Skip to main content

Self-Diagnostic

The AI Workflow Risk Assessment

A 20-question diagnostic that tells you whether your AI workflow is governable, or merely working.

Most teams can build an AI workflow. Far fewer can answer basic questions about it under pressure: What was the AI allowed to do? What data did it use? Who reviewed the output? What evidence survived?

This assessment scores one real AI workflow across five governance areas and 20 diagnostic questions, from action authority to audit reconstruction readiness. It takes about 20 minutes. You will finish with a risk tier, a list of specific gaps, and a recommended next step.

One thing this assessment does not do: certify anything. A low score does not mean your workflow is compliant or safe. Governability is the precondition for safety claims, not a substitute for them.

Who this is for

  • IT operations leaders responsible for AI workflows already running in production
  • AI governance leads who need a structured way to triage workflows
  • Risk and compliance professionals asked to sign off on AI use they did not design
  • Enterprise architects defining where agentic systems fit in the stack
  • Founders building AI-enabled products for regulated customers
  • Technical program managers who own AI delivery but not AI risk

Who this is not for

  • Anyone looking for prompt techniques or productivity tips
  • Teams evaluating whether to adopt AI at all (this assumes you have a real workflow to assess)
  • Anyone expecting a compliance attestation. This is a diagnostic, not a certification.

Before you begin

  • 1Pick one real AI workflow. Not a category of workflows, not your AI strategy. One workflow with a name, an owner, and actual runs behind it.
  • 2Answer as it exists today. If the documented answer and the actual behavior differ, score the actual behavior.
  • 3Each question scores 0 to 3. Higher scores mean greater governance risk. If you don’t know the answer, select “Don’t know” — it scores 3.
  • 4About 20 minutes. You’ll finish with a risk tier, specific gaps, and a recommended next step.