AI Governance Maturity Assessment
Understand where your organisation stands on AI governance across five key dimensions. Takes approximately 10–15 minutes.
Before you begin
We collect your details to send you a personal results summary and to build sector-level benchmarks.
Select all that currently apply to your organisation — this helps contextualise your scores.
Select the highest sensitivity level that applies to data processed by your AI systems.
AI Governance Maturity Assessment – Results
Maturity Radar
Your scores across the five governance dimensions.
Dimension Breakdown
Priority Actions
As more organisations in your sector complete this assessment, Fair Accord will publish anonymised sector-level averages so you can compare your scores. Your responses contribute to building this picture.
How to Use the AI Governance Maturity Assessment
A practical guide to scoring accurately, gathering the right evidence, and turning your results into action.
1
What each maturity level means
A plain-English picture of your organisation at each stage — click to expand
▼
2
What counts as evidence
Concrete artefacts that support each level — click to expand
▼
| Level | Policy & Roles | Risk & Lifecycle | Monitoring & Metrics |
|---|---|---|---|
| 1 – Initial | No documents; individuals decide locally | No inventory; testing informal or absent | No dashboards, logs, or reporting |
| 2 – Developing | Draft policy; email threads showing informal escalation | Spreadsheet list of AI projects; basic test notes | Manual checks for one or two systems; incident log started |
| 3 – Defined | Approved AI policy; RACI chart; board sign-off minutes | Central inventory with risk ratings; documented test criteria; lifecycle checklist | Defined KPIs/KRIs; standard incident report template; monitoring for all material systems |
| 4 – Managed | Committee terms of reference; performance objectives referencing AI governance | Go/no-go gate records; independent review reports; post-mortem write-ups | Real-time dashboards; threshold alerts; root-cause analysis reports; bias/fairness metrics |
| 5 – Optimising | Policy update log tied to incidents and regulation changes; succession plans | Red-team and stress-test results; continuous risk-scoring pipeline | Predictive indicators; scenario models; contributions to external benchmarks or standards bodies |
3
Who should be involved
Best run as a cross-functional conversation, not a solo exercise — click to expand
▼
Tip: Schedule a 90-minute working session with Core and Key roles present. Share the assessment in advance so each person can gather relevant evidence. Treat disagreements on scores as useful data — they often reveal governance gaps.
4
How to use your results
Turning a score into a governance improvement roadmap — click to expand
▼
Fair Accord works with organisations to translate assessment results into a prioritised governance action plan. Visit fairaccord.com/contact to start a conversation.
5
AI systems — understanding risk tiers
How to classify the AI tools your organisation uses and why risk tier matters for governance
▼
Not all AI systems carry the same governance burden. The framework groups commonly deployed systems into three risk tiers based on the potential for harm, the degree of human oversight typically applied, and the regulatory scrutiny that systems in each category are likely to face — in particular under the EU AI Act and equivalent emerging legislation.
During the assessment registration step you are asked to identify which of these systems your organisation currently uses. The information contextualises your maturity scores and feeds into the Risk & Governance Positioning card shown in your results.
Risk tier reference
- Productivity & writing assistants1.0
- Search, summarisation & knowledge tools1.0
- Predictive analytics & forecasting dashboards1.5
- Automated scheduling or workflow tools1.5
- Customer service chatbots or virtual agents2.5
- Document processing & classification2.5
- Fraud or anomaly detection3.5
- HR tools (CV screening, performance analytics)3.5
- Content moderation & trust and safety4.0
- Credit scoring or financial underwriting4.5
- Hiring, promotion or disciplinary decisions4.5
- Biometric identification (facial, voice, fingerprint)4.5
- Clinical decision support or diagnostic AI5.0
- Surveillance or monitoring systems5.0
How the AI risk score is calculated
Organisations operating high-risk AI with immature governance (low overall scores) will appear in the Governance Gap quadrant of the Risk & Governance Positioning chart. The weighted scoring means this classification is now sensitive to which systems you run and how many — not just whether you ticked a high-risk category.
6
Data sensitivity levels
A five-level classification scale for the data flowing through your AI systems
▼
The data your AI systems process directly affects the governance controls required. A five-level sensitivity scale is used in the assessment — aligned to GDPR categories, the EU AI Act, and commonly adopted data classification frameworks. During registration you indicate which levels apply across your AI portfolio; this informs how your governance maturity scores are contextualised.
The scale uses a traffic light colour scheme: Levels 1–2 are green (lower sensitivity), Level 3 is amber (moderate), and Levels 4–5 are red (higher sensitivity, stricter obligations). Each level carries a sensitivity weight (1 – 5) that feeds directly into the Composite Risk Score calculation alongside your AI system score.
weight 1.0
weight 2.0
weight 3.0
weight 4.0
weight 5.0
How data sensitivity feeds into your risk score
Governance demands compound when high-risk AI systems process high-sensitivity data. Organisations in this position should expect the most intensive regulatory scrutiny and should prioritise Dimensions A (Policy), B (Risk), and D (Accountability) in their improvement roadmap.