AI Governance & Risk Consultancy
Stand up your AI governance programme — policy, risk framework, EU AI Act readiness, and the operating model that makes it real.
Built for CISOs, AI governance leads, compliance officers and CROs.
Mapped to
Why work with us
A programme your team can actually run on Monday morning
Most AI governance projects end with a policy PDF and a shrug. We hand over something different — a working programme with policies, owners, workflows and audit evidence. Ready to use the next business day.
Independent risk assessment
An outside-in view of your AI estate — what you're running, what you're missing, and where exposure is. Free of internal politics, mapped to recognised frameworks.
- Use case inventory & classification
- Severity scoring per framework
- Prioritised remediation roadmap
Policy & operating model
We write the policies, design the workflows, and define the roles — so AI governance is something the organisation does, not a document on a SharePoint.
- Approval & intake workflows
- RACI for AI risk decisions
- Board & exec reporting cadence
Audit-ready evidence
Compliance you can demonstrate, not assert. Every control mapped to its evidence artefact, every framework gap visible before an auditor finds it.
- EU AI Act technical documentation
- NIST AI RMF profile
- ISO 42001 control coverage
What you get
Six things in your hand at the end
Every project hands over the same six things — written for your company, ready to use straight away.
AI Risk Register
A structured inventory of every AI use case in your organisation, with owner, data classification, model, vendor, and assessed risk.
Governance Operating Model
The roles, responsibilities, decision rights, and workflows that turn AI policy into AI practice. Including an AI Governance Board charter.
Framework Mapping
Your controls mapped to EU AI Act, NIST AI RMF, OWASP LLM Top 10, and ISO 42001. Coverage per framework, gaps prioritised by deadline.
AI Policy Suite
Acceptable use, data classification for AI, vendor assessment, model selection criteria, incident response, and red-team policy.
Remediation Roadmap
Prioritised list of fixes — from quick wins to multi-quarter programmes — with effort estimates and owner assignments.
Board-ready Report
An executive summary written for non-technical leadership. Where you are, where you need to be, what it'll take, and what good looks like.
How the engagement runs
Discover → Assess → Design → Run
Eight weeks, four phases, a weekly working session with your team. By the end, your AI governance programme is up and running — not still on a slide.
Discover
Stakeholder interviews across IT, security, legal, compliance, HR, and the business units actually using AI. Document the as-is. Surface shadow AI.
Assess
Score every use case against EU AI Act risk classification, OWASP LLM Top 10, and your own risk appetite. Identify highest-impact gaps first.
Design
Draft policies, design the operating model, build the framework mapping, and produce the remediation roadmap with owner assignments and dates.
Operationalise
Hand-over with the team, run the first AI Governance Board meeting, configure the Atlas AI Insight Platform if appropriate, and produce the board-ready report.
Get a defensible AI governance programme in 8 weeks
A 30-minute discovery call to scope the engagement to your environment, your frameworks, and your risk appetite. We'll show you previous deliverables and walk through how the Atlas AI Insight Platform operationalises the programme.