AI Readiness Audit Framework
1. Introduction & Purpose
An AI Readiness Audit is a structured assessment that evaluates an organisation’s capability and maturity across five key dimensions required for successful AI adoption. It is not a technology audit — it is a strategic assessment of your organisation’s preparedness to adopt, govern, and sustain artificial intelligence safely and effectively.
This framework defines the methodology used by AI-Si Consultancy in all AI Readiness Audit engagements. It sets out the assessment dimensions, scoring criteria, audit process, and output deliverables. It is intended for use by boards, senior leadership teams, and IT/operations leaders who are either planning an AI programme or evaluating the success of an existing one.
AI Readiness Audit is a systematic evaluation methodology that identifies where an organisation stands today, where it needs to be to deploy AI effectively, and what specific actions will close the gap — typically delivered within 48 hours as a rapid assessment.
2. Scope of Assessment
The AI Readiness Audit framework applies to the following organisational contexts:
SMEs (10–500 employees)
Full-spectrum audit covering strategic, operational, and technical readiness. Focused on identifying highest-value AI opportunities relative to available resources.
Public Sector Bodies
Audit addresses additional regulatory obligations including GDPR, FOI compliance, Public Sector Equality Duty, and procurement rules specific to public bodies.
Existing AI Deployments
Retrospective audit of live AI systems — assessing governance maturity, risk management practices, and alignment with current UK regulatory requirements.
The audit does not include technical code review, penetration testing of AI systems, or vendor procurement assessment (covered separately under Vendor Selection services).
3. The Five Dimensions of AI Readiness
AI-Si’s audit methodology evaluates organisational readiness across five interconnected dimensions. Each dimension is scored independently on a 1–5 maturity scale, and the combined profile determines an overall AI Readiness Score and prioritised action roadmap.
| Dimension | What It Assesses | Key Questions |
|---|---|---|
| 1. Strategic Alignment | Whether AI use cases are aligned with business objectives and leadership is committed to AI adoption. | Is there a board-level AI strategy? Have use cases been prioritised by ROI? Is there executive sponsorship? |
| 2. Data Infrastructure | The quality, accessibility, and governance of data required to train and operate AI systems. | Is data clean, labelled, and structured? Are data pipelines documented? Is there a data owner? |
| 3. Governance & Compliance | Whether governance structures, policies, and regulatory compliance frameworks are in place for AI. | Is there an AI use policy? Is GDPR compliance assessed for AI data use? Are audit trails maintained? |
| 4. Technology & Infrastructure | The organisation’s technical capability to deploy, integrate, and maintain AI systems. | What is the current tech stack? Is cloud infrastructure available? Are APIs in place for integration? |
| 5. Workforce & Culture | Staff AI literacy, change readiness, and the presence of internal AI champions. | Have staff received AI training? Is there resistance to AI? Are there internal AI advocates? |
4. Maturity Scoring Scale
Each dimension is scored on a 1–5 scale. Scores are weighted by strategic priority for each organisation and combined into an overall AI Readiness Index.
| Score | Maturity Level | Description | Typical Next Step |
|---|---|---|---|
| 1 — Initial | Not Ready | No formal processes. Ad-hoc or absent in this dimension. | Foundation-building required before any AI deployment. |
| 2 — Developing | Early Stage | Some awareness and activity but inconsistent and undocumented. | Formalise existing practices; establish ownership. |
| 3 — Defined | Progressing | Documented processes exist and are followed for most activities. | Extend and automate existing processes; begin pilot deployments. |
| 4 — Managed | AI-Ready | Processes are monitored, measured, and consistently applied. | Scale existing AI use cases; expand to additional departments. |
| 5 — Optimising | Advanced | Continuous improvement culture. AI embedded in core operations. | Focus on advanced AI capabilities; governance and leadership. |
An AI Readiness Index score of 3.0 or above across all five dimensions indicates the organisation is ready to begin AI implementation with appropriate governance structures in place. Scores below 3.0 in any dimension indicate a prerequisite gap that must be addressed before deployment.
5. Audit Process & Delivery
The AI Readiness Audit follows a structured five-stage process, typically completed within 48 hours for SMEs. Public sector engagements may extend to 5–7 working days depending on organisational complexity and stakeholder availability.
Pre-Audit Information Gathering (Hours 1–4)
Structured questionnaire covering current technology stack, existing AI tools in use, data assets, governance policies, and strategic objectives. Completed by designated stakeholders before the on-site or remote assessment day.
Leadership Interviews (Hours 4–12)
Structured interviews with CEO/MD, operations lead, IT lead, and HR lead. Each session focuses on one or two assessment dimensions. Interviews run 45–60 minutes each. Remote delivery via video conference available.
Technical & Data Review (Hours 12–24)
Review of existing data infrastructure, current software systems, API availability, and integration points. Documentation review of any existing AI policies, data governance frameworks, or previous AI assessments.
Analysis & Scoring (Hours 24–36)
Dimensional scoring across all five areas. Identification of quick wins (deployable within 30 days), medium-term priorities (3–6 months), and strategic longer-term opportunities. ROI modelling for top three use cases.
Report & Roadmap Delivery (Hours 36–48)
Delivery of written AI Readiness Report including: AI Readiness Index score, dimensional breakdown, prioritised roadmap, governance requirements checklist, and recommended next steps. Presented in board-ready format.
6. Audit Outputs & Report Structure
The AI Readiness Audit delivers a comprehensive written report plus a structured verbal debrief session. All outputs are provided in editable formats suitable for internal distribution and board presentation.
Written Report Contents
- Executive Summary (2 pages, board-ready)
- AI Readiness Index scorecard with dimension breakdown
- Gap analysis — current state vs AI-ready benchmark
- Prioritised opportunity roadmap (30/90/180 day)
- Governance requirements checklist
- ROI projections for top three AI use cases
- Recommended service engagement proposal
Supporting Materials
- PowerPoint presentation version for board use
- AI use case scoring spreadsheet
- Governance requirements checklist (editable)
- Data readiness self-assessment tool
- Vendor evaluation criteria template
- 60-minute debrief call with Simon Steggles
- 30-day post-report Q&A access
7. Governance Requirements Framework
The audit identifies governance requirements specific to your organisation’s AI ambitions. These requirements are structured across four governance domains and form the basis of any subsequent governance implementation work.
Policy & Documentation
AI Use Policy, Acceptable Use Guidelines, Data Classification Policy, AI Incident Response Procedure, and AI Ethics Statement requirements.
Regulatory Compliance
UK GDPR Article 22 (automated decision-making), ICO AI guidance compliance, EU AI Act readiness assessment (for organisations trading in EU), and sector-specific obligations.
Oversight Structures
AI Steering Committee requirements, accountability mapping, escalation pathways, AI audit trail obligations, and human oversight mechanisms for high-risk AI use.
Vendor & Third-Party
AI vendor due diligence checklist, contractual requirements for AI suppliers, data processing agreement obligations, and AI tool approval process requirements.
Training & Awareness
Minimum AI literacy requirements by role, mandatory security awareness training for AI tool users, and champion programme requirements for organisations above 50 staff.
Monitoring & Review
AI system performance monitoring obligations, bias and fairness review schedules, governance policy review cycles, and trigger events requiring reassessment.
8. Confidentiality & Data Handling
All information gathered during an AI Readiness Audit engagement is handled in strict confidence in accordance with AI-Si’s Privacy Policy and applicable UK GDPR obligations.
Data We Collect
Organisational structure information, technology inventory, data infrastructure details, governance documentation, financial performance indicators, and strategic plans shared during the audit process.
How We Handle It
All audit data is stored in encrypted, UK-based storage. No client data is shared with third parties. Information is retained for 12 months post-engagement unless otherwise agreed, then securely deleted.
A Mutual Non-Disclosure Agreement (MNDA) is available upon request prior to the commencement of any audit engagement. All AI-Si staff and associates involved in the audit process are bound by confidentiality obligations.
9. Document Control
| Version | Date | Changes | Approved By |
|---|---|---|---|
| 1.0 | March 2024 | Initial framework document published | Simon Steggles |
| 2.0 | September 2024 | Added EU AI Act readiness dimension; updated scoring criteria; expanded governance domain section | Simon Steggles |
| 2.1 | February 2026 | Updated regulatory references; added public sector-specific scope section; revised maturity descriptions | Simon Steggles |
This document is reviewed and updated at minimum annually, or following material changes in UK AI regulation or best practice guidance. For the most current version, refer to ai-si.com/ai-readiness-audit-framework/
Commission an AI Readiness Audit
Receive your organisation’s AI Readiness Report within 48 hours. Includes a prioritised roadmap, governance requirements, and ROI projections — delivered in board-ready format.
BOOK YOUR FREE AI STRATEGY DISCUSSION NOW