AI Governance Playbook
Open search
Academy

AI Guidance Academy

A modular training and governance program for regulated financial organizations. Each track leads to a decision-ready outcome.

Executive track

Board-ready understanding of AI risk, governance, and approval decisions.

Start hereLearning pathsUse-case library

Risk & Compliance track

Controls, EU AI Act alignment, data leakage, and audit evidence.

ControlsEU AI ActData leakGovernance pack

Engineering leadership track

Senior developer operating model, delivery risks, and safe tooling.

Senior dev modelDelivery risksTool comparisonExample lab

Business line track

Department-by-department guidance with examples and red lines.

Business functionsIndustry boundariesMVP examples

Academy outcomes

  • Approved AI use-case list and risk zones
  • Prompt safety rules and governance artifacts
  • Role-based understanding of allowed vs prohibited usage
  • Audit-ready evidence of controls and decisions

Implementation plan

A four-phase rollout that converts learning into governed execution.

Phase 1

Foundation

Open phase plan

Phase 2

Role-Based Academy

Open phase plan

Phase 3

Policy & Evidence Engine

Open phase plan

Phase 4

Enterprise Rollout

Open phase plan

Phase 1 — Foundation (0–6 weeks)

  • Curriculum v1: 6 learning paths (exec, risk, engineering, audit, data leak, EU AI Act)
  • Decision flow v1: Start‑Here wizard + zone outputs + controls checklist
  • Use‑case library v1: 20–30 use cases with risk ratings and deployment guidance
  • Governance pack v1: policy templates + acceptable use matrix + vendor questionnaire
  • Assessment: short quiz per path + completion certificates (PDF/HTML)

Phase 2 — Role‑Based Academy (6–12 weeks)

  • Tracks: Exec, Risk/Compliance, Engineering, Audit/Assurance, Advisory/Tax
  • Role scenarios: “what to approve” + “what to block” + evidence examples
  • Rubrics: approval checklist and red‑flags per role
  • Live evaluation: scenario-based prompts; learners classify and defend decisions
  • Metrics: time‑to‑approval, reduction in unsafe prompts, adoption rate per team

Phase 3 — Policy & Evidence Engine (12–20 weeks)

  • Policy builder: guided generator for AI Use Policy + Prompt Safety Rules
  • Audit evidence trail: store decisions, prompt templates, and approvals
  • Vendor registry: central vendor risk records per model/tool
  • Controls mapping: align controls to EU AI Act, internal risk framework, and ISO/NIST

Phase 4 — Enterprise Rollout (20+ weeks)

  • Certification: internal “AI Approved Practitioner” badge
  • Regulatory readiness: exportable audit packs by business line
  • Continuous updates: quarterly refresh of policy, examples, and tool guidance
  • Benchmarking: compare adoption and risk posture across business lines

Governance model

  • Owner: Risk/Compliance (policy + approvals)
  • Operators: Engineering leadership (controls + enforcement)
  • Advisors: Legal + Data Protection + Audit

Success metrics

  • Approval time per use‑case
  • % staff trained by business line
  • % prompts compliant with policy
  • Reduction in sensitive data leakage incidents
  • Audit readiness score per department

Full roadmap

View the detailed Academy roadmap with phased deliverables and outcomes.

Open roadmap