AI Governance

Assess your AI risk posture, implement ISO 42001, and establish ongoing AI risk management. There's no single AI law in Australia — but existing privacy, consumer, and anti-discrimination laws all apply to how you use AI. We help you navigate the patchwork.

What's involved

A rapid assessment of how your organisation is using AI today and where the governance gaps are. Maps current AI usage across the business, identifies shadow AI, and assesses risk posture against Australia's Guidance for AI Adoption (6 essential practices), ISO 42001, and existing legal obligations under the Privacy Act, consumer law, and anti-discrimination law. With Privacy Act reforms introducing automated decision-making transparency obligations in December 2026, this isn't hypothetical. A practical assessment that gives leadership a clear picture of AI risk exposure and a prioritised action plan.

Deliverables

AI usage inventory across the organisation
Shadow AI identification and risk assessment
Gap analysis against Guidance for AI Adoption (6 essential practices)
Risk heat map with prioritised findings
Board-ready summary report
Recommended governance roadmap

Business benefits

Clear picture of AI risk exposure before regulators ask
Identifies shadow AI before it creates compliance or security issues
Practical roadmap aligned with Australian and international frameworks
Foundation for ISO 42001 implementation if needed

Engagement process

DiscoveryInterview key stakeholders, map AI usage across the organisation.

AssessmentEvaluate against frameworks (Guidance for AI Adoption, ISO 42001) and existing legal obligations (Privacy Act, consumer law), identify gaps and risks.

AnalysisRisk assessment and prioritisation of findings based on impact and likelihood.

ReportBoard-ready findings, governance roadmap, and recommendations for next steps.

Discuss this assessment

ISO 42001 Implementation

What's involved

ISO/IEC 42001 is the world's first AI management system standard, published December 2023. We build your AI Management System (AIMS) from the ground up — scope, AI risk assessment, controls, policies, and governance structure. This isn't a documentation exercise; it's a management system that changes how your organisation identifies, assesses, and treats AI-specific risks including ethical considerations, transparency, bias, and data quality. Integrates with existing management systems (ISO 27001, ISO 27701) if you have them. We support from gap analysis through to certification readiness.

Deliverables

AIMS scope definition and context
AI risk assessment methodology and treatment plan
AI system inventory and classification
Statement of Applicability with control mapping
AIMS documentation suite (policies, procedures, records)
Internal audit programme and first AI-focused audit
Certification audit preparation and support

Business benefits

First-mover advantage — ISO 42001 is becoming enterprise-expected by 2026
Systematic approach to AI risk that goes beyond ad-hoc policies
Competitive advantage in tenders and enterprise procurement
Framework that integrates with existing ISO 27001/27701 certifications

Engagement process

Gap analysisAssess current AI governance against ISO 42001 requirements. Identifies the work needed and informs the implementation plan.

AIMS designScope, risk methodology, governance structure, and Statement of Applicability defined with your leadership team.

ImplementationControls implemented, documentation created, processes established. Your team is trained and involved throughout.

Internal auditVerify the AIMS is operating effectively and identify any gaps before the certification audit.

Certification supportAudit preparation, auditor liaison, and support through to successful ISO 42001 certification.

Discuss this implementation

AI Risk Assessment

What's involved

AI risk doesn't stop after the initial assessment or certification. This is an ongoing service for organisations that need continuous AI risk management. We monitor your AI risk register, assess new AI tools and use cases before deployment, maintain your AIMS, and provide regular board reporting on AI risk posture. Also covers supplier AI risk — assessing third-party AI tools your vendors are using that may affect your data or operations.

Deliverables

Ongoing AI risk register maintenance
New AI tool/use case risk assessments
Supplier AI risk assessments
Regular board reporting on AI risk posture
AIMS maintenance and continuous improvement
Shadow AI monitoring and detection
Regulatory change monitoring (Privacy Act reforms including December 2026 automated decision-making obligations, AI Safety Institute guidance)

Business benefits

Proactive AI risk management rather than reactive compliance
Board confidence that AI risks are being governed
Early warning on regulatory changes affecting AI usage
Vendor AI risk visibility before it becomes your problem

Engagement process

OnboardingEstablish baseline, review existing AIMS and current risk register.

MonitoringOngoing risk register maintenance, shadow AI detection, emerging risk tracking.

AssessmentEvaluate new AI tools and use cases before deployment, assess vendor AI tools.

ReportingRegular board-level AI risk reporting with status updates and emerging issues.

ReviewQuarterly review of scope and emerging risks, AIMS updates as needed.

Discuss ongoing AI governance

Ready to govern AI responsibly?

Whether you're starting from scratch or building on existing frameworks, we'll give you an honest assessment of where you stand.

Get in touch

Kaurna Acknowledgement

We acknowledge and pay our respects to the Kaurna people, the traditional custodians of the ancestral lands on which we work. We acknowledge the deep feelings of attachment and relationship of the Kaurna people to country and we respect and value their past, present and ongoing connection to the land and cultural beliefs.