AI Risk Universe Matrix

Example selection export: AI Risk Discovery Session Working Paper

A reduced public example showing how AIRUM turns broad AI risk coverage and a selection step into a pre-discovery working paper.

10example AI Risks
Demofictional finance workflow
v3.2.1PASS WITH CAVEATS
Pre-discoverynot audit assurance

Demo scope context

Audit modeDedicated AI audit preparation
Discovery maturityPre-discovery, assumptions still need confirmation
Demo processACME Finance AI-enabled reporting workflow
Known AI useConfirmed use of AI-assisted classification, summarization, and variance explanation
Selected AI risk familiesGovernance, data management, lifecycle controls, security, accountability
Lifecycle treatmentKeep future lifecycle risks visible until the auditee confirms the actual operating stage

How to use this working paper in discovery

1. AI Ambition-Feasibility Mismatch

Direct candidateAI Strategy & Value Mgmt.

AIRUM family
1. AI Strategy & Value Mgmt. / Strategic Planning
Risk description
Pursuing disruptive AI ambitions without the requisite technology maturity, data readiness, or organizational buy-in, leading to project failure.
Why this appears
The demo selection includes this risk because it is part of the same 10-risk source-backed subset used on the Explore page and can be tested against the fictional Finance AI-enabled reporting workflow during pre-discovery.
Expected controls
AI strategy feasibility and readiness review: Require each material AI ambition, roadmap item, or major use case to document business objective, feasibility assumptions, data/process readiness, capability gaps, funding, accountable owner, and decision gate before investment approval.
Control objective
Confirm AI ambitions are achievable, resourced, and aligned to realistic organizational readiness before commitments are made.
Control summary

AI strategy feasibility and readiness review

Objective: Confirm material AI ambitions, roadmap items, and major use cases are achievable, resourced, and aligned to organizational readiness before funding or commitment.

Description: Require each material AI ambition or major AI initiative to document business objective, intended purpose, feasibility assumptions, technology and data readiness, organizational buy-in, capability/resourcing gaps, accountable owner, funding model, risk assumptions, decision rights, and approval gate before investment approval.

Applicable control audit procedure

Evaluate AI strategy feasibility and readiness review

Trace the control for AI strategy feasibility and readiness review from the event, decision, or cadence that triggers it through execution, review, exception handling, and retained evidence. Use the control objective as the reference point.

Open full Applicable Control Details

Discovery questions
Is this risk relevant to the ACME Finance AI-enabled reporting workflow? Who owns the related control or decision? What evidence would show that the expected control is designed and operating? What exceptions, incidents, or open decisions should be followed up?
Evidence to request
AI strategy or use-case approval, feasibility/readiness assessment, funding or resourcing decision, business case, and decision-gate evidence.
Source basis
Gartner; ISO/IEC 42001 (Context of Org); NIST AI RMF: MAP 1.1, MAP 1.2

2. Lack of Clear Accountability

Direct candidateAI Organization & Culture

AIRUM family
2. AI Organization & Culture / Roles & Responsibilities
Risk description
Roles for AI development, oversight, and "human-in-the-loop" decision rights are not clearly defined, leading to responsibility gaps.
Why this appears
The demo selection includes this risk because it is part of the same 10-risk source-backed subset used on the Explore page and can be tested against the fictional Finance AI-enabled reporting workflow during pre-discovery.
Expected controls
AI accountability and RACI control: Assign documented business, technical, risk, data, model, vendor, and control owners for each material AI system, including decision rights and escalation paths.
Control objective
Make AI ownership, decision accountability, and control responsibility explicit and testable.
Control summary

AI accountability, RACI, and decision-rights control

Objective: Make AI ownership, decision accountability, and control responsibility explicit, communicated, and testable for material AI systems.

Description: Define, approve, communicate, and maintain accountable owners, responsible parties, consulted/informed stakeholders, escalation paths, and decision rights for material AI systems across business decisions, technical/model operation, AI risk management, data quality, human oversight, vendor management, control execution, monitoring, and issue remediation.

Applicable control audit procedure

Analyze AI accountability, RACI, and decision-rights control

Trace the control for AI accountability, RACI, and decision-rights control from the event, decision, or cadence that triggers it through execution, review, exception handling, and retained evidence. Use the control objective as the reference point.

Open full Applicable Control Details

Discovery questions
Is this risk relevant to the ACME Finance AI-enabled reporting workflow? Who owns the related control or decision? What evidence would show that the expected control is designed and operating? What exceptions, incidents, or open decisions should be followed up?
Evidence to request
RACI, role descriptions, approval route, escalation path, training evidence, governance forum minutes, and accountability sign-off.
Source basis
Gartner; MITRE: Org Structure; ISO/IEC 42001 (Roles A.3.2); NIST AI RMF: GOVERN 2.1, GOVERN 2.3

3. Missing AI Inventory

Baseline governanceAI Governance & Risk

AIRUM family
3. AI Governance & Risk / Policy & Framework
Risk description
Failure to maintain a complete, current inventory of AI systems, models, use cases, automations, and owners prevents risk classification, oversight, monitoring, and compliance.
Why this appears
The demo selection includes this risk because it is part of the same 10-risk source-backed subset used on the Explore page and can be tested against the fictional Finance AI-enabled reporting workflow during pre-discovery.
Expected controls
AI system inventory control: Maintain a complete and periodically reconciled AI inventory capturing owner, purpose, process, data, vendor, classification, lifecycle stage, and control status for material AI use.
Control objective
Ensure AI use is visible, owned, classified, and available for risk management and audit scoping.
Control summary

AI system inventory and reconciliation control

Objective: Ensure AI systems, models, use cases, automations, owners, lifecycle stages, vendors, data/resource dependencies, classifications, and governance/control status are visible, current, and available for risk management, oversight, and audit scoping.

Description: Maintain a complete, current, periodically reconciled AI inventory/catalog covering material AI use, including AIS name, version, license/cost where relevant, deployment/access method, purpose/intended use, frequency of use, stakeholders, accountable owner, business/process owner, model/use-case linkage, data/tooling/system/human resources, vendor/third-party details, classification/risk status, lifecycle stage, approval/control status, monitoring status, and decommissioning status. Refresh at least annually and when intake, procurement, architecture, project, release, technical-discovery, survey, or interview evidence indicates new or changed AI use.

Applicable control audit procedure

Review AI system inventory and reconciliation control

Trace the control for AI system inventory and reconciliation control from the event, decision, or cadence that triggers it through execution, review, exception handling, and retained evidence. Use the control objective as the reference point.

Open full Applicable Control Details

Discovery questions
Is this risk relevant to the ACME Finance AI-enabled reporting workflow? Who owns the related control or decision? What evidence would show that the expected control is designed and operating? What exceptions, incidents, or open decisions should be followed up?
Evidence to request
AI governance framework, AI inventory extract, vendor/control assessment, policy mapping, ownership record, and review forum minutes.
Source basis
Gartner; ISO/IEC 5338; ISO/IEC 42001 (Resources A.4.2); NIST AI RMF: MAP 2.1, MANAGE 1.1

4. Sensitive Data Disclosure & Inference

Specialist overlayAI Data Management

AIRUM family
4. AI Data Management / Privacy & Security
Risk description
Exposure of PII/IP via Model Inversion, Membership Inference, or memorization of sensitive training data.
Why this appears
The demo selection includes this risk because it is part of the same 10-risk source-backed subset used on the Explore page and can be tested against the fictional Finance AI-enabled reporting workflow during pre-discovery.
Expected controls
Sensitive-data protection for AI control: Apply data minimization, access control, masking, prompt/output safeguards, inference-risk review, logging, and privacy/security testing for AI systems handling sensitive or confidential data.
Control objective
Prevent unauthorized disclosure, leakage, or inference of sensitive information through AI systems.
Control summary

AI sensitive-data protection and disclosure prevention

Objective: Prevent unauthorized disclosure, retention, reproduction, or exposure of sensitive, confidential, or personal data through AI training, tuning, retrieval, prompts, outputs, logs, and connected data sources.

Description: Define and operate AI data-use rules covering data classification, approved data purposes, minimization, masking/tokenization/redaction, least-privilege access to training/retrieval/runtime data, restrictions on sensitive prompt/output content, retention/deletion expectations, logging without sensitive-data sprawl, and exception handling for systems that process PII, IP, trade secrets, credentials, health/financial records, or other confidential data.

Applicable control audit procedure

Examine AI sensitive-data protection and disclosure prevention

Trace the control for AI sensitive-data protection and disclosure prevention from the event, decision, or cadence that triggers it through execution, review, exception handling, and retained evidence. Use the control objective as the reference point.

Open full Applicable Control Details

Discovery questions
Is this risk relevant to the ACME Finance AI-enabled reporting workflow? Who owns the related control or decision? What evidence would show that the expected control is designed and operating? What exceptions, incidents, or open decisions should be followed up?
Evidence to request
Data lineage diagram, data-quality checks, source-system owner confirmation, access/retention settings, AI input/output handling evidence, and exception reports.
Source basis
OWASP LLM Top 10: LLM06; OWASP ML Top 10: ML03, ML04; ISO/IEC 42001 (Privacy B.7.2); NIST AI RMF: MEASURE 2.7, MANAGE 2.4

5. Inadequate Verification & Validation

Lifecycle itemAI Engineering & Lifecycle

AIRUM family
5. AI Engineering & Lifecycle / Development & Deployment
Risk description
Failure to rigorously test AI models for accuracy, robustness, bias, and security prior to deployment, leading to performance failures.
Why this appears
The demo selection includes this risk because it is part of the same 10-risk source-backed subset used on the Explore page and can be tested against the fictional Finance AI-enabled reporting workflow during pre-discovery.
Expected controls
AI verification and validation control: Define and execute independent validation before release, including acceptance criteria, test data, performance, robustness, bias, security, limitations, and approval evidence.
Control objective
Confirm AI systems meet intended requirements and risk tolerances before operational reliance.
Control summary

AI verification, validation, and release acceptance control

Objective: Confirm AI systems meet documented requirements, trustworthiness criteria, risk tolerance, and intended-use expectations before operational reliance or release.

Description: Define, document, and execute AI verification and validation measures before release, including acceptance criteria, test data selection and representativeness, model/system performance, robustness, safety, bias/fairness, security/resilience where applicable, limitation handling, anomaly resolution, release criteria, and approval evidence.

Applicable control audit procedure

Validate AI verification, validation, and release acceptance control

Trace the control for AI verification, validation, and release acceptance control from the event, decision, or cadence that triggers it through execution, review, exception handling, and retained evidence. Use the control objective as the reference point.

Open full Applicable Control Details

Discovery questions
Is this risk relevant to the ACME Finance AI-enabled reporting workflow? Who owns the related control or decision? What evidence would show that the expected control is designed and operating? What exceptions, incidents, or open decisions should be followed up?
Evidence to request
Validation plan, test results, acceptance criteria, release approval, limitation statement, monitoring evidence, and model/change documentation.
Source basis
ISO/IEC 5338 (Verification); ISO/IEC 42001 (Control A.6.2.4); MITRE: Test & Evaluation; NIST AI RMF: MEASURE 1.1, MEASURE 2.6

6. Prompt Injection & Input Manipulation

Specialist overlayAI Security & Malicious Use

AIRUM family
6. AI Security & Malicious Use / Adversarial Threats
Risk description
Crafting adversarial inputs to manipulate model behavior, bypass filters, or execute unauthorized actions.
Why this appears
The demo selection includes this risk because it is part of the same 10-risk source-backed subset used on the Explore page and can be tested against the fictional Finance AI-enabled reporting workflow during pre-discovery.
Expected controls
Prompt-injection and input-manipulation defense control: Test and mitigate prompt injection and malicious input scenarios using input validation, instruction hierarchy, retrieval/tool isolation, output constraints, monitoring, and user education.
Control objective
Reduce the likelihood that hostile inputs override AI instructions, expose data, or trigger unauthorized actions.
Control summary

Adversarial input and prompt-injection defense control

Objective: Reduce the likelihood and impact of hostile or manipulated inputs overriding AI instructions, bypassing safeguards, exposing data, misclassifying content, or triggering unauthorized actions.

Description: Design, test, monitor, and improve defenses against prompt injection and input manipulation, including input/output validation, instruction hierarchy hardening, untrusted-content segregation, retrieval/tool isolation, least-privilege tool execution, human approval for high-risk actions, adversarial/stress testing, monitoring, and response procedures.

Applicable control audit procedure

Validate Adversarial input and prompt-injection defense control

Trace the control for Adversarial input and prompt-injection defense control from the event, decision, or cadence that triggers it through execution, review, exception handling, and retained evidence. Use the control objective as the reference point.

Open full Applicable Control Details

Discovery questions
Is this risk relevant to the ACME Finance AI-enabled reporting workflow? Who owns the related control or decision? What evidence would show that the expected control is designed and operating? What exceptions, incidents, or open decisions should be followed up?
Evidence to request
Security test evidence, prompt/input handling controls, monitoring logs, incident procedure, access configuration, and exception handling records.
Source basis
OWASP LLM Top 10: LLM01; OWASP ML Top 10: ML01; Gartner; NIST AI RMF: MANAGE 2.5, MEASURE 2.6

7. Inadequate or Missing AI Governance Framework

Baseline governanceAI Governance & Risk

AIRUM family
3. AI Governance & Risk / Policy & Framework
Risk description
The organization lacks a formalized AI risk and compliance framework (or the existing one is insufficient) to manage obligations.
Why this appears
The demo selection includes this risk because it is part of the same 10-risk source-backed subset used on the Explore page and can be tested against the fictional Finance AI-enabled reporting workflow during pre-discovery.
Expected controls
AI governance framework control: Establish and periodically review an AI governance framework covering policy, roles, risk appetite, lifecycle controls, inventory, classification, monitoring, incidents, and reporting.
Control objective
Provide a coherent management system for governing AI risks across the organization.
Control summary

AI governance framework and management system

Objective: Provide a coherent, documented, accountable, risk-based management system for governing AI obligations, risks, controls, lifecycle activities, and reporting across the organization.

Description: Establish, implement, maintain, periodically review, and continually improve an AI governance framework covering mandate and scope, AI policy, roles and decision rights, risk appetite/tolerance, AI inventory and classification, lifecycle controls, legal/regulatory obligation management, impact/risk assessment, third-party responsibilities, monitoring, incidents/concerns, exceptions, and management/governance reporting.

Applicable control audit procedure

Evaluate AI governance framework and management system

Trace the control for AI governance framework and management system from the event, decision, or cadence that triggers it through execution, review, exception handling, and retained evidence. Use the control objective as the reference point.

Open full Applicable Control Details

Discovery questions
Is this risk relevant to the ACME Finance AI-enabled reporting workflow? Who owns the related control or decision? What evidence would show that the expected control is designed and operating? What exceptions, incidents, or open decisions should be followed up?
Evidence to request
AI governance framework, AI inventory extract, vendor/control assessment, policy mapping, ownership record, and review forum minutes.
Source basis
Gartner; MITRE: Governance; ISO/IEC 42001 (Clause 4.4, A.2); NIST AI RMF: GOVERN 1.1, GOVERN 2.1

8. AI Supply Chain & Third-Party Risk

Baseline governanceAI Governance & Risk

AIRUM family
3. AI Governance & Risk / Legal & Compliance
Risk description
Vulnerabilities in the AI supply chain, including compromised third-party models, training data, or ambiguity in vendor contracts.
Why this appears
The demo selection includes this risk because it is part of the same 10-risk source-backed subset used on the Explore page and can be tested against the fictional Finance AI-enabled reporting workflow during pre-discovery.
Expected controls
AI third-party risk management control: Assess AI vendors, models, datasets, plugins, APIs, and service providers for security, privacy, resilience, transparency, contractual, and monitoring requirements before and during use.
Control objective
Control AI-related dependencies and supplier risks across the lifecycle.
Control summary

AI supplier and external-component due diligence

Objective: Assess AI vendors, external models, datasets, APIs, plugins, and service providers before and during use.

Description: Apply a standalone control for the third-party/vendor branch of unmanaged acquisition risk; do not make it the primary control because unmanaged use also includes internal builds, pilots, embedded features, and end-user tools outside procurement.

Applicable control audit procedure

Analyze AI supplier and external-component due diligence

Trace the control for AI supplier and external-component due diligence from the event, decision, or cadence that triggers it through execution, review, exception handling, and retained evidence. Use the control objective as the reference point.

Open full Applicable Control Details

Discovery questions
Is this risk relevant to the ACME Finance AI-enabled reporting workflow? Who owns the related control or decision? What evidence would show that the expected control is designed and operating? What exceptions, incidents, or open decisions should be followed up?
Evidence to request
AI governance framework, AI inventory extract, vendor/control assessment, policy mapping, ownership record, and review forum minutes.
Source basis
OWASP LLM Top 10: LLM05; OWASP ML Top 10: ML06; ISO/IEC 42001 (Suppliers A.10.3); NIST AI RMF: MANAGE 1.3, MAP 2.3

9. Metadata & Lineage Management Failure

Specialist overlayAI Data Management

AIRUM family
4. AI Data Management / Data Quality
Risk description
Failure to manage technical metadata, lineage, and data/model documentation as operational infrastructure, weakening traceability, reproducibility, explainability, and internal governance over data and model dependencies.
Why this appears
The demo selection includes this risk because it is part of the same 10-risk source-backed subset used on the Explore page and can be tested against the fictional Finance AI-enabled reporting workflow during pre-discovery.
Expected controls
Data lineage and provenance control: Capture and maintain data origin, transformations, ownership, quality checks, access history, and lineage for datasets used in material AI systems.
Control objective
Make AI data traceable, explainable, and auditable across collection, preparation, use, and change.
Control summary

AI data lineage, provenance, and metadata control

Objective: Make data used by material AI systems traceable, explainable, reproducible, and auditable across collection, preparation, use, change, and retirement.

Description: Define and operate a lifecycle process to record data origin, acquisition/selection rationale, transformations, ownership, data quality checks, labels/enrichment, update/retirement status, lineage flows, dependencies, and metadata for datasets used to develop, test, validate, deploy, or operate material AI systems.

Applicable control audit procedure

Analyze AI data lineage, provenance, and metadata control

Trace the control for AI data lineage, provenance, and metadata control from the event, decision, or cadence that triggers it through execution, review, exception handling, and retained evidence. Use the control objective as the reference point.

Open full Applicable Control Details

Discovery questions
Is this risk relevant to the ACME Finance AI-enabled reporting workflow? Who owns the related control or decision? What evidence would show that the expected control is designed and operating? What exceptions, incidents, or open decisions should be followed up?
Evidence to request
Data lineage diagram, data-quality checks, source-system owner confirmation, access/retention settings, AI input/output handling evidence, and exception reports.
Source basis
Gartner; ISO/IEC 5338; ISO/IEC 42001 (Provenance A.7.5); NIST AI RMF: MAP 2.3

10. Hallucinations (Confabulation)

Direct candidateSocietal & Ethical Impact

AIRUM family
7. Societal & Ethical Impact / Reliability & Trust
Risk description
The model produces factually incorrect results that users accept as truth, compromising decision-making and eroding trust.
Why this appears
The demo selection includes this risk because it is part of the same 10-risk source-backed subset used on the Explore page and can be tested against the fictional Finance AI-enabled reporting workflow during pre-discovery.
Expected controls
AI output accuracy and grounding control: Require grounding, source citation where feasible, confidence/limitation disclosure, human review for material outputs, and testing of hallucination-prone workflows.
Control objective
Reduce reliance on fabricated, inaccurate, or unsupported AI outputs.
Control summary

AI output accuracy, grounding, and validation control

Objective: Reduce reliance on fabricated, inaccurate, or unsupported AI outputs in material workflows.

Description: For hallucination-prone or material AI outputs, define expected accuracy/assurance criteria, ground outputs in approved sources where feasible, disclose known limitations, require human or expert review for material decisions, test outputs under deployment-like conditions, and monitor accuracy/performance issues after deployment.

Applicable control audit procedure

Evaluate AI output accuracy, grounding, and validation control

Trace the control for AI output accuracy, grounding, and validation control from the event, decision, or cadence that triggers it through execution, review, exception handling, and retained evidence. Use the control objective as the reference point.

Open full Applicable Control Details

Discovery questions
Is this risk relevant to the ACME Finance AI-enabled reporting workflow? Who owns the related control or decision? What evidence would show that the expected control is designed and operating? What exceptions, incidents, or open decisions should be followed up?
Evidence to request
Output review checklist, source-grounding evidence, rejected-output examples, reviewer sign-off, incident/quality log, and user guidance.
Source basis
Gartner; MITRE: Robust & Reliable; MIT AI Risk Rep: 3.1; NIST AI RMF: MEASURE 2.3

Assurance Boundary

This example shows the shape of an AIRUM output, not the complete method. A real AIRUM export may include more candidate AI Risks, richer rationale, source basis, applicability prompts, and evidence-pack details. Those details are intentionally reduced here.

AIRUM is a pre-discovery preparation aid. It does not decide audit scope, assess control effectiveness, calculate residual risk, provide legal or compliance advice, verify every source and control rationale end-to-end for public release, deliver source-perfect evidence, or provide final audit workpapers without engagement-specific tailoring.