Independent Governance & Assurance Readiness for Automated Decision Systems

Zerisk is an independent governance and assurance-readiness authority focused on automated and data-driven decision systems in regulated environments.

Zerisk helps organizations translate supervisory and regulatory expectations into operational governance, enforceable controls, and audit-ready evidence that withstands regulatory examination and internal audit scrutiny.

As reliance on automated decisioning increases, regulators, examiners, and auditors are placing greater emphasis on accountability. Oversight expectations now extend beyond models and technology to the governance, controls, and evidence that support automated decision systems in practice.Zerisk does not provide legal advice, audit services, or compliance certifications. Its work focuses on establishing and operationalizing governance and assurance structures that prepare organizations for regulatory scrutiny, supervisory examinations, and internal assurance activities involving automated decision systems.

Scope and Boundary of Work

Zerisk’s scope is limited to governance and assurance-readiness activities related to automated and data-driven decision systems operating in regulated environments.Scope coverage includes:

  • Governance structures and accountability frameworks for automated decision systems

  • Control objectives, documentation standards, and audit- and examination-ready evidence requirements

  • Assurance-readiness support for internal audit, risk oversight, and regulatory and supervisory examinations

  • Forward-looking regulatory and supervisory evaluation considerations, framed through established examination and oversight practices

Zerisk’s work is non-audit, non-legal, and non-attestation in nature. Zerisk does not certify compliance, provide legal interpretation, assume decision-making authority, or operate client systems. Responsibility for decisions, controls, and outcomes remains with the organization.

Audience

Zerisk’s work is intended for regulated organizations operating automated and data-driven decision systems and for the oversight functions responsible for governance, accountability, and assurance readiness of those systems.

Primary intended audiences include:

  • Risk management and enterprise risk oversight functions responsible for identifying, assessing, and monitoring risks associated with automated decision systems

  • Compliance and regulatory affairs functions responsible for interpreting supervisory expectations and maintaining examination readiness

  • Internal audit functions evaluating governance design, control effectiveness, and evidence sufficiency

  • Model, data, and decision governance functions responsible for oversight of automated decision logic, data usage, and accountability structures

  • Second-line oversight and control functions supporting management in maintaining defensible governance and assurance practices

Zerisk’s work is designed to support these functions without assuming management, audit, legal, or decision-making authority.

Assurance-Readiness Approach

Zerisk’s assurance-readiness approach is structured, bounded, and evidence-driven.Assurance-readiness activities are typically focused on the following areas:

  • Governance and automated decision-system governance evaluation support

  • Clarification and alignment of control objectives and associated evidence requirements

  • Assurance-readiness support for internal audit, risk oversight, and regulatory and supervisory examinations

Work is scoped through written agreements and bounded to support internal governance and assurance-readiness objectives.Zerisk does not provide ongoing operational management, execute compliance functions, or assume regulatory, audit, or decision-making authority. Responsibility for implementation, operation, and outcomes remains with the organization.

Governance

Zerisk operates under formal governance and independence principles designed to align with regulatory, audit, and assurance expectations.

Professional Boundaries

Zerisk maintains explicit professional boundaries to preserve independence, objectivity, and examiner credibility.The firm:

  • Does not perform audits, attestations, or compliance certifications

  • Does not provide legal advice or legal interpretations

  • Does not assume compliance, regulatory, audit, or decision-making authority

  • Maintains independence and actively manages conflicts of interest

Data Usage

Zerisk conducts public analyses using publicly available information only. Client-specific information obtained through private engagements is governed by contractual confidentiality obligations and is not incorporated into public materials or public analysis.

Internal Governance

Zerisk maintains formal internal governance policies and operating controls aligned with its independence and assurance posture, including:

  • Independence and conflict-of-interest management

  • Public-source data usage standards

  • Client acceptance and engagement controls

  • Risk management and assurance posture

Leadership

Zerisk is led by its Founder & Managing Director, Kenneth Jones, a governance and assurance professional with experience supporting data, automation, and risk oversight functions in regulated environments. His work focuses on the governance of automated and data-driven decision systems, with particular emphasis on aligning regulatory and supervisory expectations with enforceable controls and audit-ready evidence.

Supporting Documentation

Zerisk maintains formal written policies addressing independence, data usage, client acceptance, and risk management. Supporting documentation may be made available upon request, subject to scope and confidentiality considerations.

Insights

Zerisk publishes periodic governance briefs and analytical materials focused on regulatory and supervisory expectations, assurance readiness, and the oversight of automated and data-driven decision systems.Publications emphasize:

  • Regulatory and supervisory signals relevant to automated decision oversight

  • Audit and examination expectations

  • Governance structures and audit- and examination-relevant evidence considerations

Zerisk does not comment on, assess, or draw conclusions about individual organizations. Any illustrative analysis is based solely on publicly available information and does not constitute evaluation, opinion, or assurance regarding any organization’s practices or compliance posture.

Engage

Zerisk engages selectively with organizations operating in regulated and supervised environments where automated and data-driven decision systems are subject to formal oversight.Inquiries should relate to governance and assurance-readiness considerations for automated and data-driven decision systems, including regulatory, supervisory, and internal assurance evaluation contexts.Zerisk does not provide legal advice, audit services, compliance certifications, or attestations, and does not assume regulatory or decision-making authority.

Thank you for your inquiry.

Zerisk reviews inquiries selectively to ensure alignment with its governance, independence, and assurance-readiness mandate.If your inquiry falls within scope, you will be contacted directly.