How long does an AI implementation take?

Most single workflow implementations take 2-6 weeks from kickoff to production. Full AI transformation programmes run 6-12 weeks.

Do you work with specific AI models?

We are model-agnostic and work with all major providers including Anthropic Claude, OpenAI GPT, Google Gemini, Meta Llama, Mistral, and more.

Can you deploy AI on our own servers?

Yes. Our Local & Private AI service deploys models on your own infrastructure or private cloud.

StrategyFree Template

AI Risk Assessment Template

A structured template for identifying, assessing, and mitigating risks across all dimensions of an AI project. Covers technical, ethical, regulatory, operational, and reputational risks with a scoring framework and mitigation planning approach.

Overview

What's included

Risk identification framework across 5 dimensions

Likelihood and impact scoring matrix

Detailed risk register with mitigation plans

Residual risk assessment methodology

Risk monitoring and review schedule

Escalation criteria and procedures

Risk Identification

26 itemsto complete

Risk Identification

AI system name: Assessment date: Assessor(s): Risk tier (from governance framework): Tier 1 / 2 / 3

Technical Risks

Model accuracy below acceptable thresholds
Training data is unrepresentative or biased
Model performance degrades over time (drift)
System cannot handle expected throughput or latency requirements
Integration with existing systems fails or causes issues
AI outputs are not reproducible or consistent
Adversarial attacks or prompt injection vulnerabilities

Ethical Risks

Algorithmic bias affecting protected groups
Lack of transparency in AI decision-making
Unintended consequences of AI actions
Displacement of employee roles without proper transition
AI-generated content is misleading or harmful

Regulatory Risks

Non-compliance with GDPR or data protection laws
Non-compliance with the EU AI Act
Non-compliance with sector-specific regulations
Inadequate record-keeping or audit trail
Cross-border data transfer issues

Operational Risks

Single point of failure in AI infrastructure
Key person dependency (only one person understands the system)
Vendor lock-in with no exit strategy
Insufficient monitoring leading to undetected failures
Lack of rollback capability

Reputational Risks

Negative media coverage of AI use
Customer backlash due to AI errors or perceived unfairness
Employee distrust of AI systems
Competitive disadvantage from AI failures

Risk Scoring Matrix

Likelihood Scale

Score	Likelihood	Description
1	Rare	May occur only in exceptional circumstances
2	Unlikely	Could occur but not expected
3	Possible	Might occur at some time
4	Likely	Will probably occur in most circumstances
5	Almost certain	Expected to occur in most circumstances

Impact Scale

Score	Impact	Description
1	Negligible	Minor inconvenience; no business disruption
2	Minor	Small financial loss (< £10k); brief disruption
3	Moderate	Significant financial loss (£10k-£100k); service degradation
4	Major	Large financial loss (£100k-£1M); extended outage; regulatory action
5	Severe	Critical financial loss (> £1M); existential threat; major regulatory penalty

Risk Rating

Risk Score = Likelihood x Impact

	Impact 1	Impact 2	Impact 3	Impact 4	Impact 5
Likelihood 5	5 (Med)	10 (High)	15 (High)	20 (Critical)	25 (Critical)
Likelihood 4	4 (Med)	8 (Med)	12 (High)	16 (High)	20 (Critical)
Likelihood 3	3 (Low)	6 (Med)	9 (Med)	12 (High)	15 (High)
Likelihood 2	2 (Low)	4 (Med)	6 (Med)	8 (Med)	10 (High)
Likelihood 1	1 (Low)	2 (Low)	3 (Low)	4 (Med)	5 (Med)

Thresholds:

1-4: Low — Accept and monitor
5-9: Medium — Mitigate within standard processes
10-15: High — Escalate; active mitigation required before deployment
16-25: Critical — Escalate to governance committee; do not proceed without mitigation

Risk Register

#	Category	Status
1	Technical	Open
2	Ethical	Open
3	Regulatory	Open
4	Operational	Open
5	Reputational	Open
6		Open
7		Open
8		Open

Risk Summary

Total risks identified:
Critical risks:
High risks:
Medium risks:
Low risks:

Risk Review Schedule

Review Type	Frequency	Next Review Date	Responsible
Risk register update	Monthly		Project Lead
Full risk reassessment	Quarterly		AI Governance Committee
Post-incident risk review	After each incident	As needed	Incident Commander

Instructions

How to use this template

Identify risks across all five dimensions

Work through the risk identification checklist with your project team. Include technical, ethical, regulatory, operational, and reputational perspectives.

Score each risk

Assess the likelihood and impact of each risk using the scoring matrix. Be consistent in your scoring criteria across risks.

Define mitigation strategies

For every medium, high, and critical risk, define a specific mitigation action, owner, and timeline.

Assess residual risk

After defining mitigations, re-score each risk to determine the residual risk level. This tells you what risk remains even after controls are in place.

Establish ongoing monitoring

Set a monthly review cadence for the risk register. Risks change as projects progress and new information emerges.

Watch Out

Common mistakes to avoid

Only considering technical risks — ethical, regulatory, and reputational risks can be just as damaging.

Scoring all risks as 'medium' to avoid difficult conversations — honest scoring leads to better resource allocation.

Writing mitigations without owners — every mitigation needs a named person responsible for implementation.

Treating risk assessment as a one-time activity — risks evolve and new risks emerge throughout the project lifecycle.

Not linking the risk assessment to the governance framework — high and critical risks should trigger governance committee review.

FAQ

Frequently asked questions

Conduct an initial assessment during the planning phase, before significant investment. Update it at each major project milestone and after any significant incidents or changes.

AI risk assessments include dimensions specific to AI: model bias, data quality, explainability, algorithmic fairness, and AI-specific regulatory requirements. These are in addition to standard project risks.

Yes. Even if you did not build the AI, you are responsible for how it is used in your organisation. Assess vendor-supplied AI against the same risk framework, especially for ethical, regulatory, and reputational risks.

Escalate to the AI governance committee. Options include: accepting the risk with explicit sign-off from leadership, redesigning the solution to avoid the risk, or deciding not to proceed with the initiative.

Focus non-technical stakeholders on ethical, reputational, and business impact risks. Use plain language and concrete scenarios rather than technical jargon. Their perspective is especially valuable for identifying risks that technical teams may overlook.

Need a custom AI template?

Our team can build tailored templates for your specific business needs. Book a free strategy call.

Book a Strategy Call View Pricing

AI Risk Assessment Template

What's included

Risk Identification

Risk Identification

Technical Risks

Ethical Risks

Regulatory Risks

Operational Risks

Reputational Risks

Risk Scoring Matrix

Risk Scoring Matrix

Likelihood Scale

Impact Scale

Risk Rating

Risk Register

Risk Register

Risk Summary

Risk Review Schedule

How to use this template

Identify risks across all five dimensions

Score each risk

Define mitigation strategies

Assess residual risk

Establish ongoing monitoring

Common mistakes to avoid

Frequently asked questions

AI Governance Framework Template

AI DPIA Template

How to Manage AI Risk

Need a custom AI template?