Because disruption, regulatory breaches and reputational damage rarely arrive without warning. If any of these feel familiar, it’s not a failure, it’s a signal.
AI risk is manageable, but only if it’s acknowledged and acted upon.
Read more…
AI tools are being used without senior oversight
Staff are using AI tools, but no one at board or senior level can explain what’s in use, for what purpose, or with what risks.
This creates a Governance gap and Board level accountability issues.
No clear rules on what data can (and can’t) go into AI
Personal data, confidential business information or client data is being pasted into AI tools with no guidance, safeguards or controls.
Intellectual Property issues and Data Protection risk. This is a breach waiting to happen.
Decisions are being influenced by AI outputs, unchecked
AI‑generated advice, analysis or summaries are being relied upon without verification, challenge or human sign‑off.
This is an accountability failure. You still own the decision.
No AI policy, but “everyone knows roughly what’s OK”
There’s an assumption that common sense applies, but nothing written, approved or consistently followed.
This is a compliance illusion. Inconsistent practice equals exposure.
Suppliers or systems now embed AI, but no one has assessed the risk
New software updates, platforms or service providers quietly introduce AI features without due diligence.
This risk causes Third-party and contractual blind spots.
Staff don’t understand AI risks, but feel pressured to use it
Teams use AI to save time or hit targets, but haven’t been trained on bias, hallucinations, data leakage or misuse.
This creates operational risk and staff distress.
You can’t explain how AI‑assisted outputs were produced
Reports, conclusions or recommendations are delivered, but no one can clearly explain how the AI reached them.
This makes transparency difficult and causes auditability problems.
Complaints, near‑misses or “that didn’t feel right” moments are increasing
Outputs are occasionally wrong, inappropriate or misleading, but incidents aren’t being logged or formally reviewed.
This is an early indicator of systematic control failure.
AI risk isn’t on your risk register, or discussed by the board
Despite growing regulatory and reputational scrutiny, AI isn’t treated as a strategic or emerging risk.
This is a failure of enterprise risk management.
You’re assuming regulation doesn’t apply to you
There’s a belief that AI regulation is “for big tech” and not SMEs, charities or public‑facing organisations.
This is false reassurance. Enforcement doesn’t start with size; it starts with harm.
If you are experiencing any of these warning signs, here’s how Durrant Riley Advisory can help you:
- AI governance frameworks & proportionate policies
- Board‑level AI risk briefings
- AI risk mapping & inclusion in enterprise risk registers
- UK GDPR alignment for AI use
- Supplier & contract risk reviews
- Incident response & investigations
- Training for leaders and operational teams
- Business continuity & resilience planning around AI‑enabled processes
Get in touch for a conversation, in confidence.