Risk Flags
Track missing owners, approval gaps, documentation gaps, duplicate tools, policy exceptions, contract gaps, and usage anomalies.
Total Risk Flags
11
High Risk
3
Medium Risk
6
Low Risk
2
Ready for Findings
5
Risk Flags
8 of 8 active governance issues requiring review
| Flag | Tool / Provider | Department | Issue Type | Severity | Evidence Status | Status | Recommended Action |
|---|---|---|---|---|---|---|---|
| Usage increased 39% from prior month | OpenAI API | Marketing | Usage Increase >25% | High | Partial | Open | Review business purpose and approval evidence |
| Business owner not assigned | Claude API | IT | Missing Owner | High | Missing | Open | Assign accountable owner |
| Approval evidence not documented | ChatGPT Team | Finance | Missing Approval | Medium | Partial | In Review | Attach approval record or ticket |
| No documented business purpose | Midjourney | Creative | No Business Purpose | Medium | Missing | Open | Document use case and owner approval |
| Duplicate AI capability identified | Gemini Workspace | Operations | Duplicate Tool | Low | Partial | Monitoring | Compare overlap with Microsoft Copilot |
| Contract renewal date missing | Claude API | IT | Contract Gap | Medium | Missing | Open | Obtain contract or vendor record |
| Policy exception not reviewed | AWS Bedrock | Data Analytics | Policy Exception | Medium | Partial | In Review | Route exception for management review |
| High-cost tool with weak evidence | OpenAI API | Marketing | High Cost / Weak Evidence | High | Partial | Open | Perform detailed usage and approval review |
Risk Flag Review Notes
2 of 5 steps completed
- Validate ownership for high-risk toolsDone
- Confirm approval evidence for tools in active usePending
- Review usage increases greater than 25%Done
- Confirm business purpose for high-cost toolsPending
- Identify risk flags ready to convert into audit-style findingsPending
Sample data only. Built as an independent AI governance workflow and reporting prototype. This demo does not provide legal advice, compliance certification, audit assurance, or regulatory assurance.