A tailored course, built for your situation
Enterprise-Class AI Vendor Risk Assessment for Risk-Adverse Boards
A 12-module implementation-grade course for business and technology leaders navigating board-level AI governance
The situation this course is for
AI vendor decisions are being elevated to the boardroom, yet teams often rely on checklists that don't address model provenance, third-party liability, or long-term compliance drift. This creates friction, delays, and erodes trust in technical leadership.
Who this is for
Business and technology professionals responsible for AI governance, vendor risk, compliance, or technology strategy who need to deliver credible, board-ready assessments.
Who this is not for
This course is not for engineers seeking hands-on coding labs or vendors promoting their own tools. It is not an introductory overview of AI ethics.
What you walk away with
- Apply a structured framework to assess AI vendors across 12 risk dimensions
- Translate technical risk findings into executive-ready board summaries
- Negotiate vendor contracts with embedded risk mitigations
- Build repeatable assessment workflows that scale across the organization
- Anticipate and respond to board-level questions with confidence
The 12 modules (with all 144 chapters)
- From innovation oversight to risk stewardship
- Key drivers of board-level AI inquiry
- Regulatory signals shaping governance appetite
- Case study: Board intervention in AI procurement
- Defining the scope of board accountability
- Mapping board questions to risk domains
- The rise of the AI risk committee
- Balancing innovation speed and governance rigor
- Engagement models between board and technical teams
- Benchmarking governance maturity across sectors
- Signals that trigger deeper board involvement
- Preparing the first AI risk briefing for directors
- What makes AI risk different from traditional IT risk
- Model lifecycle risks from training to decommissioning
- Data provenance and lineage in third-party models
- Bias, fairness, and unintended outcomes
- Model drift and performance degradation
- Explainability requirements across use cases
- Geopolitical risks in AI supply chains
- Intellectual property and model ownership
- Third-party dependency risk stacking
- Incident response for AI-enabled systems
- Reputational risk from AI failures
- Insurance and liability coverage gaps
- NIST AI RMF: Core principles and application
- ISO/IEC 42001 and its role in vendor contracts
- SOC 2 for AI: Limitations and extensions
- Customizing frameworks for organizational context
- Weighting risk domains by business impact
- Integrating AI risk into existing vendor management
- Third-party audit readiness for AI vendors
- Using control maturity models for scoring
- Benchmarking against peer organizations
- Adapting frameworks for high-regulation sectors
- Mapping controls to board reporting needs
- Versioning and updating assessment frameworks
- What a model card should include
- Assessing data provenance and annotation practices
- Evaluating training data representativeness
- Detecting red flags in model performance claims
- Understanding evaluation methodology transparency
- Third-party model auditing feasibility
- Version control and update transparency
- Model decommissioning and sunset policies
- Human oversight mechanisms in model operation
- Incident reporting and model rollback procedures
- Assessing model card completeness scores
- Requesting supplemental documentation
- Data flow mapping in AI vendor systems
- Consent and lawful basis for training data
- Cross-border data transfer mechanisms
- Right to deletion and model retraining
- PIA and DPIA integration with AI procurement
- Anonymization and synthetic data use
- Data minimization in model design
- Vendor access to customer data
- Subprocessor transparency and control
- Breach notification timelines and obligations
- Data subject request fulfillment processes
- Auditing data practices post-contract
- Adversarial attacks on machine learning models
- Model inversion and membership inference risks
- Secure model deployment and inference
- API security for AI services
- Model poisoning and training data attacks
- Zero-trust integration with vendor systems
- Incident response playbooks for AI breaches
- Penetration testing AI interfaces
- Secure update and patching cycles
- Monitoring for anomalous model behavior
- Encryption of models and data in transit and at rest
- Third-party vulnerability disclosure policies
- Defining model performance guarantees
- Service level objectives for AI systems
- Liability for harmful model outputs
- Indemnification for IP and compliance failures
- Right to audit and inspection clauses
- Exit strategies and data portability
- Model retraining and drift correction obligations
- Change control and version notification
- Subcontractor approval processes
- Termination for ethical or risk violations
- Dispute resolution for model performance
- Insurance requirements for AI vendors
- Defining fairness metrics for specific use cases
- Bias testing across demographic groups
- Fairness in training data sampling
- Vendor accountability for discriminatory outcomes
- Ethics review boards and oversight
- Stakeholder consultation practices
- Handling edge cases and vulnerable populations
- Transparency in ethical trade-offs
- Redress mechanisms for affected individuals
- Monitoring for disparate impact post-deployment
- Auditing fairness claims with third parties
- Documenting ethical risk acceptance
- Integration complexity and technical debt
- Monitoring and observability capabilities
- Vendor support response times and SLAs
- Documentation quality and accessibility
- Training and knowledge transfer
- Single points of failure in vendor architecture
- Disaster recovery and business continuity
- Model performance under load
- Scalability and usage limits
- Customization vs. configuration trade-offs
- Vendor roadmap alignment with business needs
- Long-term sustainability of vendor business
- GDPR and AI: Automated decision-making rules
- CCPA and opt-out rights for profiling
- NYDFS and financial services AI rules
- EU AI Act: High-risk classification and obligations
- Sector-specific regulations (healthcare, finance, education)
- Accessibility requirements for AI interfaces
- Truth-in-advertising for AI capabilities
- Export controls on AI technologies
- Workplace surveillance and employee rights
- Children's data and AI interactions
- Political and electoral use restrictions
- Preparing for upcoming AI legislation
- Structuring the AI risk dashboard
- Visualizing risk exposure trends
- Narrative framing for risk tolerance
- Scenario planning for board discussion
- Presenting vendor risk comparisons
- Linking AI risk to strategic objectives
- Defining escalation triggers
- Reporting frequency and format
- Engaging non-technical directors
- Balancing transparency and confidentiality
- Documenting board risk acceptance
- Annual AI risk posture summaries
- Centralizing AI risk ownership
- Creating cross-functional assessment teams
- Standardizing intake and review workflows
- Building a vendor risk knowledge base
- Training business units on risk criteria
- Integrating with procurement systems
- Automating risk scoring and reporting
- Continuous monitoring of active vendors
- Benchmarking across the vendor portfolio
- Feedback loops from operations to procurement
- Updating frameworks based on incidents
- Maturity model for AI risk programs
How this maps to your situation
- When board members ask for AI risk briefings
- During due diligence for new AI vendor procurement
- When updating enterprise risk management frameworks
- When responding to regulatory inquiries about AI use
Before vs. after
What's included with your purchase
- 12 modules with 12 chapters each (144 chapters)
- Downloadable templates and worked examples for every module
- Hand-built implementation playbook delivered alongside course access
- 30-day money-back guarantee
Delivery and format
- Course and learning environment access provisioned within 24 hours of purchase
- Hand-built implementation playbook delivered alongside course access
Format: Text-based modules and chapters in the Art of Service learning environment, plus downloadable templates and worked examples for every chapter, plus the hand-built implementation playbook delivered alongside course access.
Time investment: Approximately 60 hours of total engagement, designed for completion over 8, 10 weeks with flexible pacing.
How this compares to the alternatives
Unlike generic AI ethics courses or high-level overviews, this program delivers implementation-grade tools, real-world templates, and board-focused communication strategies not found in public frameworks or vendor-led training.
Frequently asked
Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.