AI governance: four risk dimensions your board expects you to name
Data boundary, policy, review gates, ownership. Plus a free four-minute risk screen.
AI governance: four dimensions that matter
Boards now ask what AI risk looks like in the organisation. Most IT teams lack a crisp answer not because the risk is hidden, but because nobody has mapped it.
Data crossing the boundary
Paste into consumer tools without rules on retention, training, or jurisdiction.
Policy
No current acceptable-use position on Copilot, sector rules, or EU AI Act timelines.
Unreviewed outputs
Drafts that reach clients or regulators without a human read.
Ownership and incidents
No named owner, no runbook when something goes wrong.
EU AI Act
High-risk obligations have a 2026 timeline. If you supply AI-assisted services into regulated EU markets, start early. UK-only does not erase cross-border exposure.
Sentinel AI-Audit
A free twenty-question screen across all four dimensions. Four minutes. Red, Amber, or Green band plus a summary you can take to the board or compliance team.
Deeper policy and implementation work sits under AI Process Audit and Practical AI Integration on westgatesentinel.co.uk.
Richard Stainforth, Westgate Sentinel Consulting Ltd. CISM.