AI Risk Management Framework
Systematic approach to identifying, classifying, and managing AI-related risks with matrices, controls, escalation procedures, and executive reporting.
3.1 AI Risk Identification
Systematic risk identification is the foundation of effective AI governance. This section establishes the methodology, tools, and responsibilities for identifying AI-related risks across the organisation.
Risk Identification Methodology
The organisation shall apply a structured, repeatable approach to AI risk identification that combines multiple techniques to ensure comprehensive coverage.
- Threat Modelling: Apply STRIDE and AI-specific threat models to identify security risks in AI architectures, data pipelines, and deployment environments.
- Scenario Analysis: Develop plausible scenarios of AI failure, misuse, and adversarial attack. Assess likelihood and impact of each scenario.
- Stakeholder Consultation: Engage with affected stakeholders — including employees, customers, regulators, and civil society — to identify risks that may not be visible to technical teams.
- Control Gap Analysis: Compare existing controls against the requirements of this framework, ISO/IEC 42001, and NIST AI RMF to identify control deficiencies.
- Historical Incident Review: Analyse past AI incidents, both internal and external, to identify recurring patterns and systemic vulnerabilities.
- Vendor & Supply Chain Assessment: Evaluate risks introduced by third-party AI components, APIs, training data, and cloud services.
Risk Register Requirement
All identified risks must be recorded in the AI Risk Register (Template 9.11) within 48 hours of identification. Risks without controls or treatment plans must be escalated to the AI Steering Committee within 5 business days.
3.2 Risk Classification & Taxonomy
AI risks shall be classified according to a standardised taxonomy that enables consistent assessment, reporting, and treatment prioritisation.
Risk Taxonomy
| Category | Description | Examples |
|---|---|---|
| Strategic | Risks to organisational strategy, market position, or competitive advantage | AI misalignment with business strategy, missed AI opportunities, strategic vendor dependency |
| Operational | Risks to day-to-day operations, service delivery, or business processes | Model downtime, API failures, data pipeline breakage, capacity constraints |
| Security | Risks to confidentiality, integrity, or availability of AI systems and data | Prompt injection, model poisoning, data leakage, adversarial evasion, supply chain compromise |
| Compliance | Risks of regulatory breach, legal liability, or contractual non-compliance | Privacy violations, discrimination claims, consumer protection breaches, sectoral regulation |
| Reputational | Risks to brand, customer trust, and stakeholder confidence | AI-generated misinformation, public bias incidents, executive accountability failures |
| Financial | Risks of direct or indirect financial loss | Fraud enabled by AI, incorrect financial decisions, regulatory fines, litigation costs |
| Safety | Risks to human life, health, or physical safety | Autonomous system failures, medical diagnosis errors, safety-critical decision failures |
| Ethical | Risks of moral harm, unfairness, or societal damage | Discriminatory outcomes, exploitation of vulnerable groups, erosion of human agency |
3.3 Risk Matrix & Assessment
All identified AI risks shall be assessed using the standardised risk matrix below. Assessment shall be performed by a qualified risk analyst with input from technical owners, legal counsel, and affected business stakeholders.
Impact Scoring
| Score | Financial | Operational | Reputational | Compliance |
|---|---|---|---|---|
| 1 - Negligible | < $10,000 | Minor inconvenience | No external awareness | No regulatory interest |
| 2 - Minor | $10,000 - $100,000 | Temporary service degradation | Limited internal awareness | Informal regulator query |
| 3 - Moderate | $100,000 - $1,000,000 | Significant service disruption | Media coverage possible | Formal investigation |
| 4 - Major | $1,000,000 - $10,000,000 | Sustained operational failure | National media coverage | Enforcement action likely |
| 5 - Critical | > $10,000,000 | Business continuity threat | International crisis | Criminal or severe regulatory action |
Likelihood Scoring
- 1 - Rare: May occur only in exceptional circumstances (< 1% annual probability)
- 2 - Unlikely: Could occur but is not expected (1-10% annual probability)
- 3 - Possible: Might occur at some time (10-50% annual probability)
- 4 - Likely: Will probably occur in most circumstances (50-90% annual probability)
- 5 - Almost Certain: Expected to occur in most circumstances (> 90% annual probability)
3.4 Risk Appetite Statement
The Board-approved Risk Appetite Statement defines the types and levels of AI risk that the organisation is willing to accept in pursuit of its strategic objectives.
Risk Appetite by Category
| Risk Category | Appetite | Maximum Tolerance | Trigger for Board Escalation |
|---|---|---|---|
| Strategic | Cautious | Major impact / Possible likelihood | Any strategic AI investment > $5M |
| Operational | Moderate | Major impact / Likely likelihood | Sustained service level breach > 4 hours |
| Security | Averse | Moderate impact / Possible likelihood | Any confirmed security incident |
| Compliance | Averse | Minor impact / Likely likelihood | Any regulatory breach or investigation |
| Reputational | Cautious | Major impact / Unlikely likelihood | Any external media coverage of AI incident |
| Financial | Moderate | Major impact / Possible likelihood | Actual or projected loss > $1M |
| Safety | Averse | Negligible impact / Rare likelihood | Any safety-related AI incident |
| Ethical | Cautious | Minor impact / Possible likelihood | Any ethics panel finding of material concern |
Appetite Breach Protocol
When a risk exceeds the defined appetite or maximum tolerance, the Accountable Executive must escalate to the AI Steering Committee within 24 hours. The Steering Committee shall convene within 48 hours to determine treatment, acceptance with Board approval, or termination of the activity.
3.5 Controls & Treatment
Risk treatment follows the standard hierarchy: Eliminate, Substitute, Engineer, Administer, and Personal Protective Equipment (ESAP). AI-specific controls shall be documented in the AI Control Register.
Control Categories
| Control Type | Examples | Responsible Party |
|---|---|---|
| Preventive | Input validation, access controls, bias testing, ethics review, security scanning | Technical Owner, Security Team |
| Detective | Monitoring, alerting, anomaly detection, audit logging, fairness metrics | Operations Team, Data Team |
| Corrective | Incident response, rollback procedures, model retraining, remediation plans | Incident Manager, Technical Owner |
| Directive | Policies, training, standards, guidelines, approval workflows | Governance Team, HR |
| Compensating | Insurance, contractual indemnities, third-party assurances | Risk Manager, Legal |
3.6 Executive Reporting
The AI Risk Report is a standing agenda item for the AI Steering Committee and Board Risk Committee. Reports shall be accurate, timely, and actionable.
Reporting Requirements
| Report | Frequency | Audience | Owner | Content |
|---|---|---|---|---|
| AI Risk Dashboard | Real-time | C-Suite, Committee | CRO / Risk Manager | Open risks, heat map, trend indicators, control status |
| Steering Committee Report | Monthly | AI Steering Committee | Chief Governance Officer | New risks, closed risks, incidents, maturity score |
| Board Risk Report | Quarterly | Board Risk Committee | CRO | Material risks, appetite breaches, strategic implications |
| Incident Flash Report | Within 4 hours | C-Suite, Board | Incident Manager | Incident summary, impact, immediate actions, next steps |
| Annual Risk Review | Annual | Full Board | CRO | Comprehensive risk landscape, emerging threats, strategic recommendations |