Existing AI governance frameworks treat governance domains as parallel assessment tracks or sequential lifecycle stages. None identified in this review forces domains to systematically interrogate each other. This working paper proposes an objective-driven approach to holistic AI Governance, Risk, and Compliance (GRC) that draws on three established methodologies from outside the AI governance field: Systems-Theoretic Process Analysis (STAMP/STPA) for interrogation logic, Joint All-Domain Operations (JADO/MDO) for the operational principle of multi-domain simultaneous assessment, and the Swiss Cheese Model for layered defense architecture. The paper identifies four structural obstacles to holistic AI GRC and proposes a six-layer operational cycle driven by organizational objectives rather than static frameworks. Governance performance is measured across multiple dimensions simultaneously, with different dimensions doing different work at different stages of the cycle. Enforcement type is positioned as a cross-cutting dimension rather than a standalone domain, spanning policy, process, contractual, and architectural enforcement. The paper concludes with illustrative questions designed to demonstrate the kind of cross-domain thinking holistic AI GRC demands. The architecture described here has been operationalized into a working diagnostic and assessment system and is now entering early pilot testing.
Ryan James Purdy (Tue,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: