Toward a Cognitive Theory of IT Governance

1. Writing as a cognitive advantage

AI can now produce drafts, summaries, and variations at very low cost. That changes the value of professional writing.

The advantage moves toward the human ability to frame the right problem, connect distant concepts, and express judgment with precision. A good article, memo, policy, or decision record is no longer valuable because it contains words. It is valuable because it structures thought.

Writing becomes a governance capability when it helps an organization clarify:

• what problem is being addressed
• what assumptions are being made
• what decision is required
• who owns the outcome
• what evidence supports the direction
• what should be reviewed later

This is especially important in AI-enabled organizations. AI can generate more options than leadership can absorb. It can accelerate analysis, automate workflows, and produce recommendations at scale. That makes judgment more important.

Governance needs the same discipline as good writing. It must reduce noise, clarify meaning, and make decisions inspectable.

2. Governance is a thinking system

A mature governance system senses what is happening in the organization. It interprets signals, directs attention, decides what matter, assigns responsibility, acts through people, processes, architecture, and controls. Therefore it observes results and learns from outcomes.

Seen this way, governance becomes the enterprise’s way of thinking under constraints.

This framing matters because many governance failures are cognitive failures.

Technology environments now change too quickly for governance to depend on slow correction. The organization needs better perception, better interpretation, and better memory.

3. Theory of mind and the hidden layer of governance

When you enter the world of AI, you quickly meet concepts that originally come from cognitive science. One of the most important is the theory of mind.

In cognitive science, theory of mind is usually defined as the capacity to infer and reason about the beliefs, desires, intentions, and knowledge states of other actors. In human-AI interaction, this idea is being extended into mutual theory of mind, where humans form expectations about AI systems, and AI systems are designed to respond to human goals, context, and expectations.

This is highly relevant to governance.

Governance problems often come from hidden assumptions:

• Who believed the system was approved?
• Who assumed the risk was low?
• Who thought the decision belonged to someone else?
• Who believed the AI output was only advisory?
• Who understood the limits of the model?
• Who had the authority to override the recommendation?

Theory of mind gives governance a useful vocabulary for these questions. It brings intent, belief, expectation, trust, delegation, and misunderstanding into the governance conversation.

This matters even more with AI agents and automated decision flows.

When an AI system supports or initiates action, governance needs clarity on what the system is allowed to infer, suggest, execute, escalate, or stop. Human oversight depends on more than a person being somewhere in the loop. It depends on whether the human understands the system’s role, the system’s limits, and the decision context.

Poorly calibrated trust becomes a governance risk.
Unclear delegation becomes a governance risk.
Hidden assumptions become governance risks.
Ambiguous accountability becomes a governance risk.

Theory of mind helps explain why.

4. Cognitive models as governance lenses

The literature on consciousness and cognition is useful for governance, but only when handled carefully.

The point is not to argue that enterprise AI is conscious. The value for the cognitive models is to provide language for attention, integration, prediction, monitoring, error correction, and learning. Because those are also governance functions.

Global workspace models are useful because they describe how information becomes available across a broader system. In governance terms, this resembles escalation, shared visibility, and executive attention. A signal may exist locally, but it only becomes governable when it becomes visible to the right decision system.

Predictive and free-energy models are useful because they focus on prediction, uncertainty, error correction, and adaptation. In governance terms, this resembles monitoring, risk sensing, incident learning, and adaptive control. The organization forms expectations, observes deviations, updates its model, and changes behavior.

Integrated information ideas are useful as a reminder that system behavior cannot always be understood by examining isolated components. This is directly relevant to AI, cloud, data, and automation. A model, dataset, interface, workflow, and user behavior can create combined effects that no single team fully owns.

These models should not be treated as governance templates. They are better used as lenses. They help governance leaders ask sharper questions:

• What signals deserve attention?
• What information needs to be shared across functions?
• What assumptions should be updated?
• What weak signals indicate drift?
• What events require escalation?
• What evidence should be preserved for later review?

A governance system that cannot answer these questions will struggle in AI-enabled environments.

5. Decision quality as the unifying concept

Decision quality is the practical theory of everything for IT governance.

If we look at some main domains of IT Governance then we can explain each domain as follows:

Business alignment asks whether decisions support strategic priorities.
Resource optimization asks whether money, time, and capacity are used well.
Architecture asks whether local choices still support enterprise coherence.
Data governance asks whether information is reliable, protected, and usable.
Risk governance asks whether exposure is understood and accepted by the right people.
AI oversight asks whether automated and assisted decisions remain transparent, accountable, and controlled.
Benefits realization asks whether expected value becomes actual value.

These are different governance concerns, but they converge around one question:

Can the organization make good technology decisions repeatedly under changing conditions?

A weak governance system may still produce activity where projects move, new tools get bought, AI pilots launch or dashboards fill with metrics. Yet decision quality may remain low. The organization may still struggle to explain why work exists, how it supports business goals, who owns the outcome, and what evidence proves value.

A stronger governance system improves the quality of decisions by making five things clearer:

1. Intent
   What business outcome are we trying to support?

2. Evidence
   What do we know, and what are we assuming?

3. Ownership
   Who has authority, and who remains accountable?

4. Trade-off
   What are we choosing, and what are we choosing against?

5. Learning
   What will we review after action has been taken?

So the governance becomes cognitive. It helps the organization think before it acts, remember why it acted, and learn from what happened.

6. Toward a practical theory of everything

A practical theory of everything for IT governance does not need to explain every method, framework, or operating model but it needs to connect the forces that shape enterprise decisions.

The useful model has five elements:

Goals

Goals define direction. Without goals, governance becomes procedural. The organization can approve work without knowing whether the work matters.

Perception

Perception shows what is happening. This includes portfolio visibility, data quality, architecture insight, operational signals, AI usage, cost patterns, risk indicators, and user impact.

Judgment

Judgment turns signals into decisions. This includes prioritization, risk acceptance, exception handling, funding choices, architecture trade-offs, and AI oversight decisions.

Ownership

Ownership makes decisions accountable. This includes decision rights, escalation paths, role clarity, business ownership, technical ownership, and human oversight responsibilities.

Learning

Learning improves the system after action. This includes benefits review, incident review, model monitoring, audit evidence, decision logs, and portfolio recalibration.

Most governance problems can be traced to weakness in one of these elements.

The organization may have goals but poor perception.
It may have perception but weak judgment.
It may make decisions without ownership.
It may act without learning.
It may learn locally without improving the wider system.

The theory becomes practical because it gives leaders a diagnostic lens.

When governance is failing, ask where the cognitive loop is breaking.

7. What this means for AI-enabled organizations

AI makes this governance lens more urgent.

As systems become more autonomous, governance must become more explicit about intent, evidence, escalation, and accountability. Informal assumptions become dangerous when actions scale quickly.

AI-enabled organizations need clarity on:

• what the AI system is meant to support
• what decisions remain human-owned
• what the system can recommend
• what the system can execute
• what evidence must be logged
• what must trigger escalation
• what level of uncertainty is acceptable
• what happens when outputs are challenged
• how behavior is monitored over time

A human needs an accurate model of the AI system’s capability and limits. The organization needs a clear model of the human’s responsibility. The AI system needs boundaries that reflect business intent, policy, and acceptable risk.

When those models are misaligned, governance weakens.

• Users may overtrust the system.
• Teams may assume the tool is approved.
• Managers may assume humans are reviewing outputs.
• Auditors may find that evidence was never preserved.
• Leadership may discover that AI adoption has already moved beyond its oversight model.

For European organizations, regulation adds another layer. The EU AI Act strengthens the need for risk classification, transparency, human oversight, monitoring, and documentation. These obligations increase the value of governance systems that can preserve evidence and explain decisions over time.

AI governance therefore cannot live only in policy documents. It needs operational memory, decision traceability, ownership clarity, and feedback loops.

8. Governance as organizational cognition

The idea of governance as cognition moves the focus from static control to decision quality. It connects IT governance with AI governance, data governance, architecture, portfolio management, and benefits realization. It also explains why writing, reasoning, and documentation still matter in an AI-saturated environment.

A decision record is not bureaucracy when it captures intent, evidence, ownership, and trade-offs.
A dashboard is not reporting when it directs attention to misalignment.
A policy is not paperwork when it defines acceptable delegation.
An architecture principle is not theory when it prevents local decisions from damaging enterprise coherence.

These artifacts help the organization think.

The same is true for AI oversight. Model cards, prompt versioning, approval records, human review logs, data lineage, and incident reviews all contribute to institutional cognition. They help the organization remember what was intended, what changed, what was observed, and what needs correction.

This is how governance becomes practical intelligence.

9. Closing perspective

IT governance is often discussed through roles, processes, frameworks, and controls. Those elements still matter. They gain deeper value when seen as parts of a cognitive system.

The enterprise must perceive signals, interpret meaning, make decisions, assign responsibility, act, monitor results, and learn as AI increases the speed and scale of this loop. It also increases the cost of poor judgment.

That makes decision quality the unifying concept.

A useful theory of everything for IT governance is to define a disciplined way to connect goals, perception, judgment, ownership, and learning.

Theory of mind adds the hidden layer. It explains why intent, belief, trust, delegation, and accountability matter so much when humans and AI systems act together.

The next step in IT governance is a better model of cognition: attention, memory, intent, oversight, and learning.

That is where theory of mind and AI governance finally meet.

Further reading

• Theory of mind: mechanisms, methods, and new directions
• Theory of Mind in Human-AI Interaction
• Mutual Theory of Mind in Human-AI Collaboration
• Consciousness and the Global Neuronal Workspace
• The free-energy principle: a unified brain theory?
• NIST AI Risk Management Framework
• European Commission: AI Act regulatory framework