ServicesGovern & AssureFinance & TransactionsTransform & DigitizeOperate & Scale
FrameworkAI Policy DevelopmentResponsible AIData Governance
RegulationsGCC regulationsRegulations & standardsResearch & benchmarks
Insights
About
Contact
Book a consultation
Practice · AI Governance

AI governance your board can stand behind.

Clear rules for how your organisation uses AI — and a named owner for every decision. We design governance that survives a regulator's questions, not just a steering-committee slide.

What this practice does

From AI ambition to accountable structure.

Most organisations adopted AI faster than they governed it. This practice closes that gap: an ISO/IEC 42001 management system sized to your organisation, board oversight aligned to ISO/IEC 38507, and policies that name who decides, who reviews, and who answers when something goes wrong.

Core deliverables

AI governance charterISO/IEC 42001 AIMS designBoard oversight frameworkAI policy suiteAccountability matrixVendor AI governance standard
At a glance
Primary frameworksISO/IEC 42001 · 38507
OutputGovernance charter + AIMS design
Typical duration4–8 weeks
Engagement modelFixed-scope
Maps to
Why it matters now

The questions boards are already being asked.

Who owns AI risk here?

AI use has spread across functions, but accountability hasn't. When the audit committee asks who approved a model, the answer should not be a working group.

Policy without enforcement

An AI policy that nobody maps to controls is a liability in writing. Governance has to connect intent to evidence — approvals, exceptions, escalations.

Vendor AI you didn't choose

AI is arriving embedded in procurement — inside HR platforms, CRMs and security tools. Third-party AI needs the same governance gate as your own.

Boards flying without instruments

Directors are accountable for AI outcomes they cannot currently see. Board reporting on AI should look like risk reporting, not a technology showcase.

Scope of work

What we build with you.

ISO/IEC 42001 AIMS design

An AI management system sized to your organisation — scope, roles, risk criteria, controls and the evidence trail certification bodies expect.

Board oversight (ISO/IEC 38507)

Director-level governance of AI: delegations, reporting lines, and the questions your board should be asking management each quarter.

§

AI policy & ethics structures

Acceptable-use policy, model approval policy and ethical decision-making structures that staff can actually follow.

Accountability matrix

RACI for the AI lifecycle — who proposes, approves, monitors and retires each system, with escalation procedures that get used.

Third-party & vendor AI governance

Due-diligence standards, contract clauses and review gates for AI you buy rather than build.

Monitoring & board reporting

Continuous oversight indicators rolled into a board-ready AI risk dashboard — written for directors, not data scientists.

How we engage

A typical 4–8 week engagement.

1

Baseline

  • AI inventory & use-case register
  • Current governance gap assessment
  • Stakeholder & accountability mapping
2

Design

  • AIMS architecture & control set
  • Policy suite drafting
  • Board oversight framework
3

Embed

  • Approval workflow handover
  • Board & exec briefing session
  • Monitoring and reporting cadence

Put a name against every AI decision.

A 30-minute conversation is enough to tell you whether your governance would hold up in front of a regulator.

Book a consultation