Governance is not a document you publish. It is an operating model you run. The Diagnostic is the entry point. What follows is a sequential three-phase model, and the order is non-negotiable: the scope of each phase is defined before the next begins. Installation is never offered without an Assessment. Continuity requires Installation. The model is intentional, and we do not sell around it.
Governance engagements are for boards, CEOs, general counsel, CISOs, and chief risk officers who need a defensible, structured read on AI risk and the controls to act on it.
The cost of ungoverned AI shows up in three departments, in this order. Finance notices first, when the spend spikes. Legal notices next, when an output creates exposure. The customer notices last, when something fails in front of them. Three different discovery dates. One missing control layer underneath all of them. The organizations that get ahead of this install the owner, the record, and the escalation threshold before any of the three has to notice.
A short, structured conversation. We map the AI surface area in your organization: who is using what, where decisions are happening, and what is already exposed. The output is a written read of where you are, what is at risk, and whether an Assessment is warranted. If it is not, we tell you. The Diagnostic is fixed-fee and time-boxed.
A formal, structured evaluation of where AI creates risk across your organization. Each area we examine is scored, and findings past a defined escalation threshold are flagged for mandatory action. The Assessment is delivered as a written report with explicit recommendations and, where applicable, a scoped Installation proposal. It is decision-ready evidence: a document that can be read by your board, your insurer, your auditor, and your counsel.
No Installation is offered without an Assessment.
Tightly scoped installation of the governance system: policy layer, workflow controls, ownership structure, approval and escalation paths, and monitoring mechanisms. We do not write code, configure tools, or run pilots. We define the operating model and install the controls that make it run. The proposal you sign defines exactly what you are getting and what you are not.
Ongoing oversight at a defined cadence. Quarterly reviews against the original scoring. New AI use cases assessed against the same scale. Regulatory and operating-environment changes folded into the model. Continuity is where the discipline compounds and where most of the long-term value of working with us lives. The operating model is designed to hold whether or not we are in the room. Most of the value compounds here.
Every recommendation ties back to a structured score across five areas. The method is consistent across engagements, which means decisions made today can be defended next quarter and the quarter after that.
What is leaking, where, and to whom.
What could go wrong if a decision is wrong or unexamined.
How much real work has come to rely on this.
Whether anyone owns it and whether anyone can audit it.
Whether leadership can see what is happening in time to act.
The five areas combine into a single read that holds up to a board, an auditor, or counsel.
Strategy engagements and the Diagnostic are listed and fixed. The phases that follow are fixed-scope and prepaid, with scope and price set by what the prior phase finds, because the right scope can't be known before it. Pricing is founder-set and not negotiated. We take a limited number of clients each quarter.
Engagement constraints: fixed-scope; prepaid only; no tool building; no workflow execution; no Installation without a prior Assessment; no open-ended retainers; not general business consulting.