Skip to main content
AI ConsultancyDone-for-you service

AI Governance & Cost Audit

A one-off audit that maps your shadow AI, reviews your AI API spend, and builds your EU AI Act evidence pack — with a prioritised plan to fix the gaps.

£1,950 one-time

AI Governance & Cost Audit

A one-off, entry-level audit for organisations that have started using AI without a governance layer underneath it. Delivered by the SBH TechOps team, it gives you a clear, evidence-backed picture of where AI is used across your business, what it is costing you, and what you need on file for the EU AI Act — then hands you a prioritised plan to close the gaps.

This is an assessment, not an automated scan: we work from a structured questionnaire, a guided review of your stack and your AI/LLM bills, and documentation of your controls. Honest method, audit-ready output.

The three pillars

  • Shadow AI discovery. We map which AI and LLM tools your organisation actually uses — both sanctioned and unsanctioned — through a structured questionnaire and a review of your stack. We flag ungoverned or unauthorised data use so you know where your exposure is before it becomes an incident.
  • AI API spend audit. We review your AI/LLM API usage and bills for waste, runaway cost and missing budget controls, then recommend practical guardrails (budgets, alerts, model-routing and usage policy) to bring spend back under control.
  • EU AI Act evidence pack. We classify your AI systems by risk tier, document your Article 14 human-oversight arrangements, and produce an audit-ready evidence file you can show to customers, insurers or a regulator.

What you get

  • A written audit report covering all three pillars, in plain language.
  • An EU AI Act evidence pack (risk classification + Article 14 human-oversight documentation).
  • A prioritised remediation plan — what to fix first, and why.

Who it is for

Organisations adopting AI faster than their governance can keep up — SaaS and technology companies, professional-services firms, and mid-market businesses that have LLM tools in daily use but no single owner, budget control or compliance record for them.

Where the EU AI Act actually stands

No fear-mongering — here is the honest position so you can plan calmly:

  • 2 August 2026 — Article 50 transparency obligations apply (users must be told when they are interacting with AI, and certain AI-generated content must be labelled).
  • High-risk / Annex III obligations are expected to be deferred to around December 2027 under the Digital Omnibus package (pending publication in the Official Journal), giving most organisations more runway than the original timeline.
  • Penalties are tiered: up to €35M or 7% of global turnover applies only to the Article 5 prohibited-practices ban; up to €15M or 3% covers high-risk and general-purpose AI obligations.

The value here is readiness and relief: getting your evidence in order early, on your own timetable, rather than scrambling later.

The upsell path

The audit is the entry point. Once you know where you stand, it leads naturally into SBH's ongoing coverage — the EU AI Act Compliance Engine, Agentic AI Governance Shield, StatuteForgeIQ and HumanBaseIQ — so governance, cost control and AI Act evidence stay current instead of going stale the day after the report lands.

Honest method statement

This audit is a structured assessment built on a questionnaire, a guided review of your stack and AI/LLM bills, and documentation of your existing controls. We do not perform automated deep technical scanning of your systems. Everything we report is grounded in what you show us and tell us — which is exactly what makes the evidence pack defensible.

What's included

  • Shadow AI discovery — map sanctioned + unsanctioned AI/LLM tools in use
  • AI API spend audit — find waste, runaway cost and missing budget controls
  • EU AI Act evidence pack — risk classification + Article 14 human-oversight docs
  • Prioritised remediation plan — what to fix first, and why
  • Written audit report in plain language
  • Clear upsell path into ongoing SBH governance coverage
EU AI ActAI governanceshadow AIAPI costcompliance audit

Not sure if this is the right fit?

Talk to our AI advisor — explain your context and we'll recommend the right product from our 100+ catalogue, including alternative tiers and bundles.

🔒 Data processing & privacy

Your data is processed in EU/UK. AI generation runs via Anthropic Claude (EU region). Your data is not used to train models. See the Sub-Processors list and Privacy Policy.

✅ 14-day money-back guarantee

Not satisfied? Request a full refund within 14 days of purchase. See the Refund Policy for details and limits.

💬 Support — 24h response SLA

Reach us at [email protected]. Response within 24 business hours. Critical issues: 4 hours. Channels: email + Help Centre.

🏠 Customer portal & data export

After purchase, access deliverables, invoices, and account settings at /portal/dashboard. Cancel any time; data export available on request.

⚠️ Important — For Information Only, Not Regulatory Advice

This product is provided for information and compliance documentation purposes only. It is not regulatory advice, legal interpretation, or a substitute for direct regulator engagement. SummitBridge Horizon Ltd is not a regulator and does not file notifications, breach reports, or registrations with any regulator (including ICO, NCSC, ENISA, BSI, HMRC, FCA, NCA) on your behalf. For specific regulator interpretations, audit outcomes, or legal exposure, you must consult a qualified professional and/or the relevant regulator directly.

SummitBridge Horizon Ltd · Companies House 16419201 · ICO ZC112810 · Registered in England & Wales