Compliance that holds up when someone actually asks.
A lot of compliance work is written to survive an audit, not a genuine incident. The framework looks complete on paper, the policy has been signed off, and then something goes wrong and nobody can actually explain who was accountable for the decision that caused it.
APRADAMA-DMBOKNIST AI RMFISO/IEC 42001
Where we start
We build compliance and governance work starting from what would actually need to be true if a regulator, a customer, or a journalist asked hard questions tomorrow, not from what survives an audit on paper.
Grounded in real regulatory experience
We have led APRA-facing compliance work within a major bank’s risk and controls program, and delivered governance advisory into a state government wagering regulator. This is grounded in having sat across the table from a regulator, not just having read the guidance.
Increasingly, this work also carries a legal and regulatory lens alongside the technical one, letting us read a requirement the way it will actually be interpreted, not just the way it is worded.
Where AI is involved, we work from the IAPP AI Governance Professional body of knowledge and align to recognised references such as the NIST AI Risk Management Framework and ISO/IEC 42001, so your governance approach can be explained and defended in terms a regulator or auditor already recognises. Where data quality and stewardship are the issue, we draw on DAMA-DMBOK, the established reference for data management practice, to make sure accountability for data is clearly assigned rather than assumed.
Typical engagements include:
- Regulatory readiness assessments
- Data and AI risk registers that are actually used rather than filed away
- Accessibility compliance work against WCAG 2.1 AA for organisations with public facing digital services
- Governance committee advisory for organisations that need an experienced outside voice at the table
Contact us to talk through the specific regulatory pressure you are facing, and we will help you understand what genuinely needs to change before recommending a framework.
Contact us