# The AI Governance Audit Simulation

Practice the audit before the regulator does.

## Product Promise
A documented mock-audit scenario package for testing governance readiness against a fictional organization's AI use.

## Intended Buyer
Compliance teams, governance consultants, and internal audit groups preparing for AI governance review.

## Included Deliverables
- Fictional organization profile
- 30-item audit questionnaire
- Scoring rubric
- Debrief guide
- Facilitator notes

## Practitioner Workflow
1. Scenario brief: define the decision, evidence, owner, and acceptance threshold before use.
2. Audit questionnaire: define the decision, evidence, owner, and acceptance threshold before use.
3. Failure indicators: define the decision, evidence, owner, and acceptance threshold before use.
4. Scoring: define the decision, evidence, owner, and acceptance threshold before use.
5. Remediation pathway: define the decision, evidence, owner, and acceptance threshold before use.

## Operating Standard
Use this product as a practical governance aid, not as legal advice. For legal, regulatory, medical, financial, or employment decisions, require qualified human review and preserve the evidence trail.

## Evidence Rules
- Prefer primary sources over AI-generated summaries.
- Keep the raw AI output, prompts, model name, date, and reviewer identity.
- Separate verified claims from inferred, plausible, and unsupported claims.
- Do not cite AI output as a substitute for a real source.
- For volatile law, policy, science, or market claims, re-check the source close to publication.

## Official Source Anchors
- Quebec Act respecting the protection of personal information in the private sector, CQLR c P-39.1: https://www.legisquebec.gouv.qc.ca/en/document/cs/p-39.1/20240701
- NIST AI Risk Management Framework 1.0: https://www.nist.gov/itl/ai-risk-management-framework
- ISO/IEC 42001:2023 AI management systems: https://www.iso.org/standard/42001