ivee.AI Strategy, Data & Risk · Session 3

The Exposure Map

What can you actually see?

Nine questions around where your organisation is exposed to AI risk right now. There are no right answers here [including blank answers!]

Setup · who is charting

0/9 charted
Domain 01

Visibility

shadow AI
Q1

Do you know which AI tools your people actually use, day to day?

Q2

Are staff mostly on governed accounts, or free tools?

Domain 02

Data

green / amber / red
Q3

Do you classify data before it goes into an AI tool?

Q4

Do you know where data exits, once it enters an AI tool?

Domain 03

Ownership

who owns what
Q5

Does every AI tool and data flow have a named owner?

Domain 04

Rules

policy and pilots
Q6

How many of the five policy pillars are documented? (approved tools, data handling, disclosure, verification, prohibited uses)

Q7

Do your live AI pilots have defined success metrics?

Domain 05

Accountability

leadership and law
Q8

Is there a single named person accountable for AI in your organisation?

Q9

Do you know your sector regulator's position on AI, and your EU AI Act exposure?

9 still in the dark