2 July 2026
AI readiness audit: what exactly we check and what you get at the end
An AI readiness audit is a paid, 2–4-week diagnosis that settles three things: where AI will genuinely help in your processes, whether your data is fit for it, and what the EU AI Act requires of you. The output is a working document — an AI-system inventory, a risk classification and a prioritised implementation roadmap — not a slide deck. Below is the exact scope: what we check, in what order, and what you receive at the end.
Why audit at all, instead of “just implementing”
Most failed AI projects don’t fail on the model — they fail earlier: on picking the wrong process, on data that can’t be used safely, or on legal obligations discovered after the fact. An audit costs a fraction of an implementation and turns “we want something with AI” into a list of concrete projects with a viability and risk assessment. For companies already using off-the-shelf tools (ChatGPT, Copilot), the audit also answers which of them fall under the AI Act — most obligations start to apply on 2 August 2026.
What exactly we check
- Processes. We map the places where AI has a measurable effect: repetitive document work, handling enquiries, knowledge search. Each candidate gets a score: impact, feasibility, risk.
- Data. We check sources, quality, permissions and freshness — the things RAG projects actually fail on. The detailed checklist is in data readiness for RAG.
- Shadow AI. We inventory the AI tools used outside IT’s knowledge — private accounts, plugins, automations. Without that register, neither compliance nor data security can be quantified.
- Roles and risk under the AI Act. Each system gets your company’s role (deployer / provider) and a risk category — the method is shown step by step here.
- Architecture and costs. An architecture recommendation (in our case: AWS, data stays in your own account) plus an estimate of implementation and running costs — what drives the cost of a RAG system or an agent.
- Funding. A fit check against grant programmes (FENG/SMART Path, Dig.IT, KFS) — if the project qualifies, we prepare the technical part of the application.
What you get at the end
The final report is a set of working artefacts, not slides: an AI-system register (shadow AI included), an AI Act risk matrix with priorities, a project list scored for impact and feasibility, an architecture recommendation and a roadmap — what to implement, in what order, and what the outcome depends on. Optionally the audit closes with a proof it works (PoC) on your real data. Your board, IT and lawyers then work on those artefacts — and they are where we start the implementation.
What an audit is not
It is not a sales pitch in disguise, nor a “free consultation”. It is also not a guarantee of full AI Act compliance — gaps are closed later with implementations and documentation. It is, however, the precondition of a sound decision: after the audit you know what to deploy, in what order, and how you will know it works.
What next
The scope of the three engagement levels — audit, implementation, retainer — is described on the services page. What a system that grew out of such an audit looks like is shown in mojApteczka — a production GenAI system in healthcare. Book an AI readiness audit — we reply within one business day.