MA Maturity Assessment

Audit Services · A la carte

A defensible baseline, in weeks.

The lightest way to get a defensible read on where your AI governance stands. The Maturity Assessment, our GAP Analysis & Review, scores eight governance domains on a five-level scale against a target state you choose, produces a risk-weighted gap register, and hands you a sequenced roadmap. It is the structural backbone of the full audit, and it stands on its own.

Schedule a call → Back to Audit overview →

The eight domains

Where governance
actually lives.

Each domain is scored 1 to 5, current versus target, against behavior we can observe and evidence we can cite. Together they describe a complete governance posture.

Strategy & Ownership

AI governance has an accountable owner, a charter, and a defined relationship to business strategy and risk appetite.

Policy & Standards

Current, coherent, enforceable policies govern AI use, with standards that translate them into specific required behavior.

AI Inventory & Use Mapping

A maintained inventory of where AI is used, by whom, on what data, and touching which decisions.

Risk Management

AI risks are identified, assessed for likelihood and impact, owned, and tracked through to mitigation.

Controls & Oversight

Defined controls (human review, access, logging, vendor terms) exist and operate for higher-risk uses.

Compliance & Legal

Obligations are mapped to AI use and the organization can evidence that it meets them.

Workforce Capability

The workforce is trained to a defined standard appropriate to its AI use and role.

Monitoring & Improvement

AI use and AI outputs are monitored; metrics inform governance decisions and continuous improvement.

How we score it

Target first, then current,
then weighted gap.

A target state is set in a leadership workshop, calibrated to risk appetite and sector. Current state is then scored against it, evidence in hand. Gaps are weighted by risk so the roadmap addresses the right things first.

Establish the target state

Leadership selects a target maturity level per domain in a structured workshop. This is what makes the gap meaningful rather than abstract.

Score the current state

Each domain is scored against the maturity model using document review, interviews, and signals. A score is only assigned where evidence supports it.

Quantify and weight each gap

The gap is the distance between current and target. Each is then weighted by the risk it represents.

Sequence remediation

Weighted gaps are ordered into a sequence that respects dependencies. An AI inventory must precede meaningful risk assessment, for example.

What you walk away with

One number, one map,
one plan.

The Maturity Assessment is built to make the gap visible to leadership and actionable for the owners who close it.

The AI Governance Maturity Index — a single headline number with a domain breakdown, reported to one decimal place so movement is visible over time.
Current-vs-target radar and an eight-domain heat map, color-coded by risk weight.
A weighted, sequenced gap register that feeds the master roadmap.
Sample finding: a Level 2 score in AI Inventory against a target of Level 4, where leadership cannot produce a record of which functions use AI but discovery shows active use in nine teams. Highest-leverage gap to close first.

Next step

Start with the baseline.

A focused two-to-three-week engagement that gives you a defensible score and a sequenced roadmap, with no commitment to anything beyond it.

Schedule a call → See the full audit →

✓ Evidence-based, not assertion-based

✓ Powered by the Governance 1st platform

✓ Findings to roadmap, with owners and dates

Where governanceactually lives.