AI RISK & CONTROLS
Structured assessment of your AI risk and controls.
An evidence-based assessment of AI-related risks and the controls in place to address them — against a recognised framework.
WHAT THIS IS AND ISN'T
What this is
A structured, evidence-based assessment of the AI-related risks your organisation faces and the controls in place to address them.
Assessed against a recognised framework — ISO/IEC 42001 Annex A, NIST AI RMF, or an agreed scope of controls. Findings are written, referenced, and prioritised.
Useful as a standalone risk exercise or as preparation for a 42001 internal audit.
What this isn't
Not a penetration test or a technical security assessment. This is a controls assessment: documentation, evidence, and governance — not tooling or infrastructure.
Not a certification audit. Findings from this assessment are not a substitute for a Clause 9.2 internal audit.
Not a risk register template. We assess what you have against what the framework requires — we don't populate a blank document for you.
Who it's for
Organisations with AI systems in production or development who need an independent, structured view of their risk and controls posture.
What you get
A written assessment of AI-related risks and controls. Findings referenced to framework requirements, prioritised by severity, signed by the Lead Auditor.
How it runs
Scope and framework agreed in writing. Documentation and controls evidence reviewed. Delivered as a written report — not a spreadsheet, a signed assessment.
Understand your AI risk posture.
The qualifier takes five minutes. Tell us about your AI systems and what you need from the assessment.