AI Governance and Responsible AI

AI governance that starts with the problem, not the model.

Somewhere in your organisation, a team is already using AI. Maybe it is sanctioned, maybe it is a free tool someone found useful and quietly adopted. Either way, the question is no longer whether to govern AI. It is whether you find out about the risk before a regulator, a customer, or an audit does.

IAPP AIGPNIST AI RMFISO/IEC 42001


Where it usually goes wrong

Most AI governance work we see starts in the wrong place. A policy gets written, a checklist gets circulated, and six months later nobody in the business can tell you which of their systems are actually in scope.

Where we start instead

Before we talk controls or frameworks, we spend time understanding what your organisation is actually trying to do with AI, what has already been built or bought, and where the real exposure sits.

Governance that is bolted on after the fact rarely survives contact with a busy project team. Governance built around how your people actually work has a chance.

Our approach draws on established practice rather than reinventing it. We work with the IAPP’s AI Governance Professional body of knowledge, align controls to recognised references such as the NIST AI Risk Management Framework and ISO/IEC 42001, and, where privacy and personal data are part of the picture, bring genuine depth in data protection practice rather than treating it as an afterthought to the AI conversation. What we do not do is hand you a generic template and call it a framework.

In practice, this covers:

  • AI risk assessment and use case triage
  • Governance structures and accountability models that fit how your organisation actually makes decisions
  • Model and vendor due diligence
  • Alignment with the regulatory direction of travel, in Australia and internationally

We also help organisations that already have an AI policy on paper but no real confidence it is being followed, which is a more common starting point than most firms will admit.


We are a small, specialist practice by choice. You will deal directly with the people doing the work, not be handed off to a graduate analyst once the contract is signed. That matters in AI governance more than most disciplines, because the details of how a specific model is used in a specific process are exactly where the real risk hides, and exactly what a templated approach misses.

Contact us for an initial conversation about where AI is actually being used in your organisation today, and what a governance approach that fits your risk and your culture would look like.

Contact us