Appearance
Compliance Lead Path
Drive audit-ready governance work for an AI system by running a clear gap analysis, assigning ownership, and moving controls to evidence-backed execution.
Outcome
You leave this path with:
- a scoped project with the right frameworks attached
- a prioritized “what’s missing” view with clear owners
- evidence collection in motion for the highest-impact controls
- an internal review and export-ready audit trail
Time to first value: 60–90 minutes
Prerequisites: a project exists and you have a project role (Owner, Editor, Reviewer, or Auditor)
Use Scout if it’s available
Scout can accelerate gap discovery and drafting, especially when you ground questions with controls, requirements, evidence, or risks.
Path at a glance
1
Confirm scope
Ensure the AI system and frameworks are correctly defined
2
Run a gap pass
Identify what’s missing and assign owners
3
Drive execution
Move priority controls to evidence-backed execution
4
Prepare review
Make progress auditable and export-ready
Step 1: Confirm scope and frameworks
Goal: make sure the project is the right unit of governance and is scoped to the frameworks you care about.
Where in Modulos
Project → Settings → General settingsfor the project definition and lifecycle stageProject → Settings → Frameworksto confirm frameworks and versions
Do this
- Confirm the AI system description is accurate and specific enough for governance work.
- Confirm the project lifecycle stage reflects reality (so work is triaged appropriately).
- Confirm required frameworks are attached and up to date for your use case.
You’re done when
- the project clearly describes what the system does, who it affects, and the deployment context
- the right frameworks are attached to the project
Step 2: Run a gap pass and assign ownership
Goal: produce an actionable backlog with clear accountability.
Where in Modulos
Project → Requirementsto review requirement readinessProject → Controlsto review and assign control executionProject → Settings → User accessto confirm owners/reviewers are assigned
Do this
- Start from requirements and identify the largest gaps (most “not fulfilled”).
- For each priority requirement, review mapped controls and assign an Owner.
- Mark items out of scope only when there is a clear justification and audit trail.
You’re done when
- the top gaps have named owners
- there’s a clear plan to move the highest-impact controls to execution
Step 3: Drive evidence-backed execution
Goal: move from “we intend to” to “we can show it”.
Where in Modulos
Project → Controls → select a controlto attach evidence and update execution statusProject → Evidenceto manage evidence artifactsProject → Controls → Assessmentto draft a structured readiness assessment when available
Do this
- For each priority control, attach the strongest evidence you already have.
- Collect missing artifacts and attach them to the relevant controls.
- Use structured drafts (for example assessments) to make reviews faster and more consistent.
You’re done when
- priority controls have evidence attached that actually demonstrates execution
- control status reflects reality and is ready for review where appropriate
Step 4: Prepare internal review and exports
Goal: make the work auditable and easy to validate.
Where in Modulos
Project → RequirementsandProject → Controlsfor readiness reviewProject → Exportsfor reports and evidence packagesNotificationsandProject objects → Comments and Logsfor traceability of key actions
Do this
- Ensure changes go through the standard review flow where applicable.
- Review the audit trail for key decisions and status changes.
- Export the evidence pack and summary views needed for internal audit readiness.
You’re done when
- reviewers can trace requirements → controls → evidence without guesswork
- you can export an internal audit pack that matches the current status snapshot
Next handoff
AI Product Owner
Ensure the AI system description and lifecycle context stays current
Risk Manager
Quantify top risks in monetary terms and review exposure against budgets
Engineer & Integrations
Connect systems so Scout and governance work can reference real artifacts