Skip to content
Bharat NeuroTech
Bharat NeuroTech
NeuroCortex · Live
₹101 Shagun on signup · free
JOURNAL · BUILDING

AI risk assessment template — ISO 42001 §6 aligned, free download

The 12-category AI risk register we use inside Bharat NeuroTech audits. Likelihood × severity × detectability scoring, worked example, and what Stage 2 auditors actually check.

By Dr. Nitnem Singh Sodhi7 min read← all essays
▸ ANSWER

An AI risk assessment is a structured evaluation of the harms an AI system can cause — to users, to the business, and to third parties — across its lifecycle. The ISO/IEC 42001 Annex A.6-aligned template scores each identified risk on likelihood × severity × detectability, classifies it (negligible/low/medium/high/critical), and maps it to controls in your AIMS. The version below is the same one we use inside Bharat NeuroTech audits — copy it, fill it in, and you have an artefact a Stage 2 auditor will accept.

AI risk assessment
The systematic identification, analysis and evaluation of risks arising from the development, deployment and use of an AI system, performed before deployment and repeated whenever the system, data, or use-context materially changes.
▸ TL;DR
  • Score on three axes — likelihood (1–5), severity (1–5), detectability (1–5).
  • Risks above score 60 are critical and block deployment until mitigated or accepted by named owner.
  • The 12 risk categories below are the ISO 42001 Annex A.6 default set — drop none, add domain-specific ones.
  • Repeat the assessment quarterly, or whenever training data, model version, or use-context changes.
  • Every accepted risk needs a named owner. "The team" is not an owner.

The template — 12 categories every AI must score

ISO 42001 ANNEX A.6 — DEFAULT RISK REGISTER
CategoryExample riskTypical mitigation
Accuracy / hallucinationModel fabricates citations in legal outputRetrieval grounding + confidence threshold
Bias / fairnessLoan approval rate differs by gender at equal credit scoreBias testing on stratified holdout + threshold parity
PrivacyTraining set contains identifiable PIIData minimisation + DPIA + consent audit
SecurityPrompt injection exfiltrates system promptInput sanitisation + output filtering + red team
MisuseImage generator produces deepfakesUse-policy + watermarking + abuse-reporting channel
TransparencyUser cannot tell they are speaking to AIDisclosure UI + synthetic-content labelling
ExplainabilityCannot reconstruct why a decision was madeLogged feature attributions + model card
RobustnessModel degrades on out-of-distribution inputDrift monitoring + retraining cadence
Third-party / supply chainFoundation model vendor changes termsVendor risk assessment + portability plan
EnvironmentalTraining emissions undisclosed to procurementCarbon accounting + green compute commitment
Human oversightNo human reviews high-stakes outputsHITL workflow + escalation SLA
SocietalSystem affects employment/access at scaleImpact assessment + redress mechanism

How to fill in each row

  1. Likelihood (1–5) — probability the risk materialises in a 12-month window. 1 = rare, 5 = expected.
  2. Severity (1–5) — worst-credible harm if it materialises. 1 = annoyance, 5 = physical/financial/legal harm to many.
  3. Detectability (1–5) — how hard to detect before harm occurs. 1 = obvious, 5 = invisible. (Note: higher = worse, like FMEA.)
  4. Score = L × S × D. Range 1–125.
  5. Tier: ≤12 negligible, 13–30 low, 31–60 medium, 61–100 high, ≥101 critical. Critical blocks deployment.

Worked example — a customer-service chatbot

Hallucination risk on a banking chatbot, 2026 deployment:

  • Likelihood: 4 (LLMs hallucinate; we mitigate but not eliminate)
  • Severity: 4 (incorrect rate quoted = regulatory + reputational hit)
  • Detectability: 3 (post-hoc audit catches it; pre-response doesn't always)
  • Score: 48, tier medium
  • Mitigation: retrieval grounding to product catalogue + confidence threshold + automated disclaimer when confidence <85%
  • Residual score after mitigation: L2 × S4 × D2 = 16, tier low
  • Owner: Head of CX. Review: quarterly.

What auditors look for in your filled template

  1. Every category covered. A risk register with eight rows when twelve apply is a red flag.
  2. Named owners, not departments. "Engineering team" is rejected; "Priya Menon, VP Eng" is accepted.
  3. Residual scores after mitigation. Inherent risk alone is insufficient — the auditor wants to see your mitigation actually moved the number.
  4. Accepted-risk register. Risks you chose not to mitigate must be documented with the business rationale, the approving authority, and the review date.
  5. Date and version. Undated risk registers fail Stage 1.

How this connects to the rest of the AIMS

The risk assessment is the input to: Annex A.5 (impact assessment), A.7 (objectives and planning), A.10 (incident response), and A.11 (continual improvement). Done properly, it is also the input to your DPIA under DPDP. See our companion essay on ISO 42001 certification in India for how the AIMS clauses link together.

▸ FAQ

Frequently asked

What should an AI risk assessment include?
At minimum: a category register (accuracy, bias, privacy, security, misuse, transparency, explainability, robustness, third-party, environmental, oversight, societal), a scoring methodology, named owners, inherent and residual scores, mitigation actions, and a review date.
Why score on three axes instead of two?
Likelihood × severity misses detectability — whether you'll catch the risk before harm occurs. A medium-likelihood, medium-severity risk that's invisible until production is functionally a high risk. Three-axis scoring follows FMEA practice.
How often should an AI risk assessment be redone?
Quarterly at minimum, plus whenever training data, model version, or use-context materially changes. Annual-only assessments fail Stage 2 ISO 42001 audits.
Is an AI risk assessment the same as a DPIA?
No. A DPIA covers personal-data risks under DPDP/GDPR. An AI risk assessment covers a broader set including bias, robustness, misuse and societal impact. The two overlap but a DPIA does not substitute for the AI risk assessment ISO 42001 requires.
▸ NEXT STEP

Skip the spreadsheet. Run an automated risk scan.

Our scan auto-populates the 12-category register against your stack, scores it, and outputs a Stage-1-ready PDF in minutes. Free preview, ₹799 for the full audit.

Consult with expert human · ₹2,500 · 1 hourSee a sample report →

Dr. Nitnem Singh Sodhi is a Lead Auditor for ISO/IEC 42001, 27001 and 27701, accredited by ANSI/ABICB since March 2025.

— Bharat NeuroTech · /dr-sodhi
MORE ESSAYS

Keep reading.

BUILDING
ISO 42001 certification in India — the 2026 implementation guide

What ISO 42001 certification actually involves in India: the 5-step path, realistic cost (₹8L–₹38L), the 3 Annex A controls Indian firms fail most, and how it stacks with DPDP and ISO 27001.

19 May 2026 · 9 min
BUILDING
GDPR in India vs DPDP Act — what applies to your AI in 2026

Clause-by-clause comparison of GDPR and India's DPDP Act 2023 for AI deployments. Where the two laws overlap, where they diverge, and the single-stack design pattern for dual-regime products.

17 May 2026 · 8 min
BUILDING
AI safety — what it means for Indian deployments in 2026

The 6-control India safety baseline: code-mixed language testing, demographic fairness across 5 Indian axes, synthetic-media controls under MeitY 2024 advisory, HITL on high-stakes outputs, DPDP-aligned incident response.

16 May 2026 · 7 min
▸ EARLY-READER LIST

Get the next essay the day it lands.

One short message, one new essay in your inbox each time Dr. Sodhi publishes. No filler.

Join the early-reader list · ₹2,500 · 1 hour
Open the Lab →