How NYPA Manages AI Governance Inside ClearPoint

The New York Power Authority (NYPA) is the largest state-owned electric utility in the United States. It runs generation, transmission, and energy-efficiency programs across New York State — the kind of operating complexity where a new initiative rarely arrives alone. So when AI governance moved from a future concern to a present one, NYPA did not stand up a separate program to manage it. It used the system of record it already had: ClearPoint Strategy.

This is a short, honest look at how a large public power organization can run AI governance as part of its existing strategic management discipline — not as a bolted-on parallel process. Where a specific figure is still being confirmed with NYPA, we have said so plainly rather than guess. The point of the story is the operating pattern, and that pattern holds whether an organization governs three AI tools or thirty.

Why a separate AI governance system is the wrong instinct

The reflex, when a new compliance domain appears, is to build something new for it: a fresh spreadsheet, a separate owner list, a standalone review meeting. AI governance invites that reflex strongly, because it feels novel. But a parallel system is exactly what fails. It drifts out of date, it is owned by no one in particular, and when a board member or auditor asks "what is the status of our AI program," the answer has to be assembled by hand from a place no one looks at the rest of the year.

The alternative is to treat an AI initiative like any other strategic initiative: give it an owner, a status, a risk tier, measurable outcomes, and a review cadence — inside the same system you already use to run the rest of the organization. That is the move NYPA made, and it is one any public-sector organization with a strategy-management practice can make.

How AI governance runs inside ClearPoint

ClearPoint is a system of record for strategy and performance. The same structure that tracks an operational objective or a capital project works, without modification, for an AI initiative. In practice that means four things, and they line up cleanly with the four functions of the NIST AI Risk Management Framework — GOVERN, MAP, MEASURE, MANAGE.

• A named owner for every AI initiative (GOVERN). Accountability is assigned to a person, not a committee. Each entry carries who is responsible for its performance, its risk, and its compliance posture — the single most important field, and the one most governance efforts get wrong.
• One catalog of AI initiatives (MAP). Every AI tool and use case lives in the same initiative portfolio, with its department, purpose, data sensitivity, risk tier, and current status. This is the inventory that everything else depends on — you cannot govern what you have not first written down.
• Status and risk you can actually see (MEASURE). Outcome and risk indicators are tracked against targets, so leadership sees what is on track, what is drifting, and what is overdue — across the whole AI portfolio at once, not tool by tool.
• A documented response when something slips (MANAGE). When an indicator goes off track, a corrective action is created with an owner and a due date, and the record of detection-to-resolution stays attached. That trail is the evidence regulators and auditors ask for.

None of this is a special "AI module." It is ClearPoint's general strategy-execution model — owners, statuses, risk tiers, and reporting — applied to a new domain. That is precisely why it scales: nothing new has to be invented to add the next AI initiative.

Board-ready reporting in minutes, not days

The payoff most leaders feel first is reporting. Because the AI portfolio lives in the same system as everything else and is updated as work happens, a board-ready summary is an export, not a week of assembly. When a board or an auditor asks where AI governance stands, the report is pulled from live data — initiative status, performance against targets, open risks, and the compliance trail — in minutes, not days.

ClearPoint's built-in AI assistant sharpens this further. ClearPoint AI can draft executive and board report summaries — the wins, the red flags, where attention is needed — and turn recommendations into tracked action items with owners and due dates. (ClearPoint is SOC 2 and CCPA aligned, and never trains its models on customer data.) The effect is that the reporting layer assembles itself, instead of consuming the days before every board meeting.

One system for strategy, compliance, and AI governance

For a utility, AI governance is not the only reporting obligation, and it is not the most demanding one. The advantage of running AI governance in the same system of record as the rest of the organization's strategy and compliance work is structural: shared review cadences, one audit trail, and consistent ownership across domains. Adding AI governance becomes an evolution of an existing discipline rather than a new program competing for attention.

The broader lesson for public-sector AI governance

NYPA's instinct — inventory first, then govern from your existing system — is the same conclusion the evidence keeps reaching. You cannot govern what you have not catalogued, and most organizations have not catalogued it. The U.S. Government Accountability Office found that only 5 of 20 federal agencies it reviewed kept a complete and accurate inventory of their AI use cases. Closer to NYPA's own backyard, the New York State Comptroller's office reported in 2025 that the state's AI policy "lacks adequate guidance" and that the Office of Information Technology Services "does not have an inventory of AI systems in use by state entities." A policy can exist on paper and still produce no governance, because governance starts with knowing what you have.

This is why the inventory is the first function of every serious framework. In the NIST AI RMF, MAP — establishing context and cataloging your systems — is the foundation that MEASURE and MANAGE are built on, while GOVERN (culture, policy, and accountability) runs across all three. An AI initiative with no owner and no entry in a catalog is, by definition, ungoverned.

And the failure point is almost always ownership, not tooling. The pattern is visible at scale in ClearPoint's own platform data.

Across 562 organizations and 360,000+ tracked measures, 76.5% of measures have no active owner — and measures that do have an owner are roughly 2.2× more likely to be on track (23.6% vs 10.6%). AI governance does not escape that gravity. The organizations that will govern AI well are the ones that already make ownership visible: every initiative has a name attached, a status anyone can read, and a report that pulls itself together.

What other public-sector organizations can learn

The takeaway from NYPA's approach is not utility-specific. Whether you are a city, a county, a health system, a university, or a state agency, the operating pattern is the same five moves:

1. Inventory every AI tool — sanctioned, embedded, and shadow — in one catalog.
2. Assign a named owner to each one. A tool no one will own should not keep running.
3. Track status and risk against targets, so drift is visible before it becomes an incident.
4. Respond on the record when something slips — owner, due date, audit trail.
5. Report from live data, in the same system you use for the rest of your strategy.

Do all five in one place, and AI governance stops being a separate burden and becomes a view into work you are already managing. For the full framework behind these moves, see our complete 2026 guide to AI governance and the deeper dive on why an AI initiative inventory is the first step to governance. And to see how this fits into a broader strategy-management practice, start with the comprehensive guide to strategic planning.

Frequently asked questions

Is NYPA a ClearPoint customer?

Yes. The New York Power Authority — the largest state-owned electric utility in the United States — uses ClearPoint Strategy to manage strategic programs, including AI governance and compliance reporting, in a single system of record.

Can AI governance be managed in a strategic planning platform?

Yes. AI governance needs the same infrastructure as any strategic program: a named owner for each initiative, a catalog of what exists, status and risk tracked against targets, a documented response when something drifts, and board-ready reporting. A strategy-execution platform like ClearPoint already provides all of these, which is why a separate AI governance system is usually unnecessary.

How does running AI governance in ClearPoint map to the NIST AI RMF?

It lines up with all four functions. GOVERN is the named owner and accountability for each AI initiative; MAP is the single catalog of AI tools and use cases; MEASURE is the status and risk tracked against targets; and MANAGE is the documented corrective action with an owner and due date when something slips.

How fast can a board report on AI governance be produced?

Because the AI portfolio is updated as work happens and lives in the same system as the rest of the organization's strategy, a board-ready report is an export from live data — produced in minutes, not days. ClearPoint AI can also draft the executive summary, surfacing wins, red flags, and where attention is needed.

Why is an AI inventory the first step?

You cannot govern what you have not catalogued. The U.S. GAO found only 5 of 20 federal agencies kept a complete AI inventory, and in 2025 the New York State Comptroller reported the state had no inventory of AI systems in use by its entities. In the NIST AI RMF, cataloging your systems (MAP) is the foundation the other functions are built on.

Run AI governance from the system you already trust

The lesson from one of the country's largest public power organizations is straightforward: AI governance does not require new infrastructure. It requires extending the strategic-management discipline you already have — owners, statuses, risk tiers, and live reporting — to cover a new domain. If you want to see what that looks like for your own AI portfolio, book a short ClearPoint demo.