Aerospace AI Governance Series · Article 1 of 5

Why the SpaceX IPO Could Still Fail —
And It Has Nothing to Do With Rockets

Monte Fisher
Monte Fisher, CPA (Ret.), CFE · Lean Six Sigma Green Belt
Forensic Analytics · AI Governance · Former Shell GRC Manager (JV Board Level, SOX Compliance) · US Citizen · VCAnalytics.ai
June 2026· Aerospace AI Governance Series· 12 min read
$350B+
SpaceX estimated IPO valuation
6x
Major governance failures since Enron — each time "never again"
19yrs
Author's Shell GRC experience — what good governance looks like
Stakes if SpaceX's multi-planetary mission fails due to governance

Elon Musk may be the greatest operational executor of our generation. DOGE proved he can dismantle broken bureaucracy faster than anyone thought possible. The rockets work. The satellites work. The vision is real. None of that is what concerns me. What concerns me is the governance infrastructure required to take the most strategically important company in human history into public markets — and whether it will be built before regulators demand it, or after the first catastrophic incident.

I spent 19 years at Shell — as GRC Manager overseeing North America Retail Governance, Risk and Assurance, as Controller for 17 Joint Ventures at board level, managing SOX compliance at multi-billion dollar scale. I know what good governance looks like when it works. I have seen what happens when organizations moving fast treat governance as a post-growth problem.

I am not writing this to predict SpaceX's failure. I am writing it because the pattern I am seeing is one I have watched repeat itself across six major corporate collapses in 25 years — and this time, the downside is not just billions of dollars. It is humanity's access to space.

We Have Never Learned This Lesson. Not Once.

After every major governance failure of the last quarter century, the same thing happened. Investigations. Legislation. Congressional testimony. Promises. New frameworks. New oversight bodies. And then, within a decade, the same failure in a different industry with different names attached.

Enron (2001)
"Our controls are world class."
$63B collapse. Mark-to-market accounting used as fiction. Arthur Andersen destroyed. Sarbanes-Oxley passed. Everyone said never again.
WorldCom (2002)
"We have rigorous internal controls."
$11B accounting fraud. CEO sentenced to 25 years. More SOX reforms. Everyone said never again.
2008 Financial Crisis
"Our risk models are sophisticated."
$22 trillion in household wealth destroyed. Dodd-Frank passed. Entire banks nationalized. Everyone said never again.
Boeing 737 MAX (2019)
"Safety is our highest priority."
346 people died. MCAS software governance failed. FAA oversight hollowed out. $20B+ in losses. Everyone said never again.
Theranos (2018)
"We're changing the world."
$700M raised on claims no independent expert was permitted to verify. Founder convicted. Everyone said never again.
FTX (2022)
"We have industry-leading risk management."
$8B in customer funds missing. Zero segregation of duties. The governance gap was not an oversight — it was the design. Everyone said never again.

Notice the pattern. In every case, the governance failure was not hidden. The warning signs were visible to anyone applying a forensic lens. In every case, the people raising governance questions were marginalized, ignored, or simply not hired. In every case, extraordinary performance created a halo effect that made accountability feel like an insult.

"The absence of a governance crisis is not evidence that governance is working. It is often evidence that the crisis has not arrived yet."

And here is the uncomfortable truth about the United States Government itself: even the most scrutinized institution on earth — with inspectors general, the GAO, congressional oversight committees, and decades of accumulated compliance apparatus — still produces governance failures with stunning regularity. Pentagon programs billions over budget. Intelligence agencies with unchecked surveillance. Federal IT projects that deliver nothing after years of spending.

DOGE exposed exactly this. The waste was real. The bloat was real. The lack of accountability was real. Elon Musk walked into the federal government and found what any forensic accountant already knew was there — systems that had never been seriously audited, spending that had never been seriously questioned, and a culture that had confused process with governance for decades.

That is the point. If the US Government — with all its oversight machinery — cannot sustain governance discipline, what does that tell us about a private aerospace company moving at SpaceX speed, preparing for its first-ever public accountability?

What Makes Elon Musk Extraordinary — And Why That Is Not Enough

Let me be direct: I have genuine respect for what Elon Musk has built. Reusable rockets were considered impossible by serious aerospace engineers. Starlink has delivered internet connectivity to conflict zones, remote communities, and places that had never had reliable communications. Tesla forced an entire industry to take electric vehicles seriously. DOGE demonstrated that government waste could be confronted head-on by someone with the operational will to do it.

This is the distinction that matters: The skills that make you exceptional at dismantling broken systems — speed, instinct, intolerance for bureaucracy, willingness to override consensus — are different from the skills required to build governance infrastructure from scratch at public company scale. One requires a wrecking ball. The other requires an architect. Both are legitimate. They are not the same job.

DOGE was a demolition project. The SpaceX IPO is a construction project. Elon Musk has proven beyond any doubt that he is one of the greatest demolition operators in history. The question is whether the governance infrastructure required for a publicly traded aerospace company operating AI systems under ITAR, SEC, and FAA scrutiny simultaneously is being built with the same urgency that went into making Falcon 9 reusable.

From what I can evaluate as a forensic CPA and former GRC Manager — the answer is not yet clear. And "not yet clear" at IPO scale, with these stakes, is a governance gap.

Why SpaceX Is Different From Every Previous Case

Every governance failure I have listed above was catastrophic within its domain. Enron destroyed a company and an accounting firm. The 2008 crisis destroyed $22 trillion in household wealth. Boeing's failure killed 346 people. These were genuine disasters.

SpaceX operates at a different order of magnitude of strategic importance.

Starlink is now active communications infrastructure in active conflict zones. It is the backbone of Ukrainian military communications. It is being evaluated for US military applications that go far beyond commercial satellite internet. The AI systems managing constellation routing, bandwidth allocation, and ground station communications are not consumer software — they are strategic national security infrastructure.

Starship, if it delivers on its engineering promise, gives humanity the ability to become a multi-planetary species. That is not marketing language. That is the actual strategic significance of what SpaceX is building. The governance infrastructure protecting those systems — the AI audit trails, the export control compliance, the data sovereignty frameworks, the independent oversight mechanisms — carries stakes that dwarf anything the corporate governance failures of the last 25 years ever threatened.

When Boeing's governance failed, 346 people died. If SpaceX's governance fails at the wrong moment — in the wrong regulatory, national security, or operational context — the consequences are not bounded by a single aircraft program.

The Four Specific Gaps That Keep Me Up at Night

1. AI Systems Without Documented Governance Trails

SpaceX deploys AI across launch sequencing, Starlink constellation management, autonomous reentry, and routing decisions that have national security implications. Post-IPO, the SEC, FAA, and institutional investors will require documented evidence of how these systems make decisions, what the human oversight structure looks like, how model updates are controlled, and what the audit trail shows when something goes wrong.

NIST AI RMF, COSO GenAI guidance, and ISO 42001 all provide frameworks for this documentation. None of it can be retrofitted quickly after a public offering. It needs to exist before the S-1 is filed.

2. ITAR Compliance at AI Scale

International Traffic in Arms Regulations govern virtually everything SpaceX builds. A single documented ITAR violation — even an unintentional one traced to an AI system making a data routing decision without adequate export control governance — could trigger simultaneous DOJ and State Department scrutiny. The Boeing precedent is instructive: when governance gaps intersect with national security exposure, the institutional response is not proportional. It is existential.

3. Founder Concentration Risk

The same decision-making concentration that allowed SpaceX to move faster than any aerospace organization in history becomes a documented governance risk the moment shares are publicly traded. Post-IPO boards need independent authority that cannot be overridden by operational pressure. Audit committees need real teeth. This is not a criticism of Elon Musk. It is a description of what SEC examiners and institutional investors require — and what every founder-concentrated company that has gone public has eventually had to confront.

4. Starlink Data Governance

Tens of millions of customers across dozens of countries, including active conflict zones and sanctioned jurisdictions. Which governments can compel data disclosure? What is the retention policy for users in sanctioned territories? How are AI-driven routing decisions documented for regulatory purposes? These are not technology questions. They are GRC questions — and a public company needs documented answers before regulators ask them, not after.

What Good Governance Actually Looks Like — From Someone Who Has Seen It Work

At Shell, governance worked. Not because it was popular, not because it was fast, but because it was built into operations before it was needed. The SOX compliance apparatus, the JV board oversight frameworks for 17 Joint Ventures, the data privacy audit processes across multiple jurisdictions — these created friction. They slowed some decisions. They also prevented catastrophic exposure multiple times in ways that never made headlines, precisely because the controls caught the problems before they became incidents.

That is what good governance looks like. It is invisible when it works. It is catastrophic when it does not.

01

AI system documentation mapped to NIST AI RMF

Every AI system in operational use documented with risk tier, human oversight structure, model governance process, and full audit trail. The Govern, Map, Measure, Manage framework provides the structure. The implementation is what is needed.

02

ITAR-aware data classification for AI outputs

A governance layer classifying every AI-generated output by export control sensitivity, with automated controls preventing unauthorized transmission. This is a forensic accounting problem applied to data flows — exactly the methodology used in financial controls at Shell.

03

Independent board-level AI governance committee

A standing board committee with genuine independent authority over AI risk, data governance, and export compliance. Not advisory. Not ceremonial. Documented veto power over high-risk AI deployments. The JV board governance model at Shell is the structural precedent.

04

Forensic audit trail for every AI decision point

Every significant AI-assisted decision in safety-critical or national security-adjacent systems documented with model version, input data, output, and human review record. The CFE evidentiary standard applied to AI governance rather than financial fraud.

05

Vendor and supply chain AI due diligence

Every third-party AI vendor, data provider, and technology partner evaluated against a documented standard before integration into mission-critical operations. Not a checkbox. A forensic review.

The pattern always ends the same way: The governance failure that ends a great company is never the one anyone was watching for. It is the one that was documented as a known risk, deprioritized because the rockets were working, and left unresolved until a regulator, an incident, or a whistleblower made it impossible to ignore. At SpaceX's scale and strategic importance, that scenario is not just a corporate governance problem. It is a national security problem. It is a humanity problem.

The Perspective That Is Missing From This Conversation

Most analysis of the SpaceX IPO focuses on valuation multiples, Starlink revenue trajectory, and market timing. Financial analysts. Space industry journalists. Technology commentators. Nobody is applying a forensic GRC lens — asking the specific, uncomfortable questions about AI governance documentation, ITAR compliance at AI scale, and independent board authority that experienced institutional governance professionals would ask before recommending a $350B+ position to their clients.

That gap is where I sit. Nineteen years at Shell where governance worked at multi-billion scale. A CPA credential and CFE designation built specifically for forensic rigor. A GRC framework — FAIG — that maps directly to what aerospace companies need as they move into public market accountability. And the perspective of someone who has watched this pattern play out six times in 25 years and is watching the early chapters of a seventh.

I want SpaceX to succeed. The mission matters. Multi-planetary humanity is worth fighting for. That is exactly why the governance infrastructure needs to be built now — with the same ambition and urgency that went into every other problem SpaceX has decided to solve.

Elon Musk proved with DOGE that broken systems can be fixed when someone with the will to fix them decides to act. The governance gaps in the SpaceX IPO are fixable. The question is whether they get fixed before or after the first crisis forces the issue.

Also published at: AerospaceGovernance.com and SpaceGovernance.ai — the independent aerospace AI governance resource for executives, board members, and institutional investors evaluating post-IPO governance readiness.

Is your aerospace or defense organization ready for post-IPO AI governance scrutiny?

Free FAIG assessment — 15 questions, 5 minutes, scored against NIST AI RMF, COSO, and ISO 42001. Or message Monte directly to discuss aerospace AI governance advisory, consulting engagements, or board-level GRC roles.

Take the Free FAIG Assessment → Message Monte · WhatsApp

US Citizen · Independent forensic CPA · No vendor agenda · 19 years Shell GRC · Board-level experience · Consulting and senior roles considered

Aerospace AI Governance Series — 2026

01 Why the SpaceX IPO Could Still Fail — And It Has Nothing to Do With Rockets · You are here Live
02 Operator Genius vs Governance Architecture: Why DOGE Skills Don't Transfer to IPO Readiness Coming
03 ITAR in the Age of AI: The Export Control Time Bomb Inside Every Aerospace AI System Coming
04 Starlink as National Security Infrastructure: The Data Governance Framework Nobody Is Building Coming
05 Building Governance for Multi-Planetary Missions: FAIG Applied to Aerospace at Scale Coming
Disclaimer: This article is for educational and informational purposes only and represents the independent professional opinion of Monte Fisher, CPA (Retired), CFE. It does not constitute legal, financial, or investment advice. References to SpaceX, Boeing, Enron, Theranos, FTX, WorldCom, Shell, DOGE, and the US Government are for analytical and illustrative purposes only. Monte Fisher has no financial relationship with any company or organization referenced in this article and has no non-public information about any of these organizations. Statistics cited represent publicly available estimates and industry data. Always consult qualified legal, compliance, and financial professionals before making governance or investment decisions.