Business Owner Track
Audience: Executives, product owners, AI program leads, department heads
Goal: Understand your AI portfolio’s risk exposure, governance ROI, and compliance posture in business terms
Estimated time: ~2 hours across 5 modules
This track is written for the Business Owner role. Administrators have the same capabilities and share all content in this track.
Track overview
No coding required. This track is portal-focused. Your team’s developers and governance engineers handle technical configuration — your job is to use the outputs those systems produce to make informed decisions about your AI portfolio.
| Module | Title | Time |
|---|---|---|
| 1 | Your AI portfolio at a glance | 20 min |
| 2 | Reading the governance health signals | 25 min |
| 3 | Cost analytics and AI investment visibility | 20 min |
| 4 | Compliance posture for leadership and boards | 20 min |
| 5 | Acting on the data: escalations, approvals, and reporting | 15 min |
Module 1 — Your AI portfolio at a glance
Goal: Open the Portfolio view and understand what it tells you about the governance health of every AI application your organization runs.
Read:
Where to start: Navigate to Portfolio in the sidebar. You see every registered AI application displayed as a card, with four fleet-wide KPIs at the top.
The four KPIs:
| KPI | What it tells you |
|---|---|
| Fleet governance score | The weighted average governance quality across all production applications. Higher is better. A drop warrants investigation. |
| Applications below target | How many applications are performing below their governance score target. Click to see which ones. |
| High-risk session rate | The share of AI interactions classified as HIGH or CRITICAL risk in the last 30 days. |
| Human oversight coverage | The percentage of AI decisions that have a human checkpoint in place. |
Application status badges:
| Badge | Meaning |
|---|---|
| 🟢 Healthy | SDK active, decisions flowing, no critical alerts |
| 🟡 Degraded | SDK connected but coverage or quality has dropped |
| 🔴 Critical | No decisions in 24 hours, or an unacknowledged critical alert |
| ⚪ Ungoverned | No SDK integration — decisions are not being captured |
Ungoverned applications are your highest risk. If you see ⚪ status on a production AI application, escalate to your development team immediately.
Self-assessment:
- I can navigate to the Portfolio view and read the fleet KPIs
- I know which applications are healthy, degraded, and ungoverned
- I understand what the Agent Risk Map’s axes represent
Module 2 — Reading the governance health signals
Goal: Interpret the governance signals VeriProof surfaces so you can ask the right questions and direct attention to the right applications.
The Agent Risk Map: The scatter plot in Portfolio shows every application positioned by session volume (horizontal) and risk level (vertical). Applications in the top-right quadrant — high traffic and high risk — deserve the most governance investment.
Governance score tiers:
| Tier | Score range | What it means |
|---|---|---|
| 🥇 Gold | 85–100 | Strong governance posture; all major attributes declared |
| 🥈 Silver | 65–84 | Good posture; some attributes inferred rather than declared |
| 🥉 Bronze | 40–64 | Basic governance in place; coverage gaps exist |
| ⚠️ Below target | < 40 | Governance posture needs immediate attention |
Questions worth asking at your next review:
- Which applications have dropped from Gold to Silver in the last month?
- What is driving the high-risk session rate — one application or many?
- Are applications with human oversight requirements actually receiving human review?
Self-assessment:
- I can read a governance score and explain what drove a change
- I can identify which applications are in the top-right quadrant of the risk map
- I know where to find the action queue for items that need my attention
Module 3 — Cost analytics and AI investment visibility
Goal: Use the Analytics workspace to understand where your AI spend is concentrating and what you are getting for it.
Read:
What the Cost tab shows:
| Chart | Business question it answers |
|---|---|
| Spend by application | Which AI applications are the most expensive to run? |
| Cost per session | Which applications are processing sessions efficiently? |
| Model cost comparison | Are you using the right model for each use case, or paying for capability you do not need? |
| Cost trend over time | Is your AI spend growing proportionally with value delivered? |
Interpreting cost-per-session: A high cost-per-session is not necessarily bad — high-stakes regulated decisions (loan approvals, medical triage, legal review) justify higher cost. A high cost-per-session on a low-stakes application (FAQ bots, content classification) is worth investigating.
ROI and savings: Navigate to Compliance → ROI & Savings Dashboard for estimated risk reduction, automation savings, and cost avoidance metrics calculated from your governance data.
Export any chart as CSV or PNG from the chart toolbar. These exports are useful for board presentations and quarterly AI program reviews.
Self-assessment:
- I can open the Analytics workspace and read the Cost tab
- I know which applications are the most and least cost-efficient
- I have opened the ROI & Savings Dashboard and understand what the estimates represent
Module 4 — Compliance posture for leadership and boards
Goal: Use the Compliance workspace’s business-language views to prepare accurate AI governance summaries for leadership, boards, and external stakeholders.
Read:
What you see in the Compliance workspace:
As a Business Owner, your Compliance view is filtered to leadership-relevant signals:
- Framework Summary — a plain-language card for each active compliance framework (EU AI Act, ISO 42001, NIST AI RMF, HIPAA) showing overall coverage in business terms
- ROI & Savings Dashboard — quantified governance value for business planning
- ROI Calculator — scenario modeling for future AI investments
Reading a framework summary card: Each card shows:
- Overall coverage — the percentage of control objectives your portfolio satisfies
- Status — On track, Needs attention, or At risk
- Top gaps — the two or three areas most likely to create liability if not addressed
- Recommended action — a plain-language next step for your governance team
For board presentations. The Framework Summary view uses business language deliberately. A board does not need to know about OPA Rego policies — it needs to know whether your AI systems meet the EU AI Act obligations that apply to your industry. That is what these cards communicate.
Self-assessment:
- I can read a framework coverage card and explain what it means in business terms
- I know which frameworks apply to my organization and why
- I have identified at least one compliance gap that requires action from my team
Module 5 — Acting on the data: escalations, approvals, and reporting
Goal: Know how to act on what you see — escalate issues, approve governance gates, and create the reports your organization needs.
Escalating an issue: When you see a governance signal that warrants attention, use the Escalate action on any Focus Queue item. This routes the item to the appropriate role (Compliance Officer or Administrator) with a notification and a timestamped escalation record.
Team management: As a Business Owner, you can manage team members under Settings → Team → Members. Use this to:
- Onboard new team members and assign them the correct role
- Offboard departing staff promptly to maintain access hygiene
- Review which Auditors have active engagement access
Scheduling reports: Navigate to Compliance → [Schedule report] to set up automated governance summary reports delivered to your inbox. Configure:
- Frequency (weekly, monthly, quarterly)
- Scope (all applications or a subset)
- Format (PDF summary, CSV data, or both)
Focus Queue: Home shows a Focus Queue — a prioritized list of items that need your attention. Business Owner focus items typically include:
- Governance gate approvals waiting for your review
- Applications that have dropped below their score target
- Compliance framework coverage alerts
Process your Focus Queue at the start of each week. Items that age without attention can affect your compliance posture score, which appears in evidence exports and framework coverage cards.
Self-assessment:
- I have reviewed and cleared my Focus Queue
- I understand when and how to escalate a governance concern
- At least one automated report scheduled for the review frequency my organization needs