Practice 1 — Risk Intelligence
RiskLens produces the RiskLens Assessment — the document your insurer uses to condition coverage, your investment committee uses to decide, and your board uses to authorise the AI strategy.
Two variants, one methodology
The same evaluation methodology, calibrated to deliverable format and timeline.
For operating companies.
You are preparing for an insurance renewal, a board question, a transaction, or a regulatory inquiry. Four to eight weeks. Board-ready document.
For PE firms, strategic acquirers, lenders, and R&W insurers.
You are evaluating an AI-exposed target. Two to four weeks. IC-grade memo.
What we evaluate
The same methodology applies to both variants.
What agents and models are in operation, the provenance of data and models, third-party AI exposure.
The maximum exposure each agent's authority creates within the human-intervention horizon. If an agent has access to a procurement API, how much capital is exposed in 60 seconds before a human intervenes?
The risk that corrupted internal data degrades agent decisions — distinct from external attack. The failure mode underweighted in current AI risk frameworks.
Quebec Loi 25, federal C-27 / AIDA, OSFI, AMF, and applicable sector-specific obligations.
Policies in place, decision rights, review cadences, operating processes — are they documented, staffed, running?
Where risk evolves as AI deployment expands. The Assessment is a starting point; the score is calibrated against trajectory.
Why start here
Boards demand a strategy, not a policy
The document approved at the board is an investment plan with risk-adjusted numbers — not a presentation about AI opportunities.
Every downstream decision depends on this one
Compliance scope, control infrastructure, response retainers — everything that follows is calibrated on what RiskLens identifies. Without RiskLens, later stages optimise the wrong programme.
The Agentic Risk Score is an audit and insurance artifact
Cyber insurers, SOC 2 auditors, and R&W insurers increasingly require AI governance documentation. The score serves all three — plus the board.
How we work
Four to eight weeks for the default variant, depending on portfolio size and stakeholder access. Two to four weeks for the diligence variant — deal timelines are tight and we meet them.
For internal engagements: a full Assessment document plus a standalone board-ready executive summary. For diligence engagements: an IC-grade memo, a red-flag report, and an R&W appendix.
Yes. Diligence engagements typically coordinate with counsel on R&W mapping. Internal engagements coordinate with external auditors on compliance implications.
The investment plan identifies initiatives that proceed. From there, compliance scope falls to ComplianceCore, and infrastructure attestation falls to GuardLayer. Each stage is scoped separately — no bundled engagement.
All engagements run under confidentiality agreements. For diligence work, we coordinate with your counsel on information-barrier procedures as needed.
A 30-minute call to scope a RiskLens engagement — internal AI investment strategy or transaction diligence.