The exposure is rarely the model.
Regulated institutions are deploying AI faster than their governance can evidence it. The exposure is rarely the model. It is the absent record: who approved this system, against which obligation, with what authority to stop it.
When a regulator, a board, or an auditor asks why the AI did what it did, "we believe it is fine" is not an answer. The Teardown produces the answer, in two weeks, with evidence behind every line.
Four artifacts, all board-ready.
You own the report. Every finding traces to a source your own team can follow. The frameworks and templates behind it remain licensed intellectual property.
- The Governance Gap Report. A MESA-scored findings register, every finding evidenced against a source you can trace, and scored for maturity rather than marked against an opinion checklist.
- The Remediation Roadmap. Sequenced into Now, Next, and Later, with owners and effort bands, written to be self-executable whether or not you engage further help.
- A one-hour findings readout for your executive team, on Day 10.
- A one-page board summary, readable in ninety seconds by a director who saw nothing else.
Two weeks, drawn to scale.
The scope is fixed by method, not by hours. When the boundary is drawn, the risk is bounded.
-
Week 1Read and scoreGovernance documents and up to eight stakeholder interviews, scored against the fifty-question MESA instrument across the four layers.
-
Week 2Synthesize and sequenceSeverity, evidence, and a Now, Next, and Later roadmap with owners and effort bands.
-
Day 10The readoutA one-hour findings readout, the Gap Report, the Roadmap, and the one-page board summary.
No production data leaves your environment. The examination reads governance artifacts, not customer records, and refuses protected health information categorically. A redaction guide comes with the document request so personal data never needs to travel.
The readout lands on Day 10. Book the call that starts the clock.
A governed instrument set, not a questionnaire.
Behind the two-week engagement sits a complete, governed instrument set. You do not see the internals; you see findings traced to them. This is the breadth the examination draws on.
Scored against four layers and six pillars
A fifty-question MESA Self-Assessment across the four MESA layers, model-risk scoring against six Model Risk Management pillars plus a ten-dimension risk classification, a Five-Gate deployment audit, and AI Incident Response Protocol readiness. Maturity is scored, not asserted.
Eight jurisdictions and fourteen frameworks
An eight-jurisdiction MENA regulatory checklist and a fourteen-framework global compliance crosswalk, alongside an architecture-governance matrix pairing TOGAF and DMBOK. Every finding is evidence-required and traced to a source.
What this examiner uniquely has.
Five things separate this examination from a governance review bought off a shelf.
-
The examiner authored the frameworks
The person conducting the Teardown wrote the methods it uses: the MESA Framework and its model-risk, data, vendor, and incident protocols; the published book AI Governance and Compliance Frameworks for the Middle East, with a foreword by the Kuwait Institute for Scientific Research; and a pattern-language paper on governed production AI. He did not adopt a method. He wrote it down.
-
Productized, not open-ended
Fixed scope, fixed price, a fixed two-week timeline, and board-ready deliverables. A product you can buy and budget for, not an engagement that expands under its own weight while the meter runs.
-
Evidence-required and MESA-scored
Every finding traces to a source, and maturity is scored rather than ticked against an opinion checklist. The report is audit-grade, which is the standard a regulator, a board, or an auditor will hold it to.
-
Regional and global reach
Uncontested authority across the GCC and MENA, built on the published book, eight-jurisdiction coverage, and Sharia-integrated model risk that imported governance texts do not carry, joined to a fourteen-framework global crosswalk and North American practice.
-
The method is the team
A published framework, a fixed instrument, and governed AI leverage. You buy the examiner's judgment, not a bench of juniors learning on your engagement.
Four illustrative exposures.
These are generic, illustrative scenarios, not real clients. Each shows the kind of exposure the two-week Teardown is built to surface and answer.
A regulated bank runs AI credit-decisioning. A regulator will eventually ask it to explain, for a named applicant, why the model declined, on what data, and who was accountable for letting the model decide.
The Teardown scores the governance around that model against the MESA layers and hands back a Gap Report that shows exactly where the explanation record breaks, and a roadmap to close it before the question arrives.
A healthcare provider deploys a patient-facing AI. It must prove transparency and an audit trail to a regulator without ever mishandling protected health information.
The Teardown reads governance metadata only, refuses PHI categorically, and returns a report on where transparency and the audit trail hold and where they do not, mapped to the obligations the provider actually carries.
A government service desk lets citizens appeal a decision, but not the transcript behind it. The record a citizen would need to appeal an automated outcome does not exist in a form anyone can retrieve.
The Teardown locates that gap in the Operational Machinery and Technical Substrate layers and sequences the fix, so an appeal can reach the evidence rather than a dead end.
An Islamic-finance institution needs Sharia governance built into model risk, not bolted on afterward as a separate review no model actually passes through.
The Teardown scores Sharia dual-validation inside the model-risk pillars, using the region-native discipline in the published book, and shows where the Sharia and the quantitative governance meet or fail to.
Three steps, each one optional.
A free call qualifies the work both ways before anything is proposed. Each step stands on its own.
The Fit Call
A free 30-minute conversation that qualifies the work in both directions before anything is proposed. If it does not fit, you leave with a clearer read on where your governance stands, at no cost.
30 minutes · no cost →The Teardown
The fixed-scope, fixed-fee, two-week examination. A MESA-scored Gap Report, a Remediation Roadmap, a findings readout, and a board summary. The land, for those it fits.
Fixed fee · two weeksThe Retainer
An ongoing monthly governance retainer for those who want the examiner to stay while they execute the roadmap: a regulatory-change brief, a rotating deep module each quarter, standing advisory hours, and an annual re-score against your Teardown baseline.
Monthly retainer · optionalAuthor of the frameworks the examination scores against. The published book, and a paper he wrote on governed production AI.
The Fit Call qualifies the work both ways: whether the Teardown is right for you, and whether you are ready for it. The scope is fixed, the fee is fixed, and the two weeks are fixed. We share the fee on the call. If it fits, a proposal follows within 48 hours. If it does not, you leave with a sharper read on where your governance stands and no cost.
Book the Fit Call · Send a note · Read the published playbook · See all engagements
Scored against the MESA Framework. Worked examples in the full deliverables use Nebula Gulf Bank, a fictional institution constructed for illustration.