How to put a defensible number on your AI risk in five working days.

Most AI risk numbers die the moment someone asks where they came from. The amber dot on the dashboard, the “we’re about 60% mature” line in the steering pack — these survive right up until a board member says “based on what?” and then they evaporate.

A defensible number is different. It has a range, not false precision. Every line traces back to a source. And when someone pushes, you can walk them down the chain — system, classification, control, evidence, exposure — without reaching for a caveat. You don’t need a three-month programme to produce one. You need five focused days and a willingness to write things down honestly.

Here is the method. It assumes you are doing this for one organisation, one business unit, or one significant AI system cluster — not boiling the ocean. Scope tight; you can repeat it.

Hands writing on a governance assessment form — Day one starts with a pen, a form, and the question: what is actually running?

01Day 1 — Inventory the AI systems that actually exist

Not the ones in the strategy deck. The ones running.

Walk the business and list every system that uses AI to make or materially influence a decision: the CV-screening tool, the credit-scoring model, the customer-service classifier, the forecasting engine, the “we added a chatbot” project nobody told governance about. For each, capture four things only: what it does, who owns it, what data feeds it, and whether it makes automated decisions about people.

The output of day one is a register, not an essay. If you finish the day with fifteen systems and an honest note that says “three of these have no named owner,” that absence is already a finding. Most organisations discover on day one that they have more AI in production than anyone could name from memory. That surprise is the point.

02Day 2 — Classify each system for regulatory risk

Now you sort. Under the EU AI Act, every system falls into one of four tiers — prohibited, high-risk, limited-risk, or minimal-risk — and the tier dictates the obligations. A CV-screener is high-risk. A spam filter is minimal. The chatbot is probably limited-risk but carries transparency duties. Misclassify and you either over-spend governing a spam filter or, far worse, under-govern something that decides whether a person gets a job or a loan.

Do the classification deliberately and record the reason, not just the label. “High-risk — used in recruitment, Annex III” is defensible. “High-risk” on its own is a guess wearing a label. The reason is what survives the challenge later.

By the end of day two you know where the obligation actually concentrates. Usually it’s two or three systems carrying most of the regulatory weight. Those are where the rest of your week goes.

03Day 3 — Map controls to evidence (and find the gaps)

This is the day the folder falls apart, and that’s good — better now than in front of an auditor.

For each high-risk system, take the controls that are supposed to apply — human oversight, data quality checks, logging, bias testing, an accountable owner — and for each one ask the only two questions that matter: “Is there a control, and is there evidence it operates?”

You will find four states, and you should mark each honestly:

Controlled and evidenced — control exists, evidence exists, evidence is current. Rare. Treasure it.
Controlled, not evidenced — someone swears it happens; nothing proves it. This is most of them.
Evidence expired — there was proof, eighteen months ago, and nobody renewed it. Counts as a gap.
No control — the requirement exists, the control doesn’t. The honest red.

The deliverable for day three is a coverage view: every required control against every high-risk system, colour-coded by state. The white space is your exposure. You can’t price a risk you haven’t located, and most of day three is locating.

A board-ready financial exposure report showing 1.2M to 1.5M range — The output of day five: a range, not a guess. Sources behind every line.

04Day 4 — Separate inherent risk from residual risk

Here is where a defensible number is actually made, and where most assessments quietly cheat.

For each significant risk, score it twice. Inherent is how bad it is with no controls — the raw exposure if everything you rely on simply wasn’t there. Residual is how bad it remains after the controls you confirmed on day three (only the ones you confirmed — not the ones you wish existed). The distance between those two numbers is the value your governance is delivering. The residual number that’s left is the risk you are actually carrying.

This matters because it stops two failure modes at once. It stops you claiming credit for controls that don’t operate (because day three already deleted those from the maths). And it stops you panicking about inherent risk that is, in fact, well controlled. The board doesn’t need to know how scary the world could be. It needs to know what you’re carrying now, and why.

05Day 5 — Model the financial exposure and write the number down

A risk posture is not yet a number a CFO can use. The final day turns it into money.

Take the residual risks and model their financial weight using inputs the business already trusts — revenue, sector, headcount, the cost of the people whose time leaks into working around a missing control. You are quantifying three things: regulatory exposure (the cost if a high-risk gap is examined), operational leakage (the steady drag of ungoverned processes and duplicated effort), and remediation cost (what closing the priority gaps actually takes).

Then you write it down as a range with the working attached:

A financial exposure report leaning against a concrete block — Premium board-ready. Financial exposure report with the working attached.

Residual AI governance exposure: £1.8m–£2.6m, driven primarily by two uncontrolled high-risk systems and expired evidence on a third. Closing the priority gaps: ~£140k. The kind of statement that survives a board meeting

A range, not a single brittle figure. Sources behind every line. A clear statement of what moves the number down.

That is a defensible number. Not because it’s precise — it isn’t, and pretending otherwise is how numbers die — but because every part of it traces back to something real, and you can walk anyone down the chain without flinching.

Two colleagues discussing the final assessment across a boardroom table — The conversation that follows: walking someone down the chain without flinching.

06What you do with it

Five days gets you from “we have some AI and some policies” to a board-ready figure with the working intact. The structure is deliberately repeatable: rerun it each quarter and the number moves, which means you can finally show governance reducing exposure over time rather than just existing.

This is, more or less, the workflow Govscape automates — the control extraction, the completeness checks, the inherent-versus-residual scoring, the coverage matrix, and the financial model that lands it all in one report. You can absolutely do it by hand the first time; plenty of good consultants do. The platform mostly means you don’t lose three of the five days to formatting, and that the chain stays intact when someone pulls on it six months later.

But the method stands on its own. Scope tight, classify honestly, evidence ruthlessly, score risk twice, and price what’s left. Do that and you’ll walk into the next board meeting with the one thing the amber dot never had: an answer to “based on what?”