AI Governance Review

Do you know how AI is being used across your organisation — and whether your governance is keeping pace?

An AI Governance Review gives boards and executive teams an independent, evidence-based view of AI use, governance gaps, and risk exposure across their organisation.

Is Your Organisation's AI Use Outpacing Its Governance?

Artificial intelligence is being adopted across New Zealand organisations at pace. Staff are using AI tools to draft documents, analyse data, support customer interactions, and automate decisions — often without formal policies, defined accountability, or board-level visibility.

For boards and executive teams, this creates a governance gap that carries real consequences. Regulatory exposure under the Privacy Act 2020, reputational risk from AI generated errors or bias, and liability arising from undisclosed AI use in decision making are no longer theoretical risks. They are emerging in organisations across the public and private sectors right now.

An AI Governance Review from Ethos Advisory gives your board an independent, structured view of where your organisation stands — and what needs to change.

What an AI Governance Review Involves

The Ethos Advisory AI Governance Review is an independent assessment aligned to ISO/IEC 42001, the international standard for AI management systems. It is designed specifically for New Zealand boards and senior leadership teams who need a clear, jargon free picture of their AI governance position.

The review covers four areas:

AI Usage Mapping

We identify where AI tools and systems are currently in use across your organisation — including tools adopted informally at team level that may not be visible to leadership. Shadow AI use is one of the most common governance blind spots we encounter.

Governance Structures and Accountability

We assess whether your board and executive team have the oversight mechanisms, roles, and accountability structures in place to govern AI responsibly. This includes reviewing whether AI decisions can be traced, challenged, and explained.

Policies, Controls and Data Handling

We evaluate existing AI policies — or identify the absence of them — against recognised standards including ISO/IEC 42001 and New Zealand’s Privacy Act 2020. Most organisations we assess have either no AI policy, or a policy that addresses operational guidance but not governance.

Risk Exposure Analysis

We identify specific operational, legal, and reputational risks arising from current AI use and governance gaps, and assess the organisation’s exposure in the context of its sector, size, and stakeholder obligations.

What Your Board Receives

At the conclusion of the review, you receive:

An independent AI governance assessment report written for board-level consumption

Clear identification of governance gaps, risks, and their likely consequences

Practical, prioritised recommendations for governance structures, policies, and controls

A board-ready briefing document outlining key findings and proposed next steps

Alignment guidance against ISO/IEC 42001 and applicable New Zealand regulatory requirements

The report is designed to be read and acted on by directors and executives — not handed to IT.

Who This Service Is For

The AI Governance Review is appropriate for New Zealand organisations where one or more of the following applies:

  • AI tools are in use across teams without central oversight or a governing policy
  • The board wants independent assurance on AI risk exposure before broader AI adoption
  • A governance gap has been identified — by internal audit, a regulator, or the board itself
  • The organisation is subject to obligations under the Privacy Act 2020, sector-specific regulation, or public accountability requirements
  • Leadership wants to understand their position relative to ISO/IEC 42001 before committing to a full implementation programme

Why Ethos Advisory

Ethos Advisory is an independent AI governance and risk advisory practice serving boards and executive teams across New Zealand and Australia. We work exclusively at the governance and risk layer — we do not sell AI tools, implementation services, or capability training. Our role is to give your board an honest, independent assessment.

Our frameworks reference NIST AI RMF, ISO/IEC 42001, the New Zealand Privacy Act 2020, and Māori Data Sovereignty principles under He Waka Hiringa.

Start with an AI Policy Assessment

Understand your organisation’s AI risk before it becomes a board problem.

Arrange a Confidential Discussion
Scroll to Top