The flagshipAI Governance TeardownBy the person who wrote the frameworks

Find the gap before the regulator does.

A fixed-scope, fixed-fee, two-week examination of how your organization governs its AI and its models, scored against the MESA Framework and delivered board-ready. It is a product you can buy, with a defined start, a defined end, and a defined price. It is conducted by the person who wrote the frameworks it uses.

Scope Fixed Fee Fixed, shared on the call Duration Two weeks Readout Day 10 Capacity Limited

Author of the published book on AI governance for the Middle East, foreword by the Kuwait Institute for Scientific Research.

§ 01The exposure

The exposure is rarely the model.

Regulated institutions are deploying AI faster than their governance can evidence it. The exposure is rarely the model. It is the absent record: who approved this system, against which obligation, with what authority to stop it.

When a regulator, a board, or an auditor asks why the AI did what it did, "we believe it is fine" is not an answer. The Teardown produces the answer, in two weeks, with evidence behind every line.

Free. 30 minutes. Qualifies the work both ways. Book the Fit Call →
§ 02What you receive

Four artifacts, all board-ready.

You own the report. Every finding traces to a source your own team can follow. The frameworks and templates behind it remain licensed intellectual property.

  • The Governance Gap Report. A MESA-scored findings register, every finding evidenced against a source you can trace, and scored for maturity rather than marked against an opinion checklist.
  • The Remediation Roadmap. Sequenced into Now, Next, and Later, with owners and effort bands, written to be self-executable whether or not you engage further help.
  • A one-hour findings readout for your executive team, on Day 10.
  • A one-page board summary, readable in ninety seconds by a director who saw nothing else.
§ 03How it works

Two weeks, drawn to scale.

The scope is fixed by method, not by hours. When the boundary is drawn, the risk is bounded.

Clock starts when your document pack arrives Fixed. Two weeks.
  1. Week 1
    Read and score
    Governance documents and up to eight stakeholder interviews, scored against the fifty-question MESA instrument across the four layers.
  2. Week 2
    Synthesize and sequence
    Severity, evidence, and a Now, Next, and Later roadmap with owners and effort bands.
  3. Day 10
    The readout
    A one-hour findings readout, the Gap Report, the Roadmap, and the one-page board summary.

No production data leaves your environment. The examination reads governance artifacts, not customer records, and refuses protected health information categorically. A redaction guide comes with the document request so personal data never needs to travel.

The readout lands on Day 10. Book the call that starts the clock.

§ 04The rigor behind it

A governed instrument set, not a questionnaire.

Behind the two-week engagement sits a complete, governed instrument set. You do not see the internals; you see findings traced to them. This is the breadth the examination draws on.

Governance and model risk

Scored against four layers and six pillars

A fifty-question MESA Self-Assessment across the four MESA layers, model-risk scoring against six Model Risk Management pillars plus a ten-dimension risk classification, a Five-Gate deployment audit, and AI Incident Response Protocol readiness. Maturity is scored, not asserted.

Regulatory and standards reach

Eight jurisdictions and fourteen frameworks

An eight-jurisdiction MENA regulatory checklist and a fourteen-framework global compliance crosswalk, alongside an architecture-governance matrix pairing TOGAF and DMBOK. Every finding is evidence-required and traced to a source.

GDPRHIPAAPCI-DSSSOC 2 Type IIISO/IEC 27001ISO 13485ISO 14971NIST CSFEU AI ActCASLFINTRACPIPEDAUAE PDPLWCAG 2.1
§ 05Why this examiner

What this examiner uniquely has.

Five things separate this examination from a governance review bought off a shelf.

  • The examiner authored the frameworks

    The person conducting the Teardown wrote the methods it uses: the MESA Framework and its model-risk, data, vendor, and incident protocols; the published book AI Governance and Compliance Frameworks for the Middle East, with a foreword by the Kuwait Institute for Scientific Research; and a pattern-language paper on governed production AI. He did not adopt a method. He wrote it down.

  • Productized, not open-ended

    Fixed scope, fixed price, a fixed two-week timeline, and board-ready deliverables. A product you can buy and budget for, not an engagement that expands under its own weight while the meter runs.

  • Evidence-required and MESA-scored

    Every finding traces to a source, and maturity is scored rather than ticked against an opinion checklist. The report is audit-grade, which is the standard a regulator, a board, or an auditor will hold it to.

  • Regional and global reach

    Uncontested authority across the GCC and MENA, built on the published book, eight-jurisdiction coverage, and Sharia-integrated model risk that imported governance texts do not carry, joined to a fourteen-framework global crosswalk and North American practice.

  • The method is the team

    A published framework, a fixed instrument, and governed AI leverage. You buy the examiner's judgment, not a bench of juniors learning on your engagement.

§ 06Where it fits

Four illustrative exposures.

These are generic, illustrative scenarios, not real clients. Each shows the kind of exposure the two-week Teardown is built to surface and answer.

The bank that cannot explain a decline
Illustrative · Banking

A regulated bank runs AI credit-decisioning. A regulator will eventually ask it to explain, for a named applicant, why the model declined, on what data, and who was accountable for letting the model decide.

The Teardown scores the governance around that model against the MESA layers and hands back a Gap Report that shows exactly where the explanation record breaks, and a roadmap to close it before the question arrives.

Two weeks to a defensible answer.
The hospital with a patient-facing model
Illustrative · Healthcare

A healthcare provider deploys a patient-facing AI. It must prove transparency and an audit trail to a regulator without ever mishandling protected health information.

The Teardown reads governance metadata only, refuses PHI categorically, and returns a report on where transparency and the audit trail hold and where they do not, mapped to the obligations the provider actually carries.

Audit trail examined, PHI untouched.
The service desk with no transcript
Illustrative · Government

A government service desk lets citizens appeal a decision, but not the transcript behind it. The record a citizen would need to appeal an automated outcome does not exist in a form anyone can retrieve.

The Teardown locates that gap in the Operational Machinery and Technical Substrate layers and sequences the fix, so an appeal can reach the evidence rather than a dead end.

The appealable record, made retrievable.
The Islamic-finance institution
Illustrative · Islamic finance

An Islamic-finance institution needs Sharia governance built into model risk, not bolted on afterward as a separate review no model actually passes through.

The Teardown scores Sharia dual-validation inside the model-risk pillars, using the region-native discipline in the published book, and shows where the Sharia and the quantitative governance meet or fail to.

Sharia governance, inside the model risk.
If one of these is you, the call is free. Book the Fit Call →
§ 07The ladder

Three steps, each one optional.

A free call qualifies the work both ways before anything is proposed. Each step stands on its own.

Step one · Free

The Fit Call

A free 30-minute conversation that qualifies the work in both directions before anything is proposed. If it does not fit, you leave with a clearer read on where your governance stands, at no cost.

30 minutes · no cost →
Step two · The land

The Teardown

The fixed-scope, fixed-fee, two-week examination. A MESA-scored Gap Report, a Remediation Roadmap, a findings readout, and a board summary. The land, for those it fits.

Fixed fee · two weeks
Step three · The expand

The Retainer

An ongoing monthly governance retainer for those who want the examiner to stay while they execute the roadmap: a regulatory-change brief, a rotating deep module each quarter, standing advisory hours, and an annual re-score against your Teardown baseline.

Monthly retainer · optional
§ 08Start

Author of the frameworks the examination scores against. The published book, and a paper he wrote on governed production AI.

Book the 30-minute Fit Call

The Fit Call qualifies the work both ways: whether the Teardown is right for you, and whether you are ready for it. The scope is fixed, the fee is fixed, and the two weeks are fixed. We share the fee on the call. If it fits, a proposal follows within 48 hours. If it does not, you leave with a sharper read on where your governance stands and no cost.

Book the Fit Call · Send a note · Read the published playbook · See all engagements

Scored against the MESA Framework. Worked examples in the full deliverables use Nebula Gulf Bank, a fictional institution constructed for illustration.

Fin · The Teardown
Book the 30-minute Fit Call →