Taming the Dragon: Governance of Large Language Models (LLMs)

Large Language Models (LLMs) mark a departure from traditional software systems. Rather than being explicitly programmed, LLMs are trained - learning statistical patterns from massive datasets to generate responses. Their operation is fundamentally probabilistic, not deterministic, meaning the same input can yield different outputs depending on internal model variability. This unpredictability transforms the nature of IT governance. Conventional command-and-control approaches, built on predictable system behavior, are insufficient for systems whose outputs cannot be fully anticipated or controlled. Instead, governing LLMs requires a shift toward observe-and-respond strategies - emphasizing continuous monitoring, auditing, and adaptation to emerging behaviors.

For enterprises integrating LLMs into IT systems, this shift poses unique challenges for maintaining quality. Traditional IT quality practices - focused on stability, repeatability, and compliance with defined requirements - must adapt to account for variability, emergent behavior, and probabilistic outputs.

This paper examines the challenges of governing probabilistic, generative systems with a focus on their impact on enterprise IT quality. We explore risks such as accountability challenges and the limits of post-hoc oversight. In doing so, we surface critical questions and tensions at the intersection of AI capability, unpredictability, quality assurance, and governance.

Paper | Presentation

Rahul Ravel

As a Principal Technical Program Manager at Nike, he leads the development and implementation of enterprise-wide cybersecurity frameworks and policies. With over 20 years of experience in Program Management, he has a proven track record of delivering complex projects on time and within budget. He is passionate about leveraging technology to enhance business performance and drive innovation.

His expertise spans across various domains, including IT infrastructure, cloud computing, and software development. Mr. Ravel has successfully managed multiple projects involving compliance, data privacy, and disaster recovery, ensuring alignment with global standards and regulations. He is a certified Scrum Master and Product Owner, with a strong background in Agile methodologies and project management.