Back to versions

Question Bank v1.1

Vetted Production Bank - May 2026

Active
Jump to pillarStrategy & Vision11Data Foundations19Technology & Infrastructure19Talent & Skills66Culture & Change Readiness16Governance, Ethics & Compliance30Operations & Use Case Portfolio14Model Management & Monitoring26

Strategy & Vision0/11 verified
11

الاستراتيجية والرؤية

  1. Q1
    L1
    Our organization has a documented AI strategy with a named executive sponsor and approved budget.
    AI proposed
  2. Q2
    L1
    AI use cases are prioritized against business value and risk on a regular cadence.
  3. Q3
    L1
    The AI strategy is aligned with the organization's broader digital transformation and national AI goals.
  4. Q4
    L1
    Board-level reviews of AI progress happen at least quarterly.
  5. Q5
    L1
    The organization benchmarks its AI maturity against regional peers.
  6. Q6
    L1
    A documented investment plan specifies which AI capabilities the organization will own internally vs procure from vendors over the next 24 months.
  7. Q7
    L1
    The organization has identified its three-to-five highest-priority AI use cases for the current fiscal year and assigned named owners.
  8. Q8
    L1
    Is the AI strategy a formal, board-approved document (not only a leadership memo)?

Layer 2 - consultant guide (never shown to respondents)

  1. Q9
    L2
    Describe the mechanism by which the organization de-prioritises or shuts down AI initiatives that fail to meet KPIs.
  2. Q10
    L2
    How frequently does the AI strategy receive a documented refresh?
  3. Q11
    L2
    Rate the alignment between the AI strategy and the organisation's stated risk appetite.

Data Foundations0/19 verified
19

أسس البيانات

  1. Q1
    L1
    Data quality is measured with defined KPIs across critical sources.
  2. Q2
    L1
    Data ownership is clearly assigned through a data steward model.
  3. Q3
    L1
    Sensitive data is classified and protected according to policy and regulation.
  4. Q4
    L1
    Data lineage from source systems to AI model inputs is documented and traceable.
  5. Q5
    L1
    The organization has defined controls against 'shadow AI' (staff using unapproved AI tools on work data).
  6. Q6
    L1
    A published data classification scheme includes specific categories for data feeding AI systems (training data, inference inputs, model outputs).
  7. Q7
    L1
    Is a Data Protection Impact Assessment (DPIA) conducted before any AI system processes personal data?
  8. Q8
    L1
    Cross-border data transfers used by AI systems are documented and comply with applicable data localisation requirements.
  9. Q9
    L1
    The organization maintains a register of all data sources (internal + external) feeding production AI models.
  10. Q10
    L1
    Synthetic data and data-augmentation techniques used for AI training are documented and approved by data governance.
  11. Q11
    L1
    A formal process exists to anonymise or pseudonymise personal data before it is used to train AI models.
  12. Q12
    L1
    Data retention policies explicitly cover AI training data and inference logs (length of retention, deletion process).
  13. Q13
    L1
    Data drift monitoring is in place for production AI systems (input distribution divergence from training data is flagged).
  14. Q14
    L1
    Third-party AI tools have documented data-handling agreements specifying how vendors process organisational data.

Layer 2 - consultant guide (never shown to respondents)

  1. Q15
    L2
    How does the organization detect when an employee uploads sensitive data into an unapproved generative AI tool?
  2. Q16
    L2
    Rate the maturity of the data quality KPI dashboard for AI-relevant data sources.
  3. Q17
    L2
    Describe the most recent DPIA conducted for an AI system - findings, mitigations, and current status.
  4. Q18
    L2
    Are model retraining triggers based on data drift, scheduled cadence, or both?
  5. Q19
    L2
    Rate the discipline of the data-source register: completeness, freshness, and ownership accuracy.

Technology & Infrastructure0/19 verified
19

التكنولوجيا والبنية التحتية

  1. Q1
    L1
    AI workloads run on approved cloud infrastructure with data sovereignty controls.
  2. Q2
    L1
    A formal AI tool approval process governs which tools staff may use.
  3. Q3
    L1
    MLOps practices (CI/CD, versioning, monitoring) are in place for production AI.
  4. Q4
    L1
    A sandbox environment exists for safe AI experimentation.
  5. Q5
    L1
    Infrastructure can scale to support AI workloads without procurement delays.
  6. Q6
    L1
    A documented architecture pattern exists for integrating AI services into production systems (APIs, latency SLAs, fallback paths).
  7. Q7
    L1
    Are GPU / accelerator resources allocated through a formal capacity-management process?
  8. Q8
    L1
    Production AI services have documented uptime, latency, and accuracy SLAs.
  9. Q9
    L1
    Cybersecurity controls for AI assets (model files, embeddings, prompt logs) match the controls applied to other production systems.
  10. Q10
    L1
    Approved generative AI assistants (e.g. Copilot, internal LLMs) are integrated with corporate identity and DLP controls.
  11. Q11
    L1
    The technology team maintains a documented inventory of every external AI API the organization calls in production.
  12. Q12
    L1
    AI workloads have documented disaster-recovery and business-continuity plans.
  13. Q13
    L1
    Cost monitoring is in place for AI compute, including alerts on unusual model-inference spend.
  14. Q14
    L1
    A formal end-of-life process retires deprecated AI models, removes them from production, and archives their artefacts for audit.

Layer 2 - consultant guide (never shown to respondents)

  1. Q15
    L2
    Walk through the path of a single inference request: where it lands, where its inputs and outputs are logged, who can read those logs.
  2. Q16
    L2
    Rate the maturity of the AI model registry (versioning, lineage, approvals tracked in a single artefact).
  3. Q17
    L2
    Describe the procurement process when a business unit wants to onboard a new third-party AI tool.
  4. Q18
    L2
    How is GPU capacity prioritised across competing AI projects?
  5. Q19
    L2
    Rate the readiness of disaster-recovery procedures specifically for production AI services (last test, recovery time achieved).

Talent & Skills0/66 verified
66

المواهب والمهارات

  1. Q1
    L1
    Staff at all levels have completed AI awareness training.
  2. Q2
    L1
    Role-based AI learning paths exist for technical and business roles.
  3. Q3
    L1
    The organization has a named AI centre of excellence or equivalent.
  4. Q4
    L1
    Hiring pipelines explicitly include AI/ML skills for relevant roles.
  5. Q5
    L1
    Employee sentiment on AI adoption is regularly surveyed.
  6. Q6
    L1
    AI ethics training is mandatory for staff who design, build, or operate AI systems.
  7. Q7
    L1
    Career paths for AI specialists (data scientists, ML engineers, AI ethicists) are formally defined and progressed.
  8. Q8
    L1
    Middle management has received tailored AI literacy training (not just executive briefings or staff awareness).
  9. Q9
    L1
    Partnerships exist with regional universities or technical institutes to source AI talent.
  10. Q14
    L1
    A documented retention strategy exists for high-performing AI specialists (compensation, growth pathway, recognition).
  11. Q15
    L1
    Line managers (not just executives) can interpret AI model outputs and explain them to their teams in plain language.
  12. Q16
    L1
    A documented reskilling plan exists for staff whose roles will be reshaped or displaced by AI adoption.
  13. Q17
    L1
    How does the organisation primarily source AI capability today?
  14. Q101
    L1
    I check AI-generated content for factual errors before relying on it for important work.
  15. Q102
    L1
    I can recognise when an AI tool is hallucinating or fabricating information that sounds plausible.
  16. Q103
    L1
    I question AI outputs against my own domain expertise rather than accepting them by default.
  17. Q104
    L1
    I verify AI-generated calculations, code, or analyses against an independent source before using them.
  18. Q105
    L1
    I use AI tools regularly to accelerate or improve my day-to-day work outputs.
  19. Q106
    L1
    I write effective prompts that produce useful AI responses on the first or second try.
  20. Q107
    L1
    I have integrated at least one AI tool into a recurring part of my workflow.
  21. Q108
    L1
    I know which tasks are worth giving to AI and which are faster to do myself.
  22. Q109
    L1
    I help colleagues understand what AI can and cannot do well in our line of work.
  23. Q110
    L1
    I share AI prompt techniques, tips, or worked examples with my team.
  24. Q111
    L1
    I encourage open conversation about AI risks, limitations, and ethical concerns in my team.
  25. Q112
    L1
    I model responsible AI use that others on my team can follow.
  26. Q113
    L1
    I am comfortable that my role and workflow may change significantly because of AI.
  27. Q114
    L1
    I actively seek out new AI tools and capabilities to learn about, even when not required.
  28. Q115
    L1
    I follow my organisation's policies on AI use, data privacy, and confidentiality.
  29. Q116
    L1
    I am willing to invest personal time in building my AI capability beyond what my employer requires.
  30. Q117
    L1
    Before sharing AI-generated work with a colleague or client, I edit it to reflect my own judgment.
  31. Q118
    L1
    I notice when an AI's confident-sounding answer doesn't actually match what was asked.
  32. Q119
    L1
    I break complex tasks into smaller steps when prompting an AI rather than asking everything at once.
  33. Q120
    L1
    I save and reuse prompts that worked well, so I'm not starting from scratch each time.
  34. Q121
    L1
    When a colleague is stuck on an AI tool, I take time to walk them through what works.
  35. Q122
    L1
    I credit AI's contribution honestly when sharing AI-assisted work with my team or clients.
  36. Q123
    L1
    I treat the speed of AI change as an opportunity, not a threat to my career.
  37. Q124
    L1
    I am honest with myself about which parts of my role AI does better than I do.
  38. Q125
    L1
    I have rejected or significantly altered AI-generated content because it didn't meet professional standards.
  39. Q126
    L1
    I can explain in plain language why a particular AI output might be biased or flawed.
  40. Q127
    L1
    I check AI-generated source citations against the actual sources before relying on them.
  41. Q128
    L1
    I distinguish between tasks where AI is reliably accurate and tasks where it is not.
  42. Q129
    L1
    When AI gives a confident answer outside its training data, I recognise the risk.
  43. Q130
    L1
    I keep a mental list of common AI failure modes (hallucinations, outdated info, biased training) that I check against.
  44. Q131
    L1
    I use AI to draft, then refine, rather than expecting perfect output on the first try.
  45. Q132
    L1
    I have measurable evidence (time saved, errors reduced) that my AI use improves work outcomes.
  46. Q133
    L1
    I combine multiple AI tools when one tool isn't sufficient for the task.
  47. Q134
    L1
    I provide AI with the context, role, and format it needs rather than vague prompts.
  48. Q135
    L1
    I have built or customised an AI workflow that fits my specific job.
  49. Q136
    L1
    I know when to abandon an AI approach and revert to traditional methods.
  50. Q137
    L1
    I have led at least one team conversation about how AI changes our work.
  51. Q138
    L1
    I help colleagues set realistic expectations for what AI can deliver in their tasks.
  52. Q139
    L1
    I challenge colleagues respectfully when their AI use risks accuracy, ethics, or compliance.
  53. Q140
    L1
    I share my AI failures and lessons-learned, not just my AI successes.
  54. Q141
    L1
    I help newer team members build their AI skills through coaching or pairing.
  55. Q142
    L1
    I bridge between technical and non-technical colleagues when discussing AI.
  56. Q143
    L1
    I have changed my workflow significantly in the last 12 months because of AI.
  57. Q144
    L1
    I read or follow at least one credible source on AI developments regularly.
  58. Q145
    L1
    I stay aware of which of my skills are becoming less differentiating because of AI.
  59. Q146
    L1
    I invest in deepening uniquely-human skills (judgment, empathy, ethics) that AI doesn't replace.
  60. Q147
    L1
    I refuse to use AI in situations where my organisation's policy or industry rules forbid it.
  61. Q148
    L1
    I share AI use disclosures with stakeholders when professional norms require it.

Layer 2 - consultant guide (never shown to respondents)

  1. Q10
    L2
    What does the organization do when a key AI specialist resigns? How is knowledge captured?
  2. Q11
    L2
    What proportion of staff have completed AI awareness training in the last 12 months?
  3. Q12
    L2
    Rate the depth of AI fluency at the executive committee level (ability to interpret model outputs, ask the right risk questions).
  4. Q13
    L2
    How does the organization measure ROI on AI training investments?
  5. Q18
    L2
    Which AI roles has the organisation tried to hire and failed to fill in the past 12 months? What was the constraint (compensation, location, skills, visa)?

Culture & Change Readiness0/16 verified
16

الثقافة والاستعداد للتغيير

  1. Q1
    L1
    Leadership communicates AI vision and progress regularly to all staff.
  2. Q2
    L1
    The organization celebrates AI wins and learns publicly from failures.
  3. Q3
    L1
    Cross-functional teams collaborate on AI projects without silos.
  4. Q4
    L1
    Change management accompanies every major AI rollout.
  5. Q5
    L1
    Employees feel empowered to propose AI use cases from the ground up.
  6. Q6
    L1
    Employee unions or representative bodies have been formally engaged on the workforce implications of AI deployments.
  7. Q7
    L1
    A documented psychological-safety mechanism (e.g. anonymous reporting, ombuds) exists for staff to raise concerns about AI use without retaliation.
  8. Q8
    L1
    Has the organization run at least one cross-functional AI workshop or hackathon in the last 12 months?
  9. Q12
    L1
    Employees have access to a documented AI experimentation sandbox or pilot programme to test ideas safely without breaking production systems.
  10. Q13
    L1
    Formal recognition mechanisms reward employees who contribute to AI initiatives - innovation awards, performance reviews, or promotion criteria.
  11. Q14
    L1
    The organisation has a public, externally visible commitment to responsible AI principles - for example an AI ethics statement, charter signature, or customer-facing commitment.
  12. Q15
    L1
    Does the organisation track gender, nationality, and seniority diversity within its AI teams?

Layer 2 - consultant guide (never shown to respondents)

  1. Q9
    L2
    Describe one AI initiative that was scaled back or paused after employee feedback raised concerns.
  2. Q10
    L2
    Rate the consistency between executive AI communication and what middle managers actually tell their teams.
  3. Q11
    L2
    How is staff feedback on AI tools collected after deployment?
  4. Q16
    L2
    Describe the most significant cultural resistance the organisation has encountered during AI adoption - which department, role, generation, or language group, and what drove the resistance?

Governance, Ethics & Compliance0/30 verified
30

الحوكمة والأخلاقيات والامتثال

  1. Q1
    L1
    An AI governance committee is formally chartered with defined membership and cadence.
  2. Q2
    L1
    An acceptable-use policy for AI tools is published and acknowledged by staff.
  3. Q3
    L1
    AI systems are audited for compliance with applicable regulations.
  4. Q4
    L1
    An incident response playbook covers AI-specific scenarios.
  5. Q5
    L1
    Third-party AI tools are vetted against security, privacy, and ethics criteria.
  6. Q6
    L1
    An AI ethics policy explicitly references fairness, transparency, accountability, privacy, and human oversight.
  7. Q7
    L1
    Is there a designated Data Protection Officer (DPO) or equivalent with explicit AI oversight responsibilities?
  8. Q8
    L1
    All AI systems have a documented owner accountable for outputs, including a clearly defined escalation path for issues.
  9. Q9
    L1
    AI decisions affecting customers or citizens are documented with the data, model version, and reasoning that produced them.
  10. Q10
    L1
    Affected individuals are informed when an AI system makes or significantly influences decisions about them.
  11. Q11
    L1
    A formal AI risk register tracks identified AI-related risks, owners, mitigations, and residual risk levels.
  12. Q12
    L1
    AI governance includes mandatory pre-deployment review for high-stakes models (those affecting credit, employment, health, justice).
  13. Q13
    L1
    An audit trail captures every change to a production AI system: model version, data update, configuration change.
  14. Q14
    L1
    The organization complies with regional AI registration requirements (e.g. Dubai DCAI registry, SDAIA approvals where applicable).

Layer 2 - consultant guide (never shown to respondents)

  1. Q15
    L2
    Describe a recent AI governance committee decision and the basis on which it was made.
  2. Q16
    L2
    Rate the strength of the link between the AI risk register and the enterprise risk-management framework.
  3. Q17
    L2
    Walk through the most recent AI incident: what happened, who was notified, what was the resolution, what changed afterward.
  4. Q18
    L2
    What level of human oversight is mandated for generative AI outputs that go directly to external audiences?
  5. Q19
    L2
    Rate the readiness of the organization to respond to a regulatory AI audit within 5 business days.
  6. Q201
    L2
    Our organisation has a clear policy defining who is accountable when an autonomous AI agent takes an action on our behalf.
  7. Q202
    L2
    Ownership for each deployed AI agent - who approves it and who can pause it - is formally assigned, not implicit.
  8. Q203
    L2
    We have a defined approval process a new agentic AI use case must pass before it goes live.
  9. Q204
    L2
    For high-impact decisions, our AI agents require explicit human approval before acting.
  10. Q205
    L2
    Staff working alongside AI agents know exactly which actions they must review and which the agent may take alone.
  11. Q206
    L2
    We can interrupt or override an AI agent's action while it is in progress.
  12. Q210
    L2
    Each AI agent's access to systems, tools and data is scoped to the minimum it needs (least privilege).
  13. Q211
    L2
    We control and log which external tools and APIs an AI agent is permitted to call.
  14. Q212
    L2
    Sensitive data an AI agent can reach is governed by the same controls we apply to human staff.
  15. Q216
    L2
    Every consequential action an AI agent takes is logged in a way we can reconstruct later.
  16. Q217
    L2
    We can produce an audit trail of an AI agent's decisions for a regulator or internal review.

Operations & Use Case Portfolio0/14 verified
14

العمليات ومحفظة حالات الاستخدام

  1. Q1
    L1
    A central inventory lists all AI use cases with status, owner, and business value.
  2. Q2
    L1
    ROI is measured and reported for production AI use cases.
  3. Q3
    L1
    Failed pilots are retired on a defined timeline with lessons captured.
  4. Q4
    L1
    AI use cases are mapped to specific business outcomes or KPIs.
  5. Q5
    L1
    Cross-department AI portfolio reviews happen at least biannually.
  6. Q6
    L1
    Each AI use case has a documented success threshold defined before deployment, and the actual outcome is compared back to it.
  7. Q7
    L1
    A balanced portfolio is maintained across efficiency, customer experience, and revenue-generating AI use cases.
  8. Q8
    L1
    Operational ownership of AI use cases passes from the project team to a business unit at production hand-over, with a documented runbook.
  9. Q9
    L1
    Is there at least one AI use case currently in production that has been operating for more than 12 months?
  10. Q10
    L1
    AI use case proposals must include an impact assessment covering customer / citizen, employee, and regulatory dimensions.

Layer 2 - consultant guide (never shown to respondents)

  1. Q11
    L2
    Describe how an AI initiative gets approved for funding from idea to production - the gates, the people, the typical timeline.
  2. Q12
    L2
    What is the typical lifecycle of an AI use case from approval to first production deployment?
  3. Q13
    L2
    Rate the discipline of post-deployment ROI tracking for the top 3 AI use cases.
  4. Q14
    L2
    Which two AI use cases delivered the most value in the last year, and how was that value measured?

Model Management & Monitoring0/26 verified
26

إدارة النماذج والمراقبة

  1. Q1
    L1
    All production models are versioned and tracked in a model registry.
  2. Q2
    L1
    Model performance (accuracy, drift, bias) is continuously monitored.
  3. Q3
    L1
    Human review is mandatory for high-stakes model decisions.
  4. Q4
    L1
    Models undergo periodic fairness and bias testing.
  5. Q5
    L1
    A retirement process removes stale or underperforming models from production.
  6. Q6
    L1
    Each production model has a documented model card covering intended use, training data, performance metrics, and known limitations.
  7. Q7
    L1
    Adversarial testing (red-teaming, prompt-injection probes for LLMs) is conducted before high-risk model deployment.
  8. Q8
    L1
    Explainability methods (e.g. SHAP, LIME, attention visualisation) are produced and reviewed for high-stakes models.
  9. Q9
    L1
    Model retraining decisions are documented (trigger, dataset, performance delta, sign-off).
  10. Q10
    L1
    Champion-challenger or A/B testing infrastructure is in place to compare model versions on live traffic before promoting a new version.
  11. Q11
    L1
    Production model performance is reviewed against documented KPIs at least monthly.
  12. Q12
    L1
    Models are rolled back automatically when monitoring detects performance regression beyond defined thresholds.
  13. Q13
    L1
    Is there a published policy that mandates a human-in-the-loop step for any AI decision affecting customer access to services or employment?
  14. Q14
    L1
    Generative AI outputs that go to external audiences are watermarked or labelled as AI-generated where required.

Layer 2 - consultant guide (never shown to respondents)

  1. Q15
    L2
    Describe the most recent fairness/bias evaluation conducted on a production model. Findings? Mitigations? Re-test results?
  2. Q16
    L2
    Rate the depth and consistency of model documentation across the production portfolio.
  3. Q17
    L2
    Walk through the steps that would happen if a production model started producing biased outputs against a protected group: detection, escalation, remediation, reporting.
  4. Q18
    L2
    How are model performance regressions discovered today?
  5. Q19
    L2
    Rate the rigour of pre-deployment testing for the most recently launched generative AI capability.
  6. Q207
    L2
    We have assessed the realistic failure modes of our AI agents (wrong action, bad data, manipulation) before deployment.
  7. Q208
    L2
    There is a documented fallback plan for when an AI agent behaves unexpectedly or fails.
  8. Q209
    L2
    We test agentic AI against adversarial and edge-case scenarios, not just the expected path.
  9. Q213
    L2
    The level of autonomy we grant an AI agent is matched to the risk of the task it performs.
  10. Q214
    L2
    Low-risk repetitive tasks are delegated to agents while high-risk decisions stay with people - by deliberate design.
  11. Q215
    L2
    We revisit and adjust how much autonomy each agent has based on its track record.
  12. Q218
    L2
    Our monitoring would detect if an AI agent started operating outside its intended scope.

Author with AI

Describe what you want to ask in plain English; the AI drafts a fully-formed bilingual question anchored to a published framework (UAE PDPL, SDAIA NDGF, ISO 42001, NIST AI RMF, OECD AI Principles). Drafts are inserted as inactive for human review before going live.

Drafts insert at the end of the pillar. Review the question, edit if needed, then activate.

CSV bulk import

Required columns: pillar_id, question_number, question_text_en, question_text_ar, question_type. Optional: options_en, options_ar, score_map, help_text_en, help_text_ar, region, sector, layer, display_order. JSON fields accept valid JSON or empty.

Add question

Layer 1 = client-facing. Layer 2 = consultant guide (never shown to client). For multiple choice / yes-no, enter options and score_map as JSON.