Automate
Worked example
Spam and phishing detection in corporate email
Methodology · Upstream of the Bouddi Method
Frame the AI question before you answer it.
Most boards can't say where AI lives in their organisation today, where it could and should live tomorrow, or where to focus first. The Bouddi Framing Process is the upstream methodology for answering all three - before anyone writes a strategy, signs off a policy, or commissions a transformation.
3
Stages - Footprint, Fit-and-Risk Matrix, Framing Brief
2×2
Decision matrix on AI Suitability and Governance Burden
2
Registers - self-serve templates, and engaged audit-grade delivery
D1–D6
Anchored to the same maturity domains as the Bouddi Method
Why this exists
AI governance fails before it starts when no-one frames where AI actually lives.
By the time most ANZ organisations engage governance, the conversation has already skipped a stage. Pilots are running, vendors are signed, Copilot is embedded in the workforce - and the board is being asked to approve a strategy without anyone having mapped the territory. Framing is the missing first move: an empirical map of AI's current footprint, an analytical lens for where AI should sit, and a synthesis that tells the executive what to focus on first. Done well, it changes the questions a board gets to ask.
The Bouddi Framing Process
Three questions, three artefacts.
Each stage answers one question and produces one named artefact a CRO, board director or risk lead can hold in their hands. Each artefact ships in two registers: a self-serve template you can fill in yourself, and an audit-grade version delivered inside the Bouddi Method.
Stage 01
Where does AI live today?
Artefact · The Bouddi AI Footprint
An honest catalogue of every AI system in the organisation: in production, in pilots, and in the shadow estate where staff have already adopted ChatGPT, Copilot and embedded vendor models. You can't govern what you can't see.
Read the stage →Stage 02
Where could and should AI live?
Two complementary 2×2 lenses
The Fit-and-Risk Matrix applies the governance lens (Suitability × Burden → Automate / Augment / Leave alone / Avoid). The Investment Position Matrix applies the strategy lens (Centrality × Defensibility → Build / Buy best / Partner / Wait). Either or both, depending on what the engagement serves.
Read the stage →Stage 03
Where should we focus first?
Artefact · The Bouddi Framing Brief
The synthesis: the gap between today's footprint and the matrix's recommendation, ranked by risk concentration and strategic value. A board-ready one-pager that scopes the work the Bouddi Method then runs through six phases.
Read the stage →Stage 01 · Where does AI live today?
The Bouddi AI Footprint.
Most ANZ boards underestimate the AI surface area in their own organisation by a factor of three or more. M365 Copilot is embedded across the workforce. Individual staff have adopted ChatGPT for drafting customer correspondence. Vendor systems used in claims, credit, hiring and procurement have AI components their procurers never disclosed. Each of these is a governance event waiting to be discovered - by you, an auditor, or a regulator.
The Footprint surfaces them all in one register: production AI, pilot AI, and shadow AI. For each system: the business process served, the data classes touched, the decision authority granted, the risk tier, and the current governance state. It is the first time most leaders see the full picture.
Self-serve register
One-page AI Footprint template
A downloadable template you can fill in over a coffee. Captures the basics for executive-level visibility - useful as a board pre-read, a discovery prompt for an internal scan, or the working sketch you bring into a Diagnostic engagement.
Engaged register
Evidence-grade inventory
Delivered inside the Bouddi Method at Phase 01 (Scope & Inventory). Full controls testing, structured walkthroughs with system owners, and validation against ISO/IEC 42001 Annex A.4 and APRA CPS 230 process maps. Built to stand up to internal and external assurance.
Stage 02 · Where could and should AI live?
The Bouddi Fit-and-Risk Matrix - governance lens.
Stage 02 has two complementary lenses; either or both can be applied depending on what the engagement serves. The Fit-and-Risk Matrix applies the governance lens. The Investment Position Matrix applies the strategy lens - the same shape, but asking where should we invest in AI? rather than where does AI need governance?
The Fit-and-Risk Matrix evaluates any candidate AI process along two axes. AI Suitability asks how well AI actually fits the work - composite of data quality, decision variability (deterministic to judgmental), pattern density, and reversibility of an individual error. Governance Burden asks how much regulatory and reputational weight the process already carries - composite of regulatory exposure (APRA, Privacy Act, consumer law), customer impact severity, audit and assurance scrutiny, and reputational exposure if it fails.
Low Governance Burden
High Governance Burden
High AI Suitability
Augment
Worked example
Insurance claims triage
Low AI Suitability
Leave alone
Worked example
Quarterly board paper drafting
Avoid
Worked example
Algorithmic redundancy or termination decisions
Each quadrant in detail.
The verb is the headline. The governance treatment is what actually changes day-to-day.
Automate
Spam and phishing detection
High AI Suitability · Low Governance Burden
The textbook AI use case no-one argues about. Pattern-dense, low stakes per error, easily reversible. Use AI here freely; document and monitor it like any other system. The governance treatment is hygiene, not strategy - the work is making sure these systems sit inside your AIMS at the right risk tier, with monitoring and incident response.
Augment
Insurance claims triage
High AI Suitability · High Governance Burden
AI helps materially, but the stakes - customer outcomes, regulatory exposure under the General Insurance Code, Privacy Act and ASIC RG 271 - demand human-in-the-loop decision-making and a defensible audit trail. This is where most regulated AI in ANZ actually lives, and where the bulk of your governance work concentrates: model risk standards, explainability, monitoring, and assurance.
Leave alone
Quarterly board paper drafting
Low AI Suitability · Low Governance Burden
Low pattern density (each paper is context-specific), and the work is the thinking. Executives are tempted to drop ChatGPT in here, but the value added is marginal and the risk of strategic drift is real. Sometimes the strongest governance call is to declare a process AI-free and document why. Boards remember the work that wasn't done as much as the work that was.
Avoid
Algorithmic redundancy or termination decisions
Low AI Suitability · High Governance Burden
Vendors are actively marketing GenAI tools for this in 2026. They shouldn't be used. Each case is contextual (low pattern density), the stakes are catastrophic (Fair Work Act exposure, dignity, reputation), and the decisions are poorly reversible. The Avoid quadrant exists specifically to flag dangerous deployments - and to give a CRO the language to push back on a vendor pitch in a board meeting.
Self-serve register
Fit-and-Risk Matrix canvas
A downloadable canvas you can place your candidate processes onto in an afternoon. Useful for board pre-reads, executive workshops, and the working sketch you bring into a Diagnostic engagement.
Engaged register
Calibrated, evidence-validated placement
Delivered inside the Bouddi Method at Phases 01 – 02 (Scope & Inventory; Diagnose). Each placement is justified against your data, your decision design, and your regulatory perimeter - and signed off by the relevant business owner before it goes to the board.
Stage 03 · Where should we focus first?
The Bouddi Framing Brief.
The Framing Brief is the synthesis. Two artefacts, one page each. The first is a placement of every catalogued process from your Footprint into the matrix's four quadrants - most organisations are surprised by what lands where, and by the cluster of systems they've been operating in the Avoid quadrant without realising it. The second is the priority list: the two or three highest-priority moves, the two or three places of greatest exposure, and a strategic value tie-breaker for sequencing. Designed to be readable by a board director in five minutes.
Self-serve register
One-page Framing Brief template
A board-ready synthesis built from your own work in stages 01 and 02. Forces the user to write down the three things that matter most - and surfaces the gap between current footprint and target placement in a single image.
Engaged register
Signed-off briefing pack
Delivered inside the Bouddi Method as part of the Diagnostic + Roadmap. Cross-walked to ISO/IEC 42001 obligations, APRA expectations, and the D1–D6 maturity domains. Ready for board approval and inclusion in the audit committee evidence pack.
From sketched to defensible
Framing gets you the question. Two Bouddi methodologies deliver the audit-grade answer.
Where the Framing Brief lands matters. If it lands on the strategy side - what to invest in, what to build, what to buy, what to wait on - the Bouddi Strategy Method runs the work through five phases. If it lands on the governance side - controls, AIMS, regulatory readiness, audit-grade evidence - the Bouddi Governance Method runs it through six. Both methodologies share the same evidence discipline; both anchor to the D1–D6 maturity domains; both are co-delivered with the relevant business and risk teams. Many engagements use both - Strategy upstream, Governance underneath.
Strategy engagements
The Bouddi Strategy Method
Five phases · 9–17 weeks · co-delivered with business and technology. Frame & Align · Discover & Diagnose · Strategy & Roadmap · Procure · Mobilise.
For: AI strategy, AI roadmap, AI procurement.
Governance engagements
The Bouddi Governance Method
Six phases · up to 6–9 months for full implementation · co-delivered with risk and audit. Scope & Inventory · Diagnose · Design · Build · Embed · Assure.
For: AI governance, AI risk, AI internal & external assurance.
Start framing
Two ways to begin.
Take the kit yourself
The Bouddi Framing Kit
All four self-serve templates as a single pack - AI Footprint, Fit-and-Risk Matrix (governance lens), Investment Position Matrix (strategy lens), and Framing Brief. Apply them with your own team. Most leaders find the first hour reveals more than they expected.
Engage the audit-grade version
The Bouddi Diagnostic
Bouddi delivers the Framing Process at evidence-grade fidelity inside the Diagnostic. Four to eight weeks, fully co-delivered with your risk, audit and technology teams. The output stands up to APRA, internal audit and external assurance.