A structured 30/60/90-day audit that scores your organization across 8 governance domains, identifies gaps before regulators do, and delivers a prioritized roadmap to close them.
The assessment maps findings directly to the governance standards your board, legal team, and regulators recognize.
Organizations are deploying AI systems faster than they can govern them. The result: regulatory exposure, compliance gaps, and systems nobody fully understands operating in production.
You don't have a complete picture of which AI systems are running, who owns them, or how they impact customers and employees.
Nobody formally owns AI governance. When something breaks—a biased model, a data breach, a regulatory inquiry—it's unclear who's responsible.
The EU AI Act, NIST AI RMF, and sector-specific regulations are tightening. Operating without documented governance is an increasing liability.
Each phase builds on the last. Start with the 30-day discovery—expand based on findings. Every phase ends with a clear deliverable, not a slide deck that gathers dust.
Surface-level assessment to understand current AI use, existing policies, and quick-win opportunities.
Process mapping, risk analysis, and detailed gap identification with document review and stakeholder interviews.
Control testing, compliance validation, and a board-ready strategic roadmap for achieving target maturity.
Pricing is indicative. Final scope confirmed after a free 30-minute discovery call. Regulated industries may have adjusted rates.
The audit evaluates every dimension of AI governance that matters—from strategy and ethics to security and regulatory compliance.
Not all AI systems require the same level of governance. We use a risk-based approach aligned to EU AI Act tiers to focus effort where it matters most.
AI systems affecting customer safety, rights, employment, or regulatory compliance require maximum governance and control.
Systems that materially impact business operations but carry lower external risk. Still require defined controls and monitoring.
Proof-of-concept, internal pilot, and experimental systems with limited scope. Lightweight oversight with clear escalation paths.
The assessment combines structured interviews, document review, and direct observation—not a checkbox survey emailed to your team.
Define scope, identify key stakeholders, and customize the assessment to your industry, size, and regulatory environment. No generic frameworks.
Gather AI policies, model documentation, data catalogs, and vendor contracts. Conduct structured stakeholder interviews across functions.
Score each domain against a 5-level maturity model. Benchmark against industry peers and NIST AI RMF maturity expectations.
Deliver scored report with prioritized findings, then walk through results in a live session with your leadership team.
Co-develop a sequenced governance roadmap with owners, effort estimates, timelines, and measurable success criteria.
Fractional engagement to lead roadmap execution—standing up governance structures, drafting policies, and building accountability systems.
Every engagement ends with a set of concrete outputs your team can act on immediately.
Domain-by-domain scores against a 5-level maturity model, benchmarked to NIST AI RMF and ISO 42001.
Every AI system mapped to identified risks, existing controls, gaps, and named remediation owners.
Prioritized, sequenced governance improvements with effort estimates, owners, and business justification.
Draft AI policy, ethics guidelines, and governance charter templates ready to adapt to your organization.
Executive-ready deck communicating risk exposure, maturity gaps, and the investment case for governance.
Mapped obligations against EU AI Act, NIST AI RMF, and applicable sector-specific regulations.
Mid-market to enterprise organizations (100+ employees) that are actively using AI in operations or products. I also work with startups that want to build governance foundations early—before scale makes it expensive to fix.
Minimal. Most engagements require 2–4 hours of time from key stakeholders (CTO, legal, data teams) spread over the engagement period. Document requests are batched and coordinated to avoid back-and-forth.
That's actually the best time to assess. Building governance foundations early costs a fraction of remediating gaps after systems are in production. The 30-Day Discovery is specifically designed for organizations at early maturity stages.
Yes. GenAI and LLM-specific risks—prompt injection, sensitive data leakage, hallucination, shadow AI usage, and vendor model governance—are explicitly covered across the Security, Ethics, and Risk domains.
Yes. Each phase is a standalone engagement. Most clients start with the 30-Day Discovery and expand based on findings and organizational readiness. There's no obligation to continue beyond the initial phase.
I co-authored the enterprise AI governance framework at Equifax—a $2.4B+ revenue organization with active AI deployments across regulated business lines. This isn't theoretical. The assessment reflects what actually works in production environments, not what looks good in a whitepaper.
Schedule a free 30-minute conversation. I'll give you an honest read on your biggest gaps—at no cost and no obligation.