Journal of Engineering Research and Reports

Businesses are quickly implementing generative artificial intelligence in clinical, financial and operational processes. Nonetheless, the systems of governance in regard to safe deployment and fine-tuning are still disjointed. This scoping review mapped research on the empirical evidence of the generative AI governance models in enterprises that deal with sensitive data. The study used a Population-Concept-Context framework to direct the study, and findings were presented in line with the PRISMA-ScR guidelines. A thorough search was performed in IEEE Xplore and the ACM Digital Library between 2015 and 2025, and 18 eligible studies were obtained after a two-step screening. Most of the researches were launched in the area of regulated healthcare with additional support of banking and enterprise security. Excellent governance centres on lifecycle compliance frameworks which entrench privacy-by-destruction, secure on-premise or federated fine-tuning, and alignment with regulatory obligations. It was found that domain-constrained generation and human persistence were essential to curb errors, bias, and unsafe generation. Post-deployment assurance was based on multi-layered auditing, which involved adversarial testing, expert review, and continuous quality metrics related to escalation pathways. The gaps in the evidence reported are the lack of cross-sectoral comparisons, the lack of prospective evaluations, and poor reporting of failures or near-misses. This research recommends that enterprises and regulators handling sensitive data should mandate board-level AI governance: inventory risks, restrict deployments, and continuously audit for leakage, bias, and drift.