AI Governance, End to End
From standards to frameworks, processes, tools and the interconnected risk domains. Training built for risk, GRC, audit and compliance teams. A governance lens at every step, no model internals.
One curriculum, cut for the room
Every format follows the same running case: a vendor GenAI claims-triage tool at a fictional Australian insurer, taken from intake to a post-deployment drift incident.
Executive Session
AI is already in your organisation. The question is governance: what regulators now expect, why agentic AI changes what boards approve, and the questions that make diligence defensible.
- The AI landscape: how it arrives, how it fails
- Strategy, appetite and the governance connection
- Regulatory expectations: APRA, ASIC, Privacy Act
- Operating model, accountability and board literacy
Practitioner Course: The Core
One use case, end to end, with your own hands. The morning builds the system view; the case then runs through classification, impact assessment and risk rating in two full passes.
- The AI landscape for risk professionals
- Standards & regulation, plus a mapping exercise
- The AI use-case lifecycle: the spine
- AI risk assessment in practice, rating defended
Practitioner Course: End to End
The complete curriculum: twelve blocks, seven hands-on case passes, and the ten client-ready templates to govern AI where you work. Detailed below.
- Morning, the system: landscape to lifecycle
- Afternoon, the case: assessment to roadmap
- Interconnected domains: ERM, cyber, third party
- Artefact pack: ten templates leave with you
AI Governance, End to End.
One day. One deliberately engineered AI use case. Your risk, GRC, audit and compliance team takes a vendor GenAI tool from intake to a post-deployment incident, and leaves with the ten templates to govern AI where they work. Governance lens at every step; no model internals. Expand any block for the full detail.
Seven hands-on passes through one running case: a vendor GenAI claims-triage tool, followed from intake to a live drift incident. Everything that goes wrong at the end was planted at the beginning.
The artefact pack
Ten client-ready templates: registers, impact assessment, taxonomy, KRIs, vendor due diligence, board paper, 90-day roadmap.
Assessment craft
Classify, assess and rate a realistic vendor AI use case, then defend the rating in plenary. Calibration included.
A plan, not a folder
A maturity self-score, three committed next steps, and the 90-day sequence to act on them.

Kashif M. Qadir
ISO/IEC 42001 AI Lead Auditor and enterprise risk professional with two decades across AI governance, cyber, resilience, third-party risk, enterprise risk and audit, across all three lines of defence, in APRA-regulated and ASX-listed environments.
Kashif translates AI standards into governance that works in practice: he has stood up and run enterprise AI governance programs and councils, assessed and assured 100+ AI use cases, embedded vendor-AI risk across thousands of suppliers, and trained 3,000+ people, from boards to frontline teams, in large organisations.
AI governance programs, stood up end to end
Established enterprise AI governance in large organisations: strategy, policy, committee charters, councils and escalation paths, aligned to ISO/IEC 42001, NIST AI RMF and the Australian AI Ethics Principles, and run through to real proceed or hold decisions.
AI use-case assessment at scale
Designed and operated a four-lens intake and impact-assessment model covering business value, feasibility, risk and trust, and change impact: surfacing high-harm cases, assigning decision thresholds, and generating registers, assessments and governance review plans.
Training that changes behaviour
Delivered AI, cyber and risk training to 3,000+ people across boards, executive teams, risk functions and frontline staff, including awareness uplifts that measurably improved enterprise metrics.
Vendor AI and regulated environments
Embedded third-party and vendor AI risk into procurement at scale, with risk-scoring and due diligence applied to thousands of suppliers, in APRA-regulated and ASX-listed settings.
Bring this to your team
Run in-house for your organisation, or join a public session. Tell us who the room is and we will recommend the format.