Do you have a named accountable owner (or committee) for AI risk and compliance, with documented responsibilities and escalation routes?

Is an AI risk assessment required before production release and before any material change (new model, new data, new decision context)?

Do you have a written AI acceptable-use and secure AI engineering standard that is communicated and enforced (including contractors)?

Is your AI risk register reviewed on a defined cadence by governance stakeholders (security, privacy, legal/compliance, product/engineering)?

Do executives/board receive periodic AI risk reporting (KPIs, top risks, incidents, audit results, remediation status)?

Is there periodic independent assurance (internal audit/second line or equivalent) over AI controls and risk management?

Do you publish (or provide to customers) a clear statement of your responsible AI / AI governance commitments and how you operationalise them?