AIONFabio Aulico

Practitioner's Toolkit · Included with the book

The working documents.

Most governance programmes produce reports about what should exist. These produce the things that should exist. Five templates — one per phase of the 90-day Executive Action sprint — designed to be filled in, signed off, and kept.

The toolkit ships with Govern or Fail. Each template is a real working document: the AI inventory your business units fill in, the ownership register your board reviews, the minimum viable policy your technical owner signs, the board slide your governance lead presents. Not slides about governance. The governance.

Being finalised for launch — register below to receive your copy first

Template A

Book

Business Unit AI Inventory Survey

A structured survey for business unit leads to self-report AI systems in use. Covers system name, purpose, vendor, data sources, and governance status. Designed to be sent by the governance team during the Inventory phase (weeks 1–2) of the 90-day sprint.

  • System name and version
  • Business unit and primary function
  • System purpose and decisions made
  • Vendor / technology stack
  • Data sources accessed
  • Estimated volume of decisions per month
  • EU AI Act risk category (self-assessed)
  • Current governance status

Template B

Book

AI System Record

The canonical record for a single AI system in your governance registry. One record per system. Maintained by the technical owner; reviewed by the business owner quarterly.

  • System ID and slug
  • Business owner (name, role, contact)
  • Technical owner (name, role, contact)
  • Purpose and decision scope
  • Data inputs and classification
  • Documented constraints
  • Technically enforced constraints
  • Confidence threshold
  • Escalation path
  • EU AI Act classification
  • Monitoring status and last audit date
  • Review frequency and next review date

Template C

Book

Minimum Viable Policy

A one-page governance policy for a single AI system. The MVP: enough control to move from Reckless to Controlled. Drafted by the governance team; approved by the business owner.

  • System in scope
  • Policy owner and effective date
  • Permitted uses
  • Prohibited uses and hard limits
  • Data boundary specification
  • Confidence threshold and escalation trigger
  • Escalation procedure (step by step)
  • Change control process
  • Review schedule
  • Signatures (business owner, technical owner)

Template D

Book

AI Ownership Register

The master register of all AI systems and their named owners. Maintained by the governance function; reviewed at board level quarterly. The operational output of the Inventory phase.

  • System name and ID
  • Business unit
  • Business owner
  • Technical owner
  • EU AI Act risk category
  • Governance status (Reckless / Controlled / Governed)
  • Last review date
  • Next review date
  • Open issues

Template E

Book

Board Report Slide Outline

A five-slide structure for executive-level AI governance reporting. Designed for quarterly board or executive committee use. Covers portfolio health, risk exposure, compliance posture, and 90-day priorities.

  • Slide 1: AI Portfolio Overview — system count, risk distribution, maturity score
  • Slide 2: Governance Incidents — count, severity, resolution status
  • Slide 3: Compliance Readiness — EU AI Act status, audit-ready percentage
  • Slide 4: Velocity and Value — deployments completed, deployment time trend
  • Slide 5: 90-Day Priorities — top 3 governance actions with owners and dates