Assess AI System Risk

The AI Systems module in Sprinto includes AI-specific risk assessment workflows that help organisations evaluate the governance, operational, and compliance risks associated with AI systems.

Risk assessments help organisations:

• Evaluate AI-related risk exposure

• Classify AI systems by risk level

• Maintain governance records

• Support AI compliance workflows

• Prioritise reviews and remediation

• Maintain periodic risk reviews

Sprinto supports configurable AI risk scoring workflows aligned with evolving AI governance requirements.

Navigate to the Risk Score Tab

To access AI system risk scoring:

1. Log in to the Sprinto dashboard.

2. Navigate to Data Library.

3. Select AI Systems.

1. Open an AI system from the Added AI Systems tab.

2. Select the Risk score tab.

The Risk score tab displays all configured AI risk factors and associated scoring values.

How AI Risk Scoring Works

Sprinto evaluates AI system risk using configurable risk factors.

Each risk factor contains:

• Multiple scoring options

• Configurable score values

• Risk contribution logic

As users select values for risk factors, Sprinto automatically:

• Calculates cumulative risk scores

• Assigns risk levels

• Updates governance posture across the AI inventory

AI Risk Factors

Risk factors help organisations evaluate the impact and governance posture of AI systems.

Depending on your configuration, risk factors may evaluate:

• Operational scale

• Deployment exposure

• Data sensitivity

• Decision reversibility

• Affected user groups

• AI output usage

• Business criticality

• Regulatory impact

• Safety-related usage

Risk scoring workflows can be customised from the Configuration tab.

Add Risk Factor Values

To assess AI system risk:

1. Open the AI system.

2. Navigate to the Risk score tab.

3. Click Add value beside a risk factor.

This opens the risk scoring drawer.

Score AI Risk Factors

Inside the risk scoring drawer:

1. Expand each risk factor section.

2. Review the available scoring values.

3. Select the appropriate value.

4. Repeat the process for all mandatory risk factors.

Sprinto displays scoring values as selectable options for each factor.

Mandatory Risk Factors

Some risk factors may be marked as mandatory.

The Save changes button remains disabled until:

• All mandatory risk factors are scored

• Required selections are completed

This helps organisations maintain consistent risk assessments.

Save AI Risk Scores

After completing the assessment:

1. Click Save changes.

Sprinto:

• Saves the selected values

• Calculates cumulative risk scores

• Updates the AI system risk posture

• Displays updated scores in the Risk score tab

Review Risk Scores

After saving, the Risk score tab displays:

• Risk factor values

• Assigned scores

• Calculated risk levels

This helps organisations review how individual risk factors contribute to the overall AI risk posture.

Edit Risk Scores

To update existing risk scores:

1. Navigate to the Risk score tab.

2. Click the edit icon beside the risk factor value.

1. Update the required scoring values.

2. Click Save changes.

Sprinto recalculates the AI system risk score automatically.

AI Risk Levels

Sprinto supports configurable AI risk levels.

Depending on your configuration, risk levels may include:

• No risk

• Low risk

• Medium risk

• High risk

• Critical risk

Risk levels are automatically assigned based on configured score thresholds.

Risk Scoring Configuration

AI risk scoring workflows are configurable from the Configuration tab.

Administrators can customise:

• Risk factors

• Risk factor values

• Score thresholds

• Mandatory scoring requirements

• Risk level ranges

This helps organisations align AI governance workflows with internal risk policies.

Example AI Risk Dimensions

AI risk assessments may include factors such as:

Data Privacy

Evaluates how AI systems handle sensitive or personal data.

Examples include:

• PII handling

• PHI exposure

• Data retention practices

• Training data usage

Operational Scale

Evaluates the deployment scale of the AI system.

Examples include:

• Internal team usage

• Organisation-wide deployment

• Public-facing deployment

• Population-scale usage

Business Criticality

Evaluates the operational importance of the AI system.

Examples include:

• Customer-facing workflows

• Revenue-impacting systems

• Internal automation tools

• Low-impact support systems

Decision Impact

Evaluates how AI outputs influence users or business decisions.

Examples include:

• Human-reviewed recommendations

• Automated decisions

• Access control decisions

• Safety-related outcomes

AI Governance Best Practices

When assessing AI system risk:

• Review risk assessments periodically

• Include compliance and security stakeholders

• Evaluate sensitive data exposure carefully

• Document business-critical AI usage

• Reassess risk after major system changes

• Align scoring criteria with governance requirements

• Maintain evidence for audit reviews

Relationship Between Risk and Due Diligence

Risk scoring helps organisations determine:

• Whether additional due diligence is required

• Which AI systems require governance reviews

• Which systems need periodic reassessment

• Which systems may require remediation activities

Higher-risk AI systems may require:

• Additional document collection

• Security questionnaires

• Governance reviews

• Management approvals

Monitoring AI Risk Workflows

Sprinto supports governance monitoring workflows related to AI risk.

Examples include:

• AI system risk should be scored

• Periodic risk assessment reviews

• Management review workflows

• Risk reassessment monitoring

These workflows help organisations maintain ongoing AI governance oversight.

Related Information

• AI Systems Overview

• How AI Systems Work

• Add and Manage AI Systems

• Perform AI System Due Diligence

• Configure AI Systems