AI Risk Assessment
Understand your regulatory exposure before a regulator does
Most organisations deploying AI don't know which of their systems are high-risk, what their regulatory obligations are, or where their governance gaps lie. Our AI Risk Assessment gives you a clear picture — fast, rigorous, and built on the same methodology used in Big 4 practice.
The problem we solve
The EU AI Act is now in force. NIST AI RMF adoption is accelerating. ISO 42001 is becoming a procurement requirement. Yet most mid-market organisations have deployed AI systems without ever formally assessing their regulatory status — leaving them exposed to fines of up to 7% of global annual turnover and reputational damage that is difficult to recover from.
Common gaps we find include undocumented AI system inventories, no formal risk classification against regulatory frameworks, insufficient data governance for AI training sets, and no human oversight mechanisms for automated decision-making systems.
How it works
Step 1: Structured intake
Your organisation completes a structured questionnaire covering your AI system inventory, data inputs, affected populations, current governance practices, and the regulatory frameworks relevant to your operations.
Step 2: AI-powered analysis
Our proprietary assessment engine classifies each AI system against your selected frameworks — EU AI Act, NIST AI RMF, ISO 42001, or a combination — generating risk scores, heat maps, and governance maturity ratings.
Step 3: Expert review
Sonia reviews every output personally, applying 12+ years of Big 4 risk and controls expertise to refine classifications, add context-specific recommendations, and ensure the analysis reflects real regulatory requirements — not just algorithmic outputs.
Step 4: Delivery
You receive either an instant interactive dashboard (free tier) or a full expert-reviewed PDF report (paid engagement), with a readout session for your legal, technical, and leadership stakeholders.
Who this is for
Organisations with AI systems in production or active development
Companies with EU operations or customers facing EU AI Act obligations
Regulated businesses in financial services, healthcare, or technology preparing for audit or board review
Leadership teams that need a defensible, documented view of their AI risk posture
Frequenly asked questions
How long does the assessment take?
The free dashboard is available immediately after intake submission. The full expert-reviewed report is delivered within 5–10 business days.
Do we need to have a lot of AI systems to justify an assessment?
No. Even a single AI system — a chatbot, a scoring model, an automated decision tool — may carry significant regulatory obligations. It is better to know early.
What frameworks do you assess against?
EU AI Act, NIST AI Risk Management Framework, and ISO 42001. We can assess against one, two, or all three depending on your regulatory context.
Is the free dashboard really free?
Yes. The interactive dashboard showing your risk tiers, heat map, and governance maturity score is available at no cost. The detailed expert-reviewed PDF report with recommendations and remediation roadmap is a paid engagement.
What happens after the assessment?
We offer a readout session to walk through findings with your team. From there, many clients move into governance framework development or compliance monitoring depending on what the assessment reveals.
Ready to understand your AI risk posture?
Start with a free AI risk assessment — no obligation, no jargon, and immediate results. If you need the full expert-reviewed report, book a discovery call and we will scope the engagement around your specific systems and regulatory context.
