Why NFP Boards Are Finally Talking About AI — And What the Finance Team Should Do Before They Ask

Date: 13 April 2026  |  By: Timothy, CPA — Managing Director, Professional Financelink (PFL)
Note: The scenarios in this post are based on real experiences — mine and those shared by colleagues across the NFP sector. Details have been modified slightly to protect confidentiality, and I've used a first-person perspective throughout for readability.
NFP board AI governance Australia 2026

It's happening more often now. A board member reads something about AI in the AFR or hears a presentation at a sector conference, and suddenly there's an agenda item: "What is our position on artificial intelligence?"

For the finance team sitting in the room, this moment can go one of two ways. Either you're prepared — with a clear view of what AI is already being used in the organisation, what the risks are, and what governance gaps need addressing — or you're scrambling to answer a question you haven't fully thought through yet.

I've been in both situations. The prepared version is considerably more comfortable.

This post is about getting ahead of that conversation — specifically, what NFP finance teams should be thinking about before the board starts asking.

Why NFP Boards Are Starting to Ask About AI

The short answer: the regulatory environment is catching up with practice.

In February 2025, Australia signed the Statement on Inclusive and Sustainable Artificial Intelligence, committing to AI governance frameworks that are ethical, safe, and human-rights based. The Australian Government's APS AI Plan — led by the Department of Finance — launched in 2025 and began active trials in April 2026. When the federal government is mandating AI capability requirements for public servants and embedding AI governance into the Department of Finance's remit, it sends a clear signal to the broader sector.

For NFPs and registered charities specifically, the connection to existing governance obligations is direct. The ACNC's Governance Standard 5 requires responsible persons to act with reasonable care and diligence — a duty that legal commentary has increasingly confirmed extends to technology and AI decisions. An NFP board that hasn't considered how AI is being used inside its organisation, and what risks that creates, is not meeting the spirit of that standard.

That's not a hypothetical risk. It's a governance gap that regulators are increasingly equipped to identify.

What "AI Governance" Actually Means for an NFP

The phrase sounds more complicated than it needs to be. In practice, AI governance for an NFP means being able to answer three questions clearly:

  • What AI tools is the organisation using, and who approved them? This includes everything from staff using Claude or ChatGPT for drafting, to AI features embedded in your HRIS, payroll system, or case management platform.
  • What data is going into those tools, and is it appropriate? Participant data, staff records, financial information — the Privacy Act applies, and the ACNC's External Conduct Standards are relevant if any data crosses international borders (which cloud AI tools routinely do).
  • Who is accountable? Governance frameworks emerging across the sector recommend formally appointing a person accountable to the board for all AI decisions, with documented rationale kept in an AI register.

If your organisation can't answer those three questions today, that's useful information — and it's better to know before a board member asks than after.

Where the Finance Team Fits In

Finance sits at an interesting intersection here. On one hand, the finance function is one of the more natural early adopters of AI in an NFP — the use cases (drafting, summarising, variance commentary, contract review) are practical and low-risk when handled correctly. On the other hand, finance also handles some of the most sensitive data in the organisation: payroll, funding agreements, grant reporting, board papers.

That combination means the finance team is well-placed to lead — or at least meaningfully contribute to — the organisation's AI governance thinking. Not because finance should own the entire AI strategy, but because the questions finance has already had to answer (what tools are we using, what data are we putting in, are we comfortable with where it goes) are exactly the questions the rest of the organisation needs to work through.

There's also a practical dimension. If the board does ask for a position paper or a risk assessment on AI use, the finance team is one of the few functions with both the analytical capability and the cross-organisational visibility to pull that together credibly.

Five Things to Have Ready Before the Board Asks

  • An inventory of AI tools in active use. Start with the obvious ones — generative AI tools staff are using for drafting or summarising — and work outward to AI features embedded in existing software. You may find more than you expect.
  • A view on data classification. What information is going into AI tools, and how sensitive is it? The line between "anonymised for drafting" and "participant data in a cloud model" matters, and it needs to be drawn explicitly.
  • A policy draft or framework. It doesn't need to be comprehensive on day one. A one-page AI acceptable use policy, reviewed by your legal team, covers more than most NFPs currently have in place.
  • A designated responsible person. Someone needs to be accountable for AI decisions and able to report to the board on them. This doesn't have to be a dedicated role — but it does need to be explicit.
  • A risk register entry. AI-related risks — data privacy, model errors, reputational exposure — belong in the organisation's risk register. If they're not there, adding them is a straightforward starting point.
⚠️ Privacy note: When using any AI tool for finance or operational work, never input participant names, disability or health information, staff personal details, or identifiable client data into public cloud-based AI platforms. This applies regardless of which tool you're using. Build this as a non-negotiable habit before it becomes a policy.

The Finance Team's Opportunity

The NFP sector has historically been cautious about AI — and not without reason. The communities many NFPs serve are among the most vulnerable, and the consequences of AI misuse are not abstract. But caution without engagement is just delay. The organisations that do this well will be the ones that get ahead of the governance question rather than reacting to it.

For finance teams, the opportunity is to shape that conversation from a position of practical experience. Most finance functions are already using AI to some degree. The question is whether that use is documented, governed, and defensible — and whether the team is ready to explain it clearly when the board finally asks.

→ Related: How Finance Managers Are Really Using AI in 2026 — A CPA's Honest Breakdown
→ Related: Agentic AI — What It Actually Means for Your Finance Team

If your NFP board is starting to ask questions about AI governance and your finance function needs to get ahead of the conversation, PFL works with NFPs and NDIS providers on exactly this kind of practical readiness work.

Talk to PFL →
Timothy, CPA is an Australian finance leader with 20+ years of experience across NFP, NDIS and SME, and Managing Director of Professional Financelink (PFL), providing outsourced finance consulting and AI automation services to Australian SMEs, NDIS providers, and NFPs.
📚 Sources & References Regulatory details current as at April 2026.

Comments

Post a Comment

Popular posts from this blog

Google Gemma 4 Just Launched — And It Might Solve Finance's Biggest AI Privacy Problem

Image
Date: 16 April 2026  |  By: Timothy, CPA — Managing Director, Professional Financelink (PFL) ⚠️ AI privacy notice: This post discusses the use of AI tools for finance tasks. When using any AI tool — including local models described here — never input identifiable participant data, staff personal details, board-in-confidence material, or any information subject to confidentiality obligations without understanding exactly where that data goes and how it is handled. The boundary matters, regardless of which tool you use. There's a tension that most finance professionals who use AI haven't fully resolved yet. On one hand, AI tools are genuinely useful for finance work — drafting, summarising, reviewing contracts, analysing data. On the other hand, finance sits at the centre of an organisation's most sensitive information: payroll data, board papers, funding agreements, audit findings, legal correspondence. Putting that inform...
Read more

Claude vs Gemini for Australian Finance: An Honest Comparison After 12 Months of Using Both

Image
Date: 29 March 2026  |  By: Timothy, CPA  |  Managing Director, Professional Financelink (PFL) A note on data and confidentiality: The observations in this post are based on my personal use of these tools across various finance contexts over the past 12 months. In all cases where I've used AI tools with real financial data, I've either tested with anonymised data, synthetic test data, or information already in the public domain, and utilised temporary chats where possible so the data doesn't get saved anywhere. No confidential information has been used in any testing. If you're using AI tools in a professional finance context, I'd strongly recommend making this a standing practice in your own workflow — it's both good professional ethics and sensible risk management. One more thing worth flagging: if you're using any AI tool with work-related data, make sure you've either subscribed to an enterprise plan or disabled ...
Read more