Know exactly where AI is helping, hurting, and hiding in your business — in two weeks, for a fixed fee.
AI is already inside most organisations. Some of it is sanctioned. Some of it is shadow. Some is embedded in vendor tools nobody is watching. This engagement surfaces the full picture.
Built for organisations where AI is already happening
Eight things you get at the end
Everything is written. Nothing is verbal-only. The report stands alone — you can share it internally without us in the room.
Current-state AI map
Every place AI is in use across the business — sanctioned tools, shadow usage, and AI embedded in vendor platforms. One-page diagram plus a structured table. Built from interviews and artefact review, not assumptions.
Risk register
Ranked by likelihood × impact. Covers data leakage, IP exposure, regulatory exposure (EU AI Act and applicable sector rules), vendor concentration, model obsolescence, and reputational risk.
Opportunity shortlist
The top five ranked opportunities with a rough effort-to-value estimate for each. Explicitly not a feasibility study — that is a separate engagement. This is a prioritised list you can act on or use to brief a build team.
Governance gap analysis
What policies, controls, and operating model elements are missing. Benchmarked against a reference framework. Gaps are described in plain terms — what is absent, what risk it carries, and what would close it.
Cost baseline
Estimated current spend on AI tooling — including the spend that sits inside SaaS subscriptions and expense claims rather than a dedicated AI budget line. Most clients are surprised by this number.
90-day action plan
Three to five concrete moves the client should make in the next 90 days — regardless of whether they engage us further. Prioritised by impact. Specific enough to assign an owner to each item.
Executive readout
A 90-minute session with C-level or equivalent. We walk through the findings, field questions, and surface anything that needs immediate attention. Not a presentation — a working session.
Written report
15–25 pages, PDF. Covers all of the above in a format suitable for board-level distribution. No appendix-stuffed templates. Every page earns its place.
Five phases across two weeks
We work around your schedule. Total time commitment from your team is typically four to six hours across the engagement.
Kickoff
Two-hour session with your project sponsor. We align on scope, identify key interview subjects, and confirm the artefacts we need access to. You get a structured brief to share internally.
Discovery interviews
Structured interviews across functions. We follow the AI touchpoints, not the org chart. Six to ten people, 45 minutes each, remote or on-site.
Artefact review
We review existing policies, vendor contracts, tool inventories, and any available usage data. No need to prepare a pack — we work with what exists.
Synthesis
We build the map, risk register, and analysis. One interim check-in to surface any findings that need clarification before the report is finalised.
Readout & report
Final report delivered before the readout session. 90 minutes with your leadership team. You leave the session with a clear picture and a prioritised next step.
Fixed scope. Fixed fee. No surprises.
The engagement is scoped before it starts. You know the deliverables, the timeline, and the cost before you sign anything.
If your situation requires additional scope — more sites, a larger organisation, additional follow-up sessions — we discuss that upfront and adjust accordingly.
Clients who subsequently commission a build engagement receive a credit equal to the audit fee against the build project cost.
- Up to 10 discovery interviews
- Artefact review (policies, contracts, tool data)
- Full written report (15–25 pages)
- Executive readout session (90 min)
- 30-day post-delivery Q&A
A scoping call is free and takes 30 minutes. No obligation.
What this is not
Builder-led, not analyst-led
The audit is run by the same people who build AI systems in production. We've designed orchestration layers, debugged cost overruns, written governance policies, and dealt with the operational failures that follow when none of that happens. The analysis comes from direct production experience — not from reading the same industry reports you have access to.
Every engagement is led personally by the founder. You don't get a junior analyst working from a playbook. You get the person who will answer the awkward questions in the readout session.
Delivered personally by Richard O'Flynn & George Lovejoy.
Twenty years of shipping bespoke production systems together. No associates, no delivery team.
Ready to find out what's actually happening?
A 30-minute scoping call is free. We'll confirm whether the audit is the right engagement for your situation, and give you a clear timeline and cost before you commit to anything.
Common questions
How long does it actually take?
Two weeks from kickoff to final report, assuming reasonable access to the right people. We've run this in ten working days with organisations that move fast. If you have a specific deadline — board meeting, regulatory review — tell us during the scoping call and we'll design accordingly.
What do you need from our team?
A project sponsor with authority to open doors internally. Access to six to ten people across functions for 45-minute interviews. Access to any existing AI policies, vendor contracts, and tool inventories — even if incomplete or informal. We don't need you to prepare anything in advance. We work with what exists.
How do you handle sensitive data and confidentiality?
We sign an NDA before the engagement starts. You can specify the form or use ours. We don't retain copies of your internal documents after the engagement closes. The report is yours — we don't publish, reference, or reuse findings without explicit written permission. Interview notes are not shared externally in any form.
Does this convert into a build engagement?
Often, yes. The opportunity shortlist gives us a natural starting point for scoping build work. If you commission a build project with us within six months of the audit, the audit fee is credited in full against the build project cost. There is no obligation to continue — roughly a third of audit clients take a follow-on engagement, and we tell the others what we think they should do instead.
Can this be done remotely?
Yes. All discovery interviews can run over video call. The kickoff and readout sessions can also be remote. If you'd prefer on-site for either, we can accommodate that — travel is charged at cost. Most clients do the full engagement remotely with no loss of quality.
We already have an AI policy. Do we still need this?
Policy and reality rarely match, especially in fast-moving organisations. An existing policy tells us what the rules say. The audit tells us what's actually happening. In our experience, the gap between the two is where the real risk sits. If your policy is thorough and your usage is fully governed, the audit will confirm that quickly and the report reflects it.