AI governance your board can stand behind.
Clear rules for how your organisation uses AI — and a named owner for every decision. We design governance that survives a regulator's questions, not just a steering-committee slide.
From AI ambition to accountable structure.
Most organisations adopted AI faster than they governed it. This practice closes that gap: an ISO/IEC 42001 management system sized to your organisation, board oversight aligned to ISO/IEC 38507, and policies that name who decides, who reviews, and who answers when something goes wrong.
Core deliverables
At a glance
Maps to
The questions boards are already being asked.
Who owns AI risk here?
AI use has spread across functions, but accountability hasn't. When the audit committee asks who approved a model, the answer should not be a working group.
Policy without enforcement
An AI policy that nobody maps to controls is a liability in writing. Governance has to connect intent to evidence — approvals, exceptions, escalations.
Vendor AI you didn't choose
AI is arriving embedded in procurement — inside HR platforms, CRMs and security tools. Third-party AI needs the same governance gate as your own.
Boards flying without instruments
Directors are accountable for AI outcomes they cannot currently see. Board reporting on AI should look like risk reporting, not a technology showcase.
What we build with you.
ISO/IEC 42001 AIMS design
An AI management system sized to your organisation — scope, roles, risk criteria, controls and the evidence trail certification bodies expect.
Board oversight (ISO/IEC 38507)
Director-level governance of AI: delegations, reporting lines, and the questions your board should be asking management each quarter.
AI policy & ethics structures
Acceptable-use policy, model approval policy and ethical decision-making structures that staff can actually follow.
Accountability matrix
RACI for the AI lifecycle — who proposes, approves, monitors and retires each system, with escalation procedures that get used.
Third-party & vendor AI governance
Due-diligence standards, contract clauses and review gates for AI you buy rather than build.
Monitoring & board reporting
Continuous oversight indicators rolled into a board-ready AI risk dashboard — written for directors, not data scientists.
A typical 4–8 week engagement.
Baseline
- AI inventory & use-case register
- Current governance gap assessment
- Stakeholder & accountability mapping
Design
- AIMS architecture & control set
- Policy suite drafting
- Board oversight framework
Embed
- Approval workflow handover
- Board & exec briefing session
- Monitoring and reporting cadence
Put a name against every AI decision.
A 30-minute conversation is enough to tell you whether your governance would hold up in front of a regulator.
Book a consultation