AI Adoption in State and Local Government: 9 Risks That Could Impact Your Controls and Compliance

Key Takeaways:

• AI adoption in state and local governments is introducing new risks across governance, internal controls, data management, and compliance.

• Decentralized use, weak oversight, and evolving vendor and regulatory landscapes are increasing financial and operational exposure.

• Strengthening governance frameworks, cybersecurity alignment, and internal controls can help you manage risk while capturing AI’s benefits.

—

State and local governments (SLGs) are adopting artificial intelligence (AI) at a rapid pace. The technology’s value is clear — enhanced fraud detection, streamlined service delivery, improved customer service, and more efficient operations. However, AI adoption is also creating new deficiencies, gaps, and risks that leaders cannot ignore.

For CFOs, finance directors, and city managers, AI is no longer an IT‑only conversation. It’s a financial, operational, and compliance issue with long-term implications.

Here are nine risks you should be actively evaluating and how they could impact your controls, compliance, and financial oversight:

1. Decentralized Adoption Is Creating Shadow AI Environments

SLGs are implementing AI for public engagement, call centers, and workflow automation. Yet much of the adoption is occurring outside formal governance structures.

You may be seeing:

• Employees using unsanctioned or consumer-grade AI tools without oversight

• Department-driven adoption that creates inconsistent practices across your organization

• Limited visibility into how AI tools access, process, or store data

These shadow AI environments create gaps in access controls, data protection, and auditability, expanding your risk exposure in ways that are difficult to monitor or manage.

2. Internal Control Deficiencies Are Emerging Across SLGs

Governance remains the biggest structural barrier to responsible AI use.

Common challenges include:

• No centralized inventory of AI tools, limiting accountability and internal audit readiness

• Lack of sanctioned, secure platforms for AI use

• Inconsistent access controls and authentication protocols across departments

• Minimal or no audit trails for how AI systems generate outputs

• Significant training gaps — according to a MissionSquare Research Institute survey, roughly 60% of SLG employees using AI report no formal training.

For finance leaders, these issues directly affect your internal control reliability, accuracy of financial and operational reporting, and compliance with federal and state requirements.

3. AI Use Is Increasing Civil Rights, Privacy, and Data Governance Risks

SLGs often deploy AI using sensitive or personally identifiable information. Many states have issued executive orders or guidelines highlighting:

• Risks to civil rights and equity in automated decisions

• Privacy concerns in data sharing and model training

• Unclear or inconsistent definitions of AI across states, complicating procurement and compliance

Without strong internal controls and governance, AI systems may expose your government to legal, ethical, and financial liabilities.

4. Technology Infrastructure and Data Quality Limit Safe AI Expansion

AI is only as strong as the data and systems supporting it. Many agencies still operate on legacy infrastructure, fragmented data systems, and outdated applications.

Risks often emerge from:

• Inadequate infrastructure that acts as a barrier to safe AI adoption

• Poor data hygiene that increases the likelihood of biased or incorrect outputs

• Lack of data standardization that prevents meaningful validation of AI models

For finance leaders, poor data quality amplifies risks in eligibility determinations, billing, collections, budgeting, and revenue forecasting.

5. Limited Controls Over AI Outputs Create Operational and Compliance Risks

Confidence in using AI for official decision-making remains low for good reason:

• Human‑in‑the‑loop processes are often informal or nonexistent

• Few SLGs have implemented model risk management frameworks commonly used in regulated industries

• Output monitoring, exception review, and change controls remain inconsistent

These gaps create risk in areas such as benefit eligibility, permitting, resource allocation, and enforcement actions — with direct financial and compliance implications.

6. Procurement and Vendor Oversight Risks Are Expanding

SLGs face unprecedented challenges in contracting for AI solutions, including:

• Procurement standards for AI tools remain inconsistent or unclear across states

• Many contracts lack adequate safeguards governing data rights, model transparency, and risk sharing

• Vendor-controlled models often create supply chain vulnerabilities and impede internal auditability

• AI impact assessments are still rare, though regulatory interest is increasing (state legislators considered over 150 bills relating to government use of AI in 2024)

For finance leaders, insufficient oversight creates long‑term cost and compliance exposure.

7. Policies Lag Behind Real‑World Adoption

While many states have issued AI guidance or executive orders, most emphasize exploration rather than enforceable controls.

Activity is outpacing accountability:

• Definitions, standards, and risk frameworks vary widely

• Many agencies are launching pilots without guardrails, increasing the likelihood of mission creep or inconsistent practices

• A few states, including Texas and New York, are developing governance bodies and audit mechanisms that may become future benchmarks

SLG finance leaders will increasingly be expected to help drive the development of internal control frameworks that align with these emerging standards.

8. Workforce and Change Management Risks Require Proactive Planning

AI is reshaping how employees perform work across departments, yet many agencies lack structured change management plans.

Where organizations are feeling the strain:

• Skill gaps are widening, especially in data literacy and AI oversight

• Employees may overrely on AI outputs or lack clarity about acceptable use

• Unions and worker advocacy groups are raising concerns about staffing, training, and collective bargaining rights

As stewards of financial sustainability, CFOs and city managers will need to anticipate workforce impacts and budget accordingly.

9. Fiscal and Long‑Term Sustainability Risks Are Mounting

As vendors evolve business models, SLGs face new and unpredictable financial dynamics:

• Usage-based pricing models create uncertainty in budgeting

• Compliance-related investments may grow as federal and state standards evolve

• Failed pilots, misaligned tools, or inadequate planning can result in cost overruns or diminished service delivery

These fiscal uncertainties reinforce the need for robust governance frameworks and clear return‑on‑investment assessments.

Cybersecurity Risks Intensifying With AI Adoption

The same technologies that improve efficiency can also introduce new vulnerabilities if your infrastructure and controls are not aligned.

• Legacy infrastructure is a barrier — and a cyber risk multiplier: Outdated systems, fragmented data, and inconsistent security practices create vulnerabilities that AI will expose rather than resolve. Poor cyber hygiene undermines internal controls and elevates the risk of cyber incidents linked to AI-enabled systems. Finance leaders must ensure cybersecurity investments are integrated with AI governance efforts.

• AI expands the threat surface as SLGs digitize at scale: AI-enabled tools increase the volume of sensitive data processed and the number of systems connected to public networks. SLGs are experiencing larger attack surfaces, more third‑party integrations, and increased aggregation of sensitive and high‑value data. Without unified cybersecurity frameworks, these deployments introduce new compliance and incident response challenges.

• Fiscal uncertainty and vendor risk are growing: AI-related spending remains volatile. Pricing models are evolving rapidly across vendors, poorly scoped contracts can result in unexpected ongoing costs, and many procurement processes still lack AI-specific risk clauses or performance requirements. Finance leaders must ensure contracts include clear data rights, service‑level expectations, and model transparency provisions.

How AI Can Help Strengthen Internal Controls and Cyber Resilience

Despite the risks, AI also offers transformative opportunities to improve controls and cybersecurity, including:

• Continuous monitoring of cybersecurity events

• Automated detection of anomalies and fraud

• Enhanced case management and documentation accuracy

• Policy and compliance automation

• Predictive maintenance for critical infrastructure

The SLGs that build strong governance foundations will capture these benefits while minimizing risk.

MGO Can Support Your Government in Responsible AI Adoption

Our State and Local Government Consulting team, which includes former public sector executives and national practice specialists, can help you assess, design, and strengthen internal controls, cybersecurity postures, and governance frameworks.

Our support includes:

• Establishing AI governance councils

• Developing AI inventories and impact assessments

• Building ethical AI frameworks aligned with NIST AI RMF and ISO 42001

• Designing human‑in‑the‑loop controls and output review processes

• Standardizing procurement and vendor risk management

• Deploying technology platforms for AI model governance

• Delivering staff and leadership training programs

Reach out to our team today to learn how we can help you increase resilience in a continually evolving threat environment.