cases are triaged by an AI-based application, and subject to further manual review as needed, with explicit red/yellow/green risk ratings.
  • Projects deemed high-risk or presenting unresolved ethical issues are either sent back for revision or blocked.
  • Policies stress that no AI system with significant life impact on individuals can be fully automated, and must retain human oversight and ultimate accountability.
  • Continuous monitoring, model testing, and retraining are built into daily operations, supported by regular cross-functional learning programs.
  • Unilever partners with Holistic AI, integrating independent audits and benchmarking to align with emerging global standards (EU AI Act, ISO/IEC 42001, national regulations).

Unilever’s commitment is not just words or code. It is backed by a learning culture where AI assurance, ethics, and risk management are part of day-to-day processes, job expectations, and internal career development.

Scotiabank 

Scotiabank offers another compelling model for fusing AI risk and data ethics into culture and learning. What do Scotiabank do that makes them a leader?

  • Scotiabank’s AI risk management and data ethics policy is explicitly part of the organisation’s code of conduct, with annual team member’s attestation required.
  • All analytics, customer insights, and technical teams must complete mandatory, role-specific data ethics education, supported by ongoing training and scenario-based exercises.
  • Scotiabank collaborated with Deloitte to develop an “Ethics Assistant”. An automated tool that reviews proposed AI use cases for ethical risk factors before deployment, enabling democratised, scalable ethics assessment.
  • Team members working with customer data or unstructured information are coached to identify and resolve ethical risks early, driving a continuous cycle of literacy improvement, peer learning, and practical application.
  • Achievements are celebrated and formally recognised in talent and performance scorecards, reinforcing the business value and cultural centrality of responsible AI.


Mastercard

Mastercard has made responsible AI a lever for both compliance and innovation, embedding ethics into fraud detection, risk management, and product development at scale. Some highlights:

  • Mastercard uses generative and predictive AI for fraud detection, doubling speed and accuracy while minimising false positives.
  • Every AI project is reviewed by a multi-disciplinary board assessing legal, privacy, business intent, technical scalability, and ethical risks before proceeding, and subject to deep technical review during deployment.
  • The company’s data bill of rights ensures transparency and accountability for customer data.
  • Continuous training, upskilling, and team-based peer learning are provided on ethical AI, fraud risk, and compliance requirements.
  • Incident monitoring, automated alerts, post-incident learning, and regular training cycles support a culture of vigilance, learning, and improvement.
  • This approach reportedly saved Mastercard $20 billion in fraud losses in a single year, while strengthening trust with banks, merchants, consumers, and regulators.

Supporting Learning and Development

Organisations with established and documented learning and capability pathways can build on these foundations by integrating AI-specific risks and ethical considerations more seamlessly. At Lucid, we tend to see this more in the compliance space eg. privacy, cybersecurity, code of conduct. The most common program we find is the “Risk essentials” (or equivalent) as this is where the topic lends itself to setting expectations early during onboarding, and the annual refreshers that keep us up-to-date and compliant.  Whatever the program or approach, these are some tips for supporting L&D interventions:

  • Layered learning. Add AI scenarios to existing compliance and risk modules. e.g. in privacy, supply chain, safety, finance, or anti-discrimination training.
  • Problem and scenario-based learning. Apply organisational examples (or real-world case studies) to contextualise training.
  • Role-specific depth. Start with the fundamentals for all team members, then create advanced training for technical teams (data scientists, engineers, procurement, risk officers) covering model testing, bias detection, adversarial attacks, and ethical algorithm design; while non-technical team members receive “AI fundamentals” and business-use-focused risk primers.
  • Make it personalised. Leverage AI-powered adaptive learning to provide personalised content and keep pace with regulations and technological change.
  • Transparent communication. Update internal policy documents, and public-facing communications as new ethical risks or AI use cases emerge. They should be talked about. If there are any gaps in communication it will be filled with ‘the wrong noise’.
  • Own it as an organisation. Incorporate learning analytics, team member feedback, and incident reviews into continuous improvement of L&D programs. Learn as an organisation from mistakes. They will happen. So many times we’ve seen the focus (or blame) shift to the individual when an incident occurs. Make it a group priority with group ownership. 
 

All team members (not just technical team members) need a practical grip on AI concepts, risks, and organisational values as they relate to technology. Highly recommended learning elements include:

  • Basic AI principles, how AI differs from traditional IT, and the organisation’s AI use cases.
  • Realistic articulation of what AI can and cannot do, with examples of embedded risk (e.g. algorithmic bias, explainability gaps, data privacy issues, model drift).
  • Introduction to the organisation’s AI governance processes, including points of escalation and support.
  • Guidelines on responsible AI use (e.g. use of generative AI for content, prompts, and analysis).
  • Ethical decision frameworks mapped to company values, industry standards (Australian AI Ethics Principles), and regulatory requirements.
  • The consequences (and case histories) related to non-compliance or ethical failures in AI, including legal, reputational, and customer trust impacts.
  • Show team members, customers, or impacted groups can challenge AI-driven decisions; escalation pathways, and the role of human oversight.
 

Practical, scenario-based, and interactive formats (e.g. workshops, elearning team-based scenario discussions) have proven most effective for building retention and engagement, especially as AI concepts are still unfamiliar for many team members.

High-risk versus low-risk AI scenarios in learning and development

Not all AI use cases in an organisation carry the same level of risk. At lucid we tend to break them down in to high-risk and low-risk catergories.

High-risk AI scenarios in L&D typically include:

  • Use of AI in compliance training and assessments (risk of biased regulatory guidance, privacy breaches, legal exposure).
  • Performance management, promotions, or discipline decisions influenced by AI models (risk of discrimination, explainability, and accountability deficits).
  • AI systems used in safety-critical or high-reliability training environments (e.g. healthcare, construction, emergency response).
  • Any instance where decisions impact people’s careers, legal standing, or wellbeing.

These scenarios warrant close human monitoring, ongoing oversight, and advanced, recurrent team members training on bias, fairness, and responsible escalation policies.

Low-risk AI scenarios in L&D may involve:

  • AI used for automating administrative tasks (e.g. scheduling, tracking, reminders, resource allocation).
  • Personalised learning recommendations, low-stakes formative assessment, or AI-generated quizzes for non-critical soft skills.
  • Chatbots for course selection or FAQ support (assuming careful privacy and transparency controls).

Sounds messy. Who's job is it?

Building responsible AI into organisational culture is a shared, cross-functional responsibility, and vested in specific roles. These are examples of roles and responsibilities we’ve seen in organisations we’ve partenred with:

  • AI ethics officers/champions. More and more organisations are appointing AI ethics officers or designate individuals to lead policy development, training, incident response, and internal/external engagement on AI ethics.
  • The existing People Function.  These are existing HR roles with new responsiblities. For example, roles responsible for updating job descriptions, performance frameworks, and capability maps, should be including AI risk, ethical fluency, and digital skills as core competencies for leaders and relevant technical and non-technical team members. 
  • Risk, compliance, and internal audit teams. If not already existing, these team members integrate AI-specific risk registers and assurance frameworks (e.g. ISO/IEC 42001, NIST AI RMF) with enterprise risk and compliance systems.
  • Leadership and governance forums. Setting up a leadership team with reps across functions will ensure that AI ethics, risk, and compliance feature in strategic planning, procurement, incident review, and continuous organisational learning. 
  • Team member networks and communities of practice. Team members are empowered to challenge AI outputs, escalate concerns, and contribute to peer learning about emerging AI risks and ethical dilemmas.
 

Effective AI governance is never an “add-on”. It is fully integrated into every stage of the learning, risk, and innovation lifecycle, as seen in best-in-class case studies above.

AI’s role in enhancing ethics and compliance learning

Ironically, AI itself is revolutionising the delivery, impact measurement, and accessibility of ethics and compliance training. By leveraging adaptive learning, real-time analytics, and conversational interfaces, organisations can deliver more effective, engaging, and personalised compliance and values training:

  • Adaptive AI-powered training platforms tailor learning paths to individual employee needs, providing targeted interventions for those who need extra support.
  • Personalised feedback and automated scenario quizzes enable higher engagement and retention.
  • Language and accessibility support allow for wider inclusion and real-time translation, which helps ensure fairness.
  • Analytics dashboards enable L&D teams to spot areas where learners are struggling with ethical concepts, upgrading content and providing targeted coaching.
  • Automated reporting supports continuous monitoring, incident investigation, and data-driven improvement.
 

However, these benefits are realised only when AI-enhanced training is itself designed and governed using clear ethical rules, privacy, and fairness controls. Team members are always able to challenge, query, and contest AI-generated feedback, mirroring the organisational values at play.

Barriers and practical solutions

Despite growing consensus on the importance of AI ethics and risk-driven L&D, many organisations face real-world barriers to progress:

  • Awareness and literacy gaps. Many team members, including senior leaders, have not yet received any practical training in AI risks, human-in-the-loop principles, or ethical frameworks.
  • Resource constraints. Competing priorities, team bandwidth, and limited skills capacity restrict the speed at which new L&D modules can be rolled out.
  • “Ethics is someone else’s job”. In organisations where risk and values are not widely shared, team members may expect technologists, vendors, or compliance officers to “own” AI risk.
  • Pace of AI evolution. Regulations, tools, and risks keep changing, making it hard for static curricula to keep up.

The future of AI in L&D, risk culture, and organisational ethics

Embedding AI risks and ethics into organisational culture is now a mission-critical priority for every organisation that hopes to thrive in the digital age. We believe the most successful organisations will be those that:

  • Treat AI risk as an enterprise-wide, lived concern crossing all functions, roles, and layers of decision-making.
  • Invest in practical, adaptive, and accessible L&D programs that address both the risks and the ethical opportunities of AI.
  • Align AI strategy with best practices, including the Australian AI Ethics Principles, AS ISO/IEC 42001, NIST AI RMF, and practical assurance frameworks.
  • Involve real people. Leaders, managers, team members, and communities of practice should all be involved in monitoring, revising, and continuously improving their approach to responsible AI.
  • Recognise that responsible AI is not just about risk mitigation, but an engine for trust, innovation, and value creation.

With deliberate, values-driven leadership, focused risk management, and high-impact learning and development, organisations can lead the way in responsible AI culture, making it a part of everyday work, and confidence in a future shaped by responsible technology.

Need further support?

Our team are well-equipped to build and support your learning requirements. Every organisation is different so it starts with a conversation so we can best assess your needs and where we might add value. Our team are constantly scanning and interacting with new players in the learning technology market, and we’re well equipped to provide you with strategic learning technology advice. Please contact us with your enquiry.

The content on this page was last updated on 24 March 2026.

Contact us

References

Utilising ethical AI in the Australian education system: Generative AI framework. Australian Human Rights Commission. 2023

Policy for the responsible use of AI in government. Digital Transformation Agency. 2024. 

Australia’s artificial intelligence ethics principles. Department of Industry, Science and Resources. 

Ethics of AI: Guide L&D with responsible adoption. eLearning Industry. Masero, R. 2024

How organizations build a culture of AI ethics. Ideas Made to Matter. MIT Sloan School of Management. 2025.

Australian community attitudes to privacy survey 2023. Office of the Australian Information Commissioner.https://www.oaic.gov.au/engage-with-us/research-and-training-resources/research/australian-community-attitudes-to-privacy-survey/australian-community-attitudes-to-privacy-survey-2023

28th annual global CEO survey – Australian insights. PwC Australia. 2025 https://www.pwc.com.au/media/2025/pwc-28th-global-ceo-survey-au.html

Share this Blog Post

Facebook
Twitter
LinkedIn

More Articles and Posts

Commonly confused terms in learning, capability and workforce transformation

The language of learning, capability and transformation can get messy quite quickly. Not because people are careless, and not because one team is right and another is wrong, but because these projects sit across a lot of different disciplines. HR brings one lens. L&D brings another. Technology, operations, risk, change and leadership all carry their own shorthand. Vendors add another layer again.

So when a sponsor says “capability”, a learning lead says “capability”, and a workforce team says “capability”, they may all be talking about slightly different things. The same goes for simple terms like ‘KPI’, ‘procedure’, or ‘transition state’. The words are familiar, but the intent behind them is not always shared.

Read More
Selecting the right elearning development tool for your project

Elearning authoring tools. Selecting the right one for your project.

There is no universal “best” authoring tool.  But there is a best tool for your project. Picking the wrong one costs time, money, and a sub-standard learning experience.

In this post, we give our take on 7 elearning authoring tools, and our thoughts on what makes each of them suitable for common elearning project requirements.

Read More