The number your board will ask for

Most AI governance is theatre.
We do the math.

The average company is carrying millions in unquantified AI exposure -- sitting on the balance sheet, unnamed, until someone does the arithmetic. Your consultants bill by the report. We bill by the number.

Book a demo Methodology
Average exposure surfaced per assessment
£0
01 · Operational
£820,000
02 · Technology
£480,000
03 · Revenue
£510,000
04 · Risk
£610,000
Total exposure
£2,420,000
Inside the platform

Every AI risk -- owned, scored, evidenced.

AI Governance / Risk RegisterSynced · 6 min ago
AI Governance — 19 active risks

Risk Register

All severitiesOpen · 12
RiskCategorySeverityOwnerScoreStatus
RiskSeverityScoreStatus
Prompt injection
Client Copilot
Securitycritical
DKD. Kapoor
84Open
Training-data provenance
Underwriting Model
Datahigh
RMR. Mensah
71In review
Model drift
Fraud Scoring Engine
Performancehigh
AIA. Ito
68Open
Explainability gap
Credit Decisioning
Governancehigh
MCM. Cole
63Open
Bias in CV screening
TalentAI
Fairnessmedium
SOS. Okafor
52Mitigating
Vendor sub-processor
DocSummary API
Third-partylow
LBL. Bauer
38Accepted
AI Risk Register  •  Live client view
AI Risk Register    Live client view
Why Govscape exists

The compliance industry sells fiction. We are not in that business.

Most AI governance work is sold as a deliverable: a 200-slide assessment, a framework, a dashboard. The artefacts multiply. The questions go unanswered. The bill arrives anyway.

Our position is that the only governance output that survives a board meeting is a number. Not a framework. Not a maturity curve. A number -- with a stated range, sourced lines, and a confidence the room can interrogate. Anything else is colour.

We built Govscape because the firms doing this work are paid to produce reports, not answers. The incentive is to lengthen, not to land. We are the opposite of that: a fixed scope, a working paper, and a number that closes.

Every figure on the page that follows is calculated from a published method. The method is challengeable. The lines are sourced. If a line cannot be defended, it is not on the ledger. That is the whole product.

A consultant and client lead reviewing a working paper together at a laptop
Fig. 01Working paper, page three.
The methodology

Four pillars. One number your board can defend.

Every governance gap maps to a financial pillar. Every pillar carries a calculated range and a stated confidence -- together they sum to the exposure sitting on your balance sheet today.

01
Operational inefficiency
Time and headcount lost to manual governance.
The hours your teams spend collating evidence, reconciling spreadsheets, and answering ad-hoc questions from auditors and counsel.
Metric. Hours per quarter on manual evidence × loaded cost.
02
Technology waste
Spend on tools that overlap, underperform, or sit unused.
Licence sprawl on GRC and AI tooling. Pilots that never reached production. Stacks that duplicate functionality and dilute the audit trail.
Metric. Annual licence cost of overlap × utilisation gap.
03
Revenue leakage
Deals slowed or lost to governance friction.
Procurement reviews that drag past the buying window. Tenders that fail on the security questionnaire. Pipeline closed-lost without a stated reason.
Metric. Pipeline value × probability lost to friction.
04
Risk exposure
Quantified contingent liability from current gaps.
Probability-weighted financial exposure from open control gaps, model risks, and regulatory obligations not yet evidenced.
Metric. Loss probability × impact, across the open register.
01 Operational + 02 Technology + 03 Revenue + 04 Risk = Total Exposure
How we got to £2.4M

The average Govscape assessment, in pounds and pence.

A 600-person professional services firm. Three productive AI use cases. A patchwork of policies. The kind of organisation that tells its board governance is “in flight”.

risk-ledger.govLive
Risk Ledger
Q2 · Worked example
01Operational Inefficiency
£0
02Technology Waste
£0
03Revenue Leakage
£0
04Risk Exposure
£0
Total quantified exposure
£0
Confidence 82%Updated 14h ago

Every line is sourced. Every range is challengeable. The board paper is fifteen pages and survives questioning. That is the deliverable.

Try the model

Put your own numbers in.

A sixty-second taste of the Cost Assessment your board would see. Answer a handful of questions and get an instant exposure range across all four pillars. Nothing is saved -- every figure is calculated in your browser and discarded.

£
£

A directional estimate, not a quote. We don't store anything you enter here -- the full assessment models 30+ inputs line by line.

The engagement

From assessment to action in three steps.

Govscape Cost Assessment view open on a laptop during discovery
01
Discover

A focused two-week discovery. We sit with your operations, technology, finance, and risk leads. We read the existing policies, the open audit findings, and the last four board packs. We leave with the inputs, not the answers.

Govscape Risk Ledger showing quantified exposure on a laptop
02
Quantify

Two weeks of modelling. Every line is calculated from a published method. Every figure carries a sourced range and a stated confidence. The output is a working paper your board can read on a Sunday night.

Govscape Governance Scorecard showing remediation progress on a laptop
03
Remediate

Optional. Where you want help closing the gaps the assessment surfaced, we scope a fixed-price remediation against the working paper. We do not sell the assessment to sell the remediation. The first stands on its own.

The product

Built for the boardroom and the back office.

A clean, archival interface for consultants managing multiple clients. Real-time compliance status, gap tracking, and evidence management -- the same view your CFO reads on a Sunday night.

Dashboard / Risk LedgerAll systems operational
Systemic status — operational

Risk Ledger

31/100Governance score
Controls
22
Mappings
17
Evidence
17
Gaps
11
Exceptions
10
Critical system gapsView all gaps →
Internal Organisation
No evidence linked
critical
Responsibility for Assets
No evidence linked
high
Operational Procedures
No evidence linked
medium
Risk Ledger view  ·  Q2 board-pack export
A consultant filling in a Govscape Cost Assessment on a laptop during discovery
Fig. 05Discovery -- week one.
Govscape Control Gaps view open on a desktop display
Fig. 06Gaps view -- close detail.
Govscape Risk Ledger dashboard on an iMac during board prep
Fig. 07Client review -- board prep.
Sectors

Built for organisations where governance isn't optional.

A financial-services executive working at a laptop with a city skyline behind
Financial services

Where regulators read the working papers, not the dashboard.

A clinician reviewing data on a tablet in a hospital research wing
Healthcare & life sciences

Where AI use cases meet patient data and the margin for error is zero.

A lawyer working at a desktop computer in a calm office
Legal services

Where every AI-assisted decision must survive discovery, privilege, and the duty of care.

Two professional-services advisers reviewing a document at a laptop
Professional services

Where governance is the product, and clients increasingly ask to see yours.

A consultant working at a laptop in a calm, book-lined office overlooking a UK skyline
The outcome

A number your board can defend on a Sunday night.

Average quantified exposure surfaced · £2.4M per assessment

If the math is worth talking about, we should talk.

Tell us about your organisation. We'll arrange a thirty-minute call and bring a worked example built on public information about your sector.

Get in touch
No deck · No questionnaire · No obligation

Frequently asked questions.

How long does a Govscape assessment take?+
A standard Discovery is 30 days end to end. Two weeks of inputs and interviews, two weeks of modelling and writing. We do not extend without a reason a CFO would accept.
Do we need to share sensitive data?+
No raw client data leaves your environment. The model takes anonymised metrics and policy artefacts. Where deeper analysis is needed, our consultants work in your environment under your controls.
Which frameworks do you assess against?+
ISO 27001, NIST CSF and AI RMF, SOC 2 Type II, the EU AI Act, and the sector-specific obligations relevant to your firm. The output is framework-aware, but the figure is what your board reads.
Can Govscape integrate with our existing tools?+
Yes. We read from the GRC, ITSM, and identity systems you already operate. The platform does not replace those tools; it sits above them and produces the figure they cannot.
Who sees the results?+
Your sponsor, the project team you nominate, and us. Nothing is published. Nothing is shared with other clients. The working paper is yours.
What makes Govscape different from a Big Four engagement?+
Fixed scope, fixed price, fixed timeline. A working paper that survives questioning, not a 200-slide deck that does not. And a published method, so the figure on the cover can be argued with on its merits.

Your board is going to ask. Most companies will lie. We make sure you don't have to.

Book a demo

Thirty-minute call. No deck. No discovery questionnaire. We bring a worked example built on public information about your sector. You decide whether the math is worth talking about.

Book a demo

Tell us about your organisation.

We'll come back with a focused next step within one working day.

We usually reply within one working day.