Diagnostic

Data & AI governance readiness

A structured self-assessment across five governance dimensions — strategy, data foundations, control, AI risk, and decision culture. Takes around three minutes. The result is scored, interpreted against a maturity model, and accompanied by prioritised recommendations.

Nothing is submitted or stored. This assessment runs entirely in your browser. Results are visible only to you.

Assessment progress

0 / 13

Strategy & operating mandate0/3

1.The organisation has a documented data and AI strategy that is sponsored at board or executive committee level and reviewed at least annually.

2.Data and AI investment decisions are evaluated against a prioritised set of commercial, regulatory, and operational objectives rather than technology appetite alone.

3.There is a named executive accountable for data and AI outcomes — distinct from IT or infrastructure ownership — with defined authority to enforce standards.

Data foundations0/3

1.Critical data elements are formally defined, owned by named business stewards, and monitored against agreed quality thresholds.

2.End-to-end data lineage for board reports and regulatory submissions is documented, traceable to source, and refreshed when processes change.

3.Data quality issues are logged, prioritised, and remediated through a governed process with measurable improvement targets.

Governance & control0/2

1.A data governance forum or equivalent body meets regularly, has a clear charter, publishes decisions, and holds accountable owners to remediation commitments.

2.Board and executive reporting packs are traceable to source systems with known data quality, documented assumptions, and a reconciliation trail that would satisfy an external auditor.

AI / model risk0/3

1.Every AI use case in production has passed a documented risk and assurance gate covering model scope, training data provenance, bias assessment, and human oversight requirements.

2.There is a model inventory with known risk tiers, refresh schedules, performance monitoring, and a defined escalation path when model drift or output failure is detected.

3.The organisation has assessed its AI obligations under applicable regulation (e.g. EU AI Act, FCA, PRA, GDPR) and mapped those obligations to specific controls and owners.

Decision & culture0/2

1.Senior leaders consistently distinguish between data-informed and data-validated decisions, and can identify which decisions in their area have known data quality or coverage gaps.

2.When a significant data or AI issue is discovered, there is a clear escalation path, ownership is unambiguous, and the post-incident review results in durable governance change rather than a one-off fix.

Complete all 13 questions to see your result (13 remaining).