AIGMAExecutive Summary

AI Governance Maturity Assessment

A measurement layer over the Boundaries of Tolerance framework. Produces a credibility-grade picture of where a firm sits on AI governance — and the gap between what it does and what it says.

FrameworkBoundaries of Tolerance · Harvard Safra MethodBayesian HMM · 10×6 matrix Service tiersPublic corpus · Proprietary engagement
i. The Central Construct

Two tracks through the same matrix — and the gap between them.

The 10×6 BoT matrix (10 governance factors × 6 maturity layers) is graded twice for every firm: once for substance (what the firm does), once for signal (what the firm says). The difference is the alignment gap Δ — the headline credibility measure, in layer units, with a 95% credible interval.

Substance— what they do
Evidence of built capability: hiring outcomes, committed infrastructure, retained governance roles, audit findings, deployed controls.
Δ— alignment gap
Signal minus substance, in layer units. Positive Δ = over-marker. Negative Δ = under-marker. |Δ| ≤ 0.5 = aligned.
Signal— what they say
Evidence of declared posture: brand language, public commitments, forward-looking statements, marketing claims around AI ethics.
I.Methodology

How scores are derived

Coded evidence flows into a Bayesian Hidden Markov Model maintaining per-factor latent state over six layers, separately for substance and signal tracks.

The 10×6 matrix
L0L1L2 L3L4L5 5 Ent. 5 Sys.
  • 10 factors— 5 Enterprise (Leadership, Culture, Operations, Stakeholder Accountability, Ecosystem) + 5 Systems (Oversight, Fairness, Transparency, Reliability, Privacy).
  • 6 layers, cumulative— L0 Non-Compliance → L5 Ethical Vanguard. Monotonic stack: reaching L3 requires L2.
  • Per-factor inference— not collapsed. Headline = mean of 10 per-factor positions × 20.
  • Δ from paired samples— mean over factors of (signal − substance) from MCMC draws. Every reported number has a CI95.
II.Architecture

How evidence reaches the model

Evidence sources are channels. Each channel emits records in one canonical schema. The inference engine never sees source-specific code.

Public
Tier 1 · Jobs, GitHub, SEC, Standards, Infrastructure — five baseline public channels.
Schema
Canonical emission · firm, quarter, factor, layer, track, confidence, source, raw_evidence, rationale.
Tier 2
Proprietary · audit reports, governance docs, training records — added on direct engagement.
HMM
Inference engine · same model, same priors, same outputs regardless of channel mix.
  • Channel = fetcher + coder + registry entry.New channels added without touching the framework or model.
  • Tiers are commensurable— same scoring, narrower posteriors with more evidence.
  • Missingness handled honestly— less evidence widens the CI; never imputed confidence.
  • Channels earn their placeWAIC and LOO-CV decide, not editorial judgment.
III.Audit Drilldown

Every score traces to a source

From any headline number, five steps reach the underlying document. Three deterministic, one probabilistic, all reproducible.

  1. Aggregate → per-factorDeterministic · 1:N · mean of 10 factor scores
  2. Per-factor → posteriorDeterministic · 1:1 · score = E[state] × 20
  3. Posterior → emissionsProbabilistic · 1:N · inferred from N coded observations
  4. Emission → sourceDeterministic · 1:1 · URL + raw_evidence + rationale
  5. Source → channel registryDeterministic · 1:1 · validation κ, coder version
  • Reproducibility fingerprint— run_id + model version + emissions hash. Same inputs reproduce the same score.
  • Regulator-ready— the answer to “where did this number come from?” is a chain that terminates in a verifiable URL.
STAGE 01Assess · Example Firm · Q4 2024

Where the firm sits today

The firm publicly commits to governance posture it has not operationally built. Over-marker behaviour concentrates in Enterprise factors (leadership, culture, accountability); Systems factors are aligned.

Over-marker · 78%
Substance L1.65 · Reactive Compliance
CI95 · 28–38
33
Signal L3.00 · Emerging Ethics
CI95 · 55–65
60
Alignment gap Δ +1.3layers
Market is pricing this firm at Emerging Ethics. Substance puts them at Reactive Compliance. The gap is latent credibility risk. Expected correction is downward — signal collapsing to substance on the next material incident or regulatory action.
STAGE 02Plan

Where the gap must close

The +1.3L gap is not evenly distributed. Three Enterprise factors carry ~70% of Δ. The target on each is alignment around L2 Core Compliance, achieved primarily by raising substance to meet signal, with modest signal moderation as a guardrail against drift.

Priority 01 Enterprise

Leadership Priorities

L0 L1 L2 L3 L4 L5
SubstanceL1.0
SignalL3.1
+2.1L Target: alignment at L2 · Core Compliance

Highest leverage on overall Δ. Most visible to regulators, board, and journalists.

Priority 02 Enterprise

Stakeholder Accountability

L0 L1 L2 L3 L4 L5
SubstanceL0.8
SignalL2.6
+1.8L Target: alignment at L2 · Core Compliance

Material in regulated industries. Common trigger for class actions and regulatory inquiry.

Priority 03 Enterprise

Organizational Culture

L0 L1 L2 L3 L4 L5
SubstanceL1.2
SignalL2.7
+1.5L Target: alignment at L2 · Core Compliance

Slowest-moving but most durable. Foundational to the other two closing.

STAGE 03Execute

Interventions and validation

Each priority maps to a specific intervention bundle and a specific evidence signature. AIGMA re-runs quarterly — progress is measurable, not asserted. The same governance work that closes the gap produces artifacts any thoughtful observer would recognize.

Priority 01 Enterprise

Leadership Priorities

Action
  • Quarterly AI Governance Committee cadence with retained minutes
  • Named executive sponsor with documented AI ethics remit
  • Semi-annual board-level AI risk briefings
  • Decision logs for material AI deployments
Evidence of progress
  • Committee minutes reflecting quarterly cadence
  • Executive sponsor disclosed in governance documents
  • Board-level briefings appearing on agendas
  • Governance reporting lines visible in org documentation
  • Leadership engagement in industry standards work
Expected shift
Substance L1.0 → L2.0 within 2 quarters · closes ~40% of total Δ
Priority 02 Enterprise

Stakeholder Accountability

Action
  • Publish grievance and redress pathways
  • Stand up third-party audit cadence
  • Disclose AI complaint volumes and resolution
Evidence of progress
  • Grievance documentation accessible to affected stakeholders
  • Third-party audit engagements in the public record
  • Disclosed complaint and resolution metrics
  • Adherence to NIST AI RMF, ISO 42001, or equivalent
Expected shift
Substance L0.8 → L1.8 within 2 quarters · closes ~20% of total Δ
Priority 03 Enterprise

Organizational Culture

Action
  • AI ethics training completion as a board-reported metric
  • Ethicists hired into governance reporting lines, not only R&D
  • Senior performance reviews tied to ethics outcomes
Evidence of progress
  • Training completion data published or auditable
  • Ethics roles in governance org structure, not only product
  • Performance management language linking ethics to compensation
  • Durable retention for ethics roles, not rotational
Expected shift
Substance L1.2 → L1.9 within 3 quarters · closes ~10% of total Δ