Assurance Intelligence

Why the assessment is defensible.

Governance assurance is not built on opinions. It is built on evidence. The NJ4AI assessment framework evaluates governance through documented controls, observable evidence, accountability structures, and framework alignment — to produce a consistent, defensible view of governance readiness.

The score summarises the evidence. The score is not the evidence.

What is measured. Governance, in practice.

What is measured

The substance of governance — not a questionnaire.

Accountability

Who owns AI governance — and who answers for it.

Governance ownership

Named roles, mandates, and decision rights.

Policies

The written rules that govern AI use and data.

Controls

The mechanisms that put policy into practice.

Evidence

The proof that controls actually operate.

Supplier oversight

Due diligence and assurance over third parties.

Monitoring

How issues are detected and reviewed over time.

Audit readiness

Whether it would hold up under inspection.

What evidence is required. Proof, not assertions.

The foundation

Enterprise buyers trust evidence.

An assessment is only as defensible as what sits beneath it. These are the kinds of artefacts the assessment draws on — the things a buyer, auditor, or regulator can actually inspect.

Documented

Policies

AI-use policy, data-handling policy, acceptable-use.

Maintained

Registers

AI-system inventory, risk register, processing records.

Recorded

Approval records

Sign-offs for high-impact systems and changes.

Demonstrable

Training evidence

Staff awareness and role-specific training logs.

Verified

Supplier assessments

Completed third-party AI due-diligence.

Inspectable

Audit artefacts

Logs, reports, and trails an auditor can review.

How it is evaluated. Evidence leads.

How evidence is evaluated

Weighted toward proof.

We assess how strong the evidence is, how well controls are documented, and how that maps to the frameworks that apply to you. Evidence leads. A control that is documented but not evidenced counts for materially less than one backed by proof. The detailed weighting is proprietary; the principle is not.

Primary driverEvidence strength

Secondary driverControl documentation

Supporting driverFramework mapping

One logic. Many obligations.

How consistency is maintained

Assess once. Answer many.

One assessment logic

Many frameworks.

One artefact

Many obligations.

Your evidence is assessed once, through one consistent logic — then mapped to every framework that applies. The same artefact answers many obligations at once. See the frameworks we map to →

Human oversight. Not fully automated.

Human in the loop

A person stands behind the assessment.

The assessment is not fully automated. Human review remains part of assurance.

Tooling brings consistency and scale; a qualified reviewer validates the findings, weighs the evidence, and stands behind the conclusion. That is what regulators, procurement teams, and compliance functions expect — and it is what makes the result defensible.

Why it holds. Evidence first.

Why the assessment is defensible

From evidence to assurance.

Evidence → Assessment → Score → Assurance

The score is the output. Evidence is the foundation.

From awareness to engagement

What would your governance position look like today?

Tell us what you're preparing for. We scope the assessment to your in-scope systems and the frameworks that apply, and respond within two working days.

Request a governance assessment → See what the score looks like

See a full sample Governance Assurance Report →

Prefer email? info@notjust4.ai