Perform impact assessment on an AI use case

  • Release version: Australia
  • Updated May 20, 2026
  • 1 minute to read

    • Perform an impact assessment of an AI use case to identify risks like copyright issues, bias, privacy breaches, misinformation, or surveillance, enabling improved oversight and risk management.

    Before you begin

    Role required: sn_ai_asset_mgmt.ai_asset_owner or sn_grc_ai_gov.ai_risk_and_compliance_business_user

    Procedure

    1. Navigate to All > AI Control Tower.
    2. On the AI Control Tower dashboard, navigate to the Tasks section and select the assigned impact assessment task.
    3. Select Take assessment.
    4. Optional: To reassign the impact assessment to another user, select Reassign and do the following:
      1. In the Reassign task dialog box, fill in the fields as appropriate.
        Table 1. Reassign task
        Field Description
        Assignee Name of the user to whom you want to reassign the task.
        Additional comments Additional information stating the reason for reassignment.
      2. Select Reassign.
    5. Optional: To initiate a sidebar discussion, select the more icon , and select Discuss.
      1. In the Start a Sidebar discussion dialog box, fill in the fields as appropriate.
        Table 2. Start a Sidebar discussion
        Field Description
        Subject Option to provide a title for the sidebar discussion.
        Add participants Options to add participants for the sidebar discussion.
        Note:
        You can include any users with access to this record in this discussion.
        Include a brief message for participants Brief summary about the feedback to be discussed in the sidebar discussion.
      2. Select Start discussion.
    6. To initiate the assessment, select Start.
    7. Review any instructions or reference information.
      You can see additional question guidance text for your review as you complete the questions.
    8. Answer all relevant questions in the questionnaire.
      Your responses are automatically saved, and based on them, relevant risk statements and control objectives are associated with the assessment. After the AI Risk and Compliance analyst marks the assessment state as Closed complete, risks and controls are generated from these risk statements and control objectives respectively and are mapped to the AI asset.
      Note:
      The system automatically maps risks and controls only when you use the default assessment questionnaire.
    9. Select Submit.

    What to do next

    An AI Risk and Compliance Analyst evaluates the completed assessment along with the suggested list of risks and controls derived from the submitted information.

    Proceed to Initiate risk assessment on AI asset.