AI Governance Register

Chief Risk & Compliance Officer · Auditor-grade register of every AI system in production — risk-tiered, compliance-mapped, oversight-tracked
AS-OF: 2026-06-25 · Q2 AUDIT CYCLE
AI Systems in Production
47
across 9 departments
High / Critical Risk
6
require exec sign-off
Human-Oversight Coverage
92%
of decisions reviewed
Open Findings
11
3 critical · 5 high · 3 med
Models Due Re-Audit
4
review window closing

AI System Register

12 of 47 shown Click row → audit card
ID System Name Owner / Dept Purpose Risk Tier Data Sensitivity Compliance HITL Last Audit Next Review

Open Governance Findings

11 open · Click row → remediation
Severity Finding Age System Owner Status

Human-Oversight Coverage

% decisions reviewed

Compliance Framework Status

Click tile → detail
Q2 COMPLIANCE POSTURE — KEY DATES
2026-07-01 GDPR retention backlog deletion (SYS-004 — 24-mo purge scheduled)
2026-07-07 Bias audit deadline — SYS-006 Hiring Screener · CRO escalation if missed
2026-07-10 EU AI Act legal opinion due — SYS-010 Fraud Engine Art. 5 scope review
2026-07-14 SYS-010 Fraud Engine re-audit window · GDPR Art. 22 DPIA required
2026-07-15 SYS-003 Patient Intake — next review; EU AI Act FRIA due 2026-08-01
2026-08-02 EU AI Act enforcement date — high-risk provisions apply · 3 FRIAs still open
2026-09-01 DPA review · GDPR processing register update · next DPO attestation cycle
Field Guide
For the Chief Risk, Compliance & Legal Officers

01 How to use this dashboard

  • Start with the KPI strip. "High/Critical Risk: 6" and "Open Findings: 11" are your pre-meeting brief. If either number moved since last week, read those rows first.
  • Triage by risk tier. CRITICAL rows demand board-level sign-off and a 30-day remediation deadline. HIGH rows must have a named owner and plan within 7 days. Click any row to see the full audit card.
  • Compliance tiles are the quarterly gate. A tile below 80% controls-met blocks deployment of new AI in that scope. EU AI Act is the watch item — 71% is near the line.
  • Oversight coverage drives the CISO's quarterly attestation. Any department below 80% requires an exception memo before AI decisions are actioned.
  • Use findings as the remediation backlog. Each finding has an owner, age, and status. Sort by age to surface the longest-running gaps first — regulators will.
  • PHI and PII rows are the audit priority. Clinical and patient-facing AI systems carry HIPAA liability — any HITL = "No" on a PHI system is an immediate escalation.

02 Agent walkthrough

Agent walkthrough — coming soon
Four AI agents walk the CRO, CCO, and Legal leads through this register — narrating risk exposure, open findings, and quarterly compliance posture.

03 In context — sample feed

Live Governance Events Sample Feed
2026-06-25
08:14 UTC
SYS-003 · Patient Intake AI — HITL override triggered by nurse reviewer; model confidence below threshold (0.61). Escalated to attending. PHI
2026-06-24
23:47 UTC
FND-004 · Procurement AI — Remediation plan submitted by Ops · GDPR data-minimization gap moved to "In Progress" status.
2026-06-24
17:02 UTC
SYS-001 · Revenue Forecasting — Quarterly re-audit completed. SOC 2 controls verified · Risk tier held at HIGH · next review set 2026-09-24.
2026-06-24
11:33 UTC
EU AI Act · Annex III mapping — Legal team flagged SYS-003 (Patient Intake) as likely High-Risk under Article 6. FRIA initiated. Deadline 2026-08-01.
2026-06-23
15:20 UTC
SYS-008 · Clinical Note Transcription — Model version bump from v2.1→v2.3 approved by CCO. Shadow mode activated; PHI redaction audit passed 100%.
2026-06-22
09:05 UTC
FND-001 · Critical Finding — SYS-006 (Hiring Screener) bias audit overdue by 18 days. CRO escalation sent to CHRO. Remediation deadline: 2026-07-07.
2026-06-21
14:48 UTC
SOC 2 Type II controls — AI access-log completeness check passed for 41 of 47 systems. 6 systems pending log-forwarding config. Owner: Infra team.
AI Governance Register · staas.fund/dashboards/ai-audit/governance-register/ · Illustrative demo data · Not legal advice · as of 2026-06-25