Product · Governance
Governance Audit.
A three-week independent review of your data & AI governance — against regulatory obligations and peer benchmarks. For boards, audit committees and new CDOs.
3 weeks
Fixed duration
NIST
AI RMF aligned
DAMA
DMBOK aligned
ICO
DPIA-experienced
Overview
An independent readout for the audit committee.
Useful before a regulator visit, after a data incident, or on the first 100 days of a new CDO. Independent of your existing suppliers and your internal politics.
What we review.
01
Regulatory alignment
GDPR, DPA 2018, sector frameworks (FCA, PRA, NHS DSPT, FRC, RSH).
02
AI governance
Intake, risk tier, DPIA, model documentation, monitoring.
03
Policies & standards
Currency, enforceability, gap analysis.
04
Operating model
Forums, accountability, escalation.
05
Evidence & artefacts
What the regulator would see.
Deliverables
- ✓Audit reportFindings, severity, evidence.
- ✓Remediation plan90-day, 6-month, 12-month.
- ✓Exec / audit-committee readoutFormal, minuted session.
FAQ
Common questions.
Is this independent of our existing suppliers?+
Yes — we don't take downstream remediation work without an explicit re-contracting process.
Can it be used as formal audit evidence?+
Yes, many clients present it to their audit committee directly.
Related