How long does the audit actually take to complete?

For an SME, 48 hours from the start of the engagement to the delivery of the written report. That timing assumes the pre-audit questionnaire is completed before the assessment day and that the four leadership interviews can be scheduled inside the first twelve hours. Public sector engagements typically extend to five to seven working days because the regulatory review (FOI, PSED, procurement compliance) and the wider stakeholder set take longer to work through. The 48-hour SME model is designed to fit around an executive team's existing diary.

What does the readiness score actually tell us?

It tells you whether you are ready to begin AI implementation, where the gaps are, and which gaps need closing first. An overall AI Readiness Index of 3.0 or above across all five dimensions indicates the organisation is ready to begin implementation with appropriate governance in place. Any dimension below 3.0 is a prerequisite gap that should be addressed before deployment. The dimensional breakdown is more useful than the headline number — it tells the board exactly where to invest readiness work and in what order.

Do we need to fix every gap before starting any AI work?

No. The audit produces a 30, 90 and 180-day roadmap that sequences the work realistically. Critical gaps in governance and compliance need to close before any AI touches personal data or makes decisions affecting people. Gaps in workforce literacy can run in parallel with a low-risk pilot. The point of the maturity scoring is to allow proportionate response — heavy investment where the risk is real, lighter touch where it is not. Trying to bring every dimension to a 5 before any deployment is itself a failure mode.

How is this different from a general business consultancy review?

A general consultancy review tends to produce a strategic narrative without testable assertions. The AI Readiness Audit produces a numerical scorecard, a documented gap analysis, a governance checklist and ROI projections for specific use cases. It uses a defined methodology that has been versioned and reviewed (current version 2.1, February 2026) so the same organisation audited twice would get a consistent result. It is also explicitly a precursor to delivery, not a standalone exercise — the outputs feed directly into the AI Project Engagement Framework if you choose to proceed.

What happens to the report after delivery?

It is yours. The written report, supporting spreadsheets and editable checklists are provided in formats you can distribute internally and put in front of a board. A 60-minute debrief call with Simon Steggles is included to walk through the findings, and you have 30-day post-report Q&A access for follow-up questions as the report lands with the executive team. Most clients use the report to justify the next phase of investment and to brief their DPO, IT lead and audit committee on the readiness baseline.

Is there an obligation to engage AI-Si.com for the implementation work after the audit?

No. The audit deliberately produces a board-ready set of artefacts that any competent implementation partner could work from. Most clients do choose to continue with AI-Si.com because the audit naturally leads into the AI Project Engagement Framework and the team already understands their context. But the report is structured so the choice remains genuinely open. To discuss commissioning an audit, call Simon on 07973 210 895 for a 30-minute consultation.

Executive Resources · for UK SME leaders

AI Readiness Audit Framework

An AI Readiness Audit is a structured assessment of an organisation's ability to adopt, govern and sustain AI safely and effectively. AI-Si.com's framework scores readiness across five dimensions — strategic alignment, data infrastructure, governance and compliance, technology and infrastructure, and workforce and culture — on a 1–5 maturity scale. The audit is typically delivered within 48 hours for SMEs and produces a board-ready report with a readiness score, gap analysis, prioritised roadmap, governance checklist and ROI projections for the top three use cases.

What an AI Readiness Audit is

An AI Readiness Audit is a structured assessment that evaluates an organisation's capability and maturity across the five dimensions required for successful AI adoption. It is not a technology audit. It is a strategic assessment of preparedness to adopt, govern and sustain AI safely and effectively.

It identifies where the organisation stands today, where it needs to be to deploy AI effectively, and what actions will close the gap. Delivered in 48 hours for SMEs, the audit is the standard precursor to any implementation engagement and is also used retrospectively on live AI deployments where the original governance was thin.

What it prevents

Poor AI outcomes rarely start with the model. They start with weak governance, poor data, lack of leadership ownership, unclear use cases or staff resistance. By the time the model underperforms, the cause is usually upstream and the cost is already substantial.

The audit is built to stop wasted spend, failed pilots, vendor lock-in and compliance debt before they spread. The cheapest moment to fix a readiness gap is before it has been built into a deployment.

Scope of assessment

The framework applies in three contexts, each with a slightly different emphasis. The same five dimensions are scored in each case; what changes is the depth of the regulatory review.

Out of scope are technical code review, penetration testing of AI systems, and vendor procurement assessment. These are handled under separate AI-Si.com services.

SMEs (10–500 employees): full-spectrum audit covering strategic, operational and technical readiness, focused on identifying highest-value AI opportunities relative to available resources.
Public sector bodies: audit addresses additional regulatory obligations including UK GDPR, FOI compliance, the Public Sector Equality Duty and procurement rules specific to public bodies.
Existing AI deployments: retrospective audit of live AI systems, assessing governance maturity, risk management practices and alignment with current UK regulatory requirements.

The five readiness dimensions

Each dimension is scored independently on a 1–5 maturity scale. The combined profile determines an overall AI Readiness Score and a prioritised action roadmap. The five dimensions are interconnected — a high score on technology will not compensate for a low score on governance, and vice versa.

Dimension	What it assesses	Key questions
1. Strategic Alignment	Whether AI use cases are aligned with business objectives and leadership is committed to AI adoption.	Is there a board-level AI strategy? Have use cases been prioritised by ROI? Is there executive sponsorship?
2. Data Infrastructure	The quality, accessibility and governance of data required to train and operate AI systems.	Is data clean, labelled and structured? Are data pipelines documented? Is there a data owner?
3. Governance & Compliance	Whether governance structures, policies and regulatory compliance frameworks are in place for AI.	Is there an AI use policy? Is GDPR compliance assessed for AI data use? Are audit trails maintained?
4. Technology & Infrastructure	The organisation's technical capability to deploy, integrate and maintain AI systems.	What is the current tech stack? Is cloud infrastructure available? Are APIs in place for integration?
5. Workforce & Culture	Staff AI literacy, change readiness and the presence of internal AI champions.	Have staff received AI training? Is there resistance to AI? Are there internal AI advocates?

Maturity scoring scale

Each dimension is scored on a 1–5 scale and weighted by strategic priority for the organisation, then combined into an overall AI Readiness Index. An Index score of 3.0 or above across all five dimensions indicates the organisation is ready to begin AI implementation with appropriate governance structures in place. Scores below 3.0 in any dimension indicate a prerequisite gap that should be addressed before deployment.

Score	Maturity level	Description	Typical next step
1 — Initial	Not Ready	No formal processes. Ad-hoc or absent in this dimension.	Foundation-building required before any AI deployment.
2 — Developing	Early Stage	Some awareness and activity but inconsistent and undocumented.	Formalise existing practices. Establish ownership.
3 — Defined	Progressing	Documented processes exist and are followed for most activities.	Extend and automate existing processes. Begin pilot deployments.
4 — Managed	AI-Ready	Processes are monitored, measured and consistently applied.	Scale existing AI use cases. Expand to additional departments.
5 — Optimising	Advanced	Continuous improvement culture. AI embedded in core operations.	Focus on advanced AI capabilities, governance and leadership.

Audit process and delivery

The audit follows a structured five-stage process, typically completed within 48 hours for SMEs. Public sector engagements may extend to five to seven working days depending on organisational complexity and stakeholder availability.

Hours 1–4 — Pre-audit information gathering: structured questionnaire on technology stack, AI tools in use, data assets, governance policies and strategic objectives, completed by designated stakeholders before assessment day.
Hours 4–12 — Leadership interviews: structured sessions with CEO or MD, operations lead, IT lead and HR lead. Each session focuses on one or two assessment dimensions. Remote delivery via video conference is supported.
Hours 12–24 — Technical and data review: existing data infrastructure, software systems, API availability, integration points, and any prior AI policies or assessments.
Hours 24–36 — Analysis and scoring: dimensional scoring across all five areas; identification of quick wins, medium-term priorities and longer-term opportunities; ROI modelling for the top three use cases.
Hours 36–48 — Report and roadmap delivery: written AI Readiness Report including readiness score, dimensional breakdown, roadmap, governance checklist and recommended next steps in board-ready format.

Audit outputs

The audit delivers a written report plus a structured verbal debrief. All outputs are provided in editable formats suitable for internal distribution and board presentation.

The written report contains an executive summary (two pages, board-ready), the AI Readiness Index scorecard with dimension breakdown, a gap analysis (current state versus AI-ready benchmark), a prioritised opportunity roadmap (30, 90 and 180-day view), the governance requirements checklist, ROI projections for the top three AI use cases, and a recommended service engagement proposal.

Supporting materials include a PowerPoint presentation version for board use, an AI use case scoring spreadsheet, an editable governance requirements checklist, a data readiness self-assessment tool, a vendor evaluation criteria template, a 60-minute debrief call with Simon Steggles, and 30-day post-report Q&A access.

Governance requirements framework

The audit identifies governance requirements specific to your organisation's AI ambitions. These requirements are structured across six governance domains and form the basis of any later governance implementation work. They are not a generic checklist — they are produced from the gaps the audit actually surfaces in your context.

Policy and documentation: AI Use Policy, Acceptable Use Guidelines, Data Classification Policy, AI Incident Response Procedure, AI Ethics Statement.
Regulatory compliance: UK GDPR Article 22, ICO AI guidance compliance, EU AI Act readiness where relevant, sector-specific obligations.
Oversight structures: AI Steering Committee requirements, accountability mapping, escalation paths, audit trail obligations, human oversight for high-risk use.
Vendor and third-party: AI vendor due diligence checklist, contractual requirements, data processing agreement obligations, AI tool approval process design.
Training and awareness: minimum AI literacy requirements by role, mandatory security awareness training, champion programme requirements for larger teams.
Monitoring and review: AI performance monitoring obligations, bias and fairness review schedules, governance review cycles, trigger events for reassessment.

Confidentiality and data handling

All information gathered during an audit is handled in strict confidence in accordance with AI-Si.com's Privacy Policy and applicable UK GDPR obligations. Audit data is stored in encrypted, UK-based storage. No client data is shared with third parties. Information is retained for 12 months post-engagement unless otherwise agreed, then securely deleted.

A Mutual Non-Disclosure Agreement is available on request before the audit begins. All AI-Si.com staff and associates involved in delivery are bound by confidentiality obligations.

Take the next step

Want help applying this to your organisation? Use the resource below or book a 30 minute strategy call with Simon — no pitch, just practical advice.

Download sample report

Frequently asked questions

Related resources

Executive Resources

Find Out Where AI Can Save or Generate Money in Your Organisation

Book a free 30-minute call with Simon. Bring a real problem — staff time, governance worry, vendor proposal, failing pilot — and leave with a concrete first step you can take next week.

07973 210 895