In contemporary practice, the sequence in which enterprise AI governance controls become active plays an increasingly important role. Enterprise legal instruments, standards, and policies assign responsibility for risk management, documentation, oversight, accountability, supply chain assurance, and monitoring, but do not prioritize specific controls based on varying degrees of exposure and readiness. The research problem asks what constitutes the most defendable sequence for implementing AI controls as the initial phase of enterprise governance, when governance value (including regulatory exposure, accountability preparation, evidence maturity, functional sensitivity, and implementation burden) is considered collectively. CEID-36 represents thirty-six AI use cases in financial, HR, procurement, operations, customer service, and compliance applications. For this study, the analytical technique employed involves the use of BWM-DEMATEL-TOPSIS calculations to generate a criterion set (BWM), identify the relationship of criteria to each other (DEMATEL), and assess the relative importance of control options (TOPSIS). The entropy method was applied to adjust the criterion signal to CEID-36; RAP converts criterion value into sequence preference, and a 5,000 run perturbation test provides a confidence range for criterion stability. The findings demonstrate a strong divergence between governance value and first-phase installation criteria. Regulatory-risk exposure is found to be the leading adjusted DEMATEL criterion (weight = 0.262). The highest initial BWM weight goes to risk and compliance criticality (weight = 0.281). AI risk inventory represents the first TOPSIS ranked control option (score = 0.781). With functional exposure and readiness factored in, authority charter and ownership map emerges as the first installable control (RAP score = 0.428); second, third, and fourth installables are risk inventory and tiering (0.348), impact assessment procedure (0.322), and control reassessment calendar (0.314), respectively. It can be concluded that in phase one of AI governance, a coupled operating spine of accountability and visibility should form the foundation for any later developments in traceability, oversight, and supply chain assurance.
In contemporary practice, the sequence in which enterprise AI governance controls become active plays an increasingly important role. Enterprise legal instruments, standards, and policies assign responsibility for risk management, documentation, oversight, accountability, supply chain assurance, and monitoring, but do not prioritize specific controls based on varying degrees of exposure and readiness. The research problem asks what constitutes the most defendable sequence for implementing AI controls as the initial phase of enterprise governance, when governance value (including regulatory exposure, accountability preparation, evidence maturity, functional sensitivity, and implementation burden) is considered collectively. CEID-36 represents thirty-six AI use cases in financial, HR, procurement, operations, customer service, and compliance applications. For this study, the analytical technique employed involves the use of BWM-DEMATEL-TOPSIS calculations to generate a criterion set (BWM), identify the relationship of criteria to each other (DEMATEL), and assess the relative importance of control options (TOPSIS). The entropy method was applied to adjust the criterion signal to CEID-36; RAP converts criterion value into sequence preference, and a 5,000 run perturbation test provides a confidence range for criterion stability. The findings demonstrate a strong divergence between governance value and first-phase installation criteria. Regulatory-risk exposure is found to be the leading adjusted DEMATEL criterion (weight = 0.262). The highest initial BWM weight goes to risk and compliance criticality (weight = 0.281). AI risk inventory represents the first TOPSIS ranked control option (score = 0.781). With functional exposure and readiness factored in, authority charter and ownership map emerges as the first installable control (RAP score = 0.428); second, third, and fourth installables are risk inventory and tiering (0.348), impact assessment procedure (0.322), and control reassessment calendar (0.314), respectively. It can be concluded that in phase one of AI governance, a coupled operating spine of accountability and visibility should form the foundation for any later developments in traceability, oversight, and supply chain assurance.
