Diagnostic

Where does your AI governance actually stand?

Ten questions. About ten minutes. You'll get a written read of which tier your AI systems fall into — Operational, Partial, Decorative, or Gap — and the two or three things to address first.

Answers stay in your browser. We don't see anything unless you choose to share your result by contacting us.

0 of 10 answered

Question 1
Do you have a current inventory of every AI system in production in your organization?
Including third-party tools that use AI under the hood.
Yes — written down, kept current, owner per systemPartial — we have a list, but it's probably out of dateInformal — we mostly know what's running but it's not documentedNo
Question 2
For each AI system, can you point to where the claimed capabilities are documented?
Product pages, model cards, contracts, internal specs.
Yes — each system has documented capability claimsSome do, some don'tThe claims exist (marketing, sales decks) but aren't cross-referencedNo
Question 3
Is there evidence that the AI has been tested against those claims?
Yes — written test results we could hand to a regulatorTested internally, but the results aren't formally documentedVendor-provided test data onlyNo formal testing
Question 4
Is the AI's behavior monitored once it's in production?
Outputs sampled, drift watched, escalation paths defined.
Yes — with alerts and a named ownerLogged but not actively reviewedOnly if someone complainsNo
Question 5
Do you know where the AI fails?
Documented edge cases, known failure modes, scenarios where it shouldn't be used.
Yes — documented and communicated to usersWe have some idea but it's not written downWe find out when it failsNo
Question 6
Does your organization have a written AI policy?
Acceptable use, restricted use cases, approval gates, vendor requirements.
Yes — written, approved, and enforcedWritten but not consistently followedIn draftNo
Question 7
When AI vendors require new contract language (DPAs, AI addenda, audit rights), are you ready?
Yes — we have standard positions and fallback positionsWe handle them case by caseThey cause delay and uncertainty every timeWe haven't encountered these yet
Question 8
How prepared are you for AI-specific regulatory disclosure?
EU AI Act, state-level US disclosure laws, sector regulators.
Tracked, with a written response planWe know it's coming, working on itVaguely aware, no concrete planNot on our radar
Question 9
If your board asked tomorrow "what is our AI risk exposure", how long would it take to answer?
We have a current written answer readyDays — we could pull it togetherWeeks — significant work neededWe wouldn't know how to start
Question 10
Who currently provides independent assurance that your AI is doing what you say it does?
Independent reviewer / external auditInternal audit / compliance teamThe team that built itNobody

Where does your AI governance actually stand?

Do you have a current inventory of every AI system in production in your organization?

For each AI system, can you point to where the claimed capabilities are documented?

Is there evidence that the AI has been tested against those claims?

Is the AI's behavior monitored once it's in production?

Do you know where the AI fails?

Does your organization have a written AI policy?

When AI vendors require new contract language (DPAs, AI addenda, audit rights), are you ready?

How prepared are you for AI-specific regulatory disclosure?

If your board asked tomorrow "what is our AI risk exposure", how long would it take to answer?

Who currently provides independent assurance that your AI is doing what you say it does?