You have read about the seven pillars of AI governance. You understand that strategy, accountability, intelligence, deployment, ethics, infrastructure, and talent each require structured attention. But understanding the framework is not the same as knowing where your organisation stands today.
An AI governance assessment translates the abstract into the specific. It tells you which pillars are strong, which are dangerously weak, and where your first investments of time and budget will produce the greatest reduction in risk. This guide walks you through how to conduct one — practically, without a consulting engagement, using the 7-Pillar AI Governance Model as your scoring framework.
Step 1: Define the Scope
Before you assess anything, decide what you are assessing. This sounds obvious, but it is the step most organisations skip, and the reason most assessments produce vague results.
You have three scoping options. The first is an enterprise-wide assessment — you evaluate AI governance across the entire organisation. This is appropriate for organisations that are early in their AI journey and want a baseline, or for leadership teams preparing a board-level AI governance report. The second is a business-unit assessment — you evaluate a specific department, division, or subsidiary. This is appropriate when AI adoption is concentrated in one area (a digital transformation office, an analytics team, a specific operational function) and you want depth rather than breadth. The third is a system-level assessment — you evaluate governance around a single AI system or application. This is appropriate for high-risk or high-visibility deployments where you need to demonstrate due diligence to a regulator, auditor, or board.
Document your scope in a single paragraph: what entity, what boundary, what AI systems or activities are included, and what is explicitly excluded. This paragraph becomes the first section of your assessment report and prevents scope creep during the process.
Step 2: Identify Your Respondents
An AI governance assessment is not a survey sent to the IT department. It requires input from people who collectively understand the organisation's AI strategy, decision-making structures, data practices, operational deployments, ethical policies, infrastructure, and workforce capabilities — in other words, one or more respondents per pillar.
For an enterprise-wide assessment, the ideal respondent group includes a senior executive or strategy lead (Pillar 1), a compliance or legal representative (Pillar 2), a data management or analytics lead (Pillar 3), an IT operations or DevOps lead (Pillar 4), a risk or compliance officer (Pillar 5), a cybersecurity or infrastructure manager (Pillar 6), and an HR or talent development lead (Pillar 7). In smaller organisations, two or three people may cover multiple pillars. That is fine. What matters is that no pillar is scored by guesswork.
Schedule a single 90-minute workshop or a series of 30-minute interviews. Provide the questions in advance so respondents can gather evidence rather than relying on memory.
Step 3: Score Each Pillar
The 7-Pillar AI Governance Model uses a five-level maturity scale. Level 1 (Ad Hoc) means no formal governance exists for that pillar — activities may be happening, but they are undocumented and inconsistent. Level 2 (Developing) means initial policies or practices are in place but are not yet applied consistently. Level 3 (Defined) means documented policies, assigned roles, and repeatable processes exist and are followed. Level 4 (Managed) means governance is measured, monitored, and actively improved based on performance data. Level 5 (Optimised) means governance is fully integrated into organisational culture, continuously refined, and benchmarked externally.
For a first assessment, score at the pillar level — one score per pillar, based on the respondents' collective assessment of the organisation's maturity in that domain. Do not attempt to score all 31 sub-dimensions on your first pass. The pillar-level score gives you a meaningful baseline and identifies which areas need deeper investigation. Sub-dimension scoring is a second-phase activity, best conducted after the initial results have been reviewed by leadership.
For each pillar, record three things: the numeric score (1–5), a one-to-two sentence justification explaining why that score was chosen, and one concrete piece of evidence supporting the score (a document, a policy, a system, a process, or the absence thereof).
Step 4: Build Your Scorecard
Arrange your scores into a visual scorecard. The simplest format is a table with seven rows (one per pillar), columns for pillar name, score, maturity level label, justification, and evidence. Add a composite score — the unweighted average of all seven pillar scores — at the top.
A radar chart adds significant communication value. Plot the seven pillars on a heptagonal axis with scores from 0 (centre) to 5 (perimeter). The shape of the chart immediately reveals your governance profile: a balanced organisation shows a roughly even polygon; a lopsided one reveals where attention is needed.
If your organisation operates in a specific sector — government, banking, healthcare, education — consider applying sector weights. Not all pillars carry equal risk in every industry. For a government entity deploying citizen-facing AI, Pillar 5 (Data & Ethics) and Pillar 2 (Accountability) may carry more weight than Pillar 6 (Infrastructure & Security) if infrastructure is managed centrally by a national cloud provider. The 7-Pillar model defines sector-weight profiles for common industries, but for a first assessment, unweighted scores are sufficient.
Interpret the composite score using these bands. A score of 1.0 to 1.9 indicates critical gaps — AI governance is essentially absent and immediate action is required. A score of 2.0 to 2.9 indicates foundational gaps — some elements exist but are inconsistent, and a structured roadmap is needed. A score of 3.0 to 3.9 indicates a developing programme — governance structures are in place and the focus should shift to measurement and consistency. A score of 4.0 to 5.0 indicates mature governance — the organisation should focus on optimisation, benchmarking, and continuous improvement.
Step 5: Translate Scores into a 90-Day Roadmap
An assessment without action is an audit that gathers dust. The final step is to convert your scorecard into a prioritised action plan.
Start with the lowest-scoring pillar. This is your highest-risk area and your first priority. For each pillar scoring below 3.0, define one concrete action that would move the score up by one level within 90 days. Be specific: not "improve data governance" but "appoint a data steward, document data quality standards for the three datasets used in our credit-scoring model, and conduct a bias review before the next model refresh." Assign an owner, a deadline, and a review date to each action.
For pillars scoring 3.0 or above, define a maintenance action — a quarterly review, a documentation update, a training refresh — that prevents regression.
Present the scorecard and the 90-day roadmap together to leadership. The scorecard establishes credibility (here is where we stand, based on evidence). The roadmap establishes urgency (here is what we do next, with names and dates). Together, they form the foundation of your organisation's AI governance programme.
What Comes After the First Assessment
A first assessment is a baseline, not a destination. Plan to reassess in six months, scoring at the sub-dimension level for the pillars where you invested the most effort. Compare scores to your baseline. Track movement. Report progress to leadership.
Over time, this cycle — assess, plan, act, reassess — becomes the operating rhythm of AI governance. The first assessment is the hardest because it reveals the gaps. Every subsequent assessment is easier because it measures progress.
If your organisation needs support conducting its first assessment, the 7-Pillar AI Governance Model includes a structured questionnaire, a scoring workbook, and a report template designed for this purpose. A guided assessment, facilitated by an experienced consultant, can compress the process into a focused engagement and produce a board-ready deliverable.
This is part of the Practitioner Guides series. For the conceptual foundation, see The Seven Pillars series.