How to Risk-Assess an AI Use Case in 30 Minutes, Repeatably
On this page
- The unit of analysis: the use case, not the tool
- The five factors
- 1. Data sensitivity, what goes in
- 2. Decision impact on people, what it decides
- 3. Audience, where the output goes
- 4. Autonomy, how it acts
- 5. Reversibility, what an error costs to undo
- Scoring and tiers
- Worked examples
- Controls per tier
- The one-page record and the register
- Running it: the process in six steps
- What is an AI use-case risk assessment?
- Why assess use cases instead of tools?
- How do we score an AI use case?
- Who should perform the risk assessment?
- How often should assessments be revisited?
TL;DR: The failure mode of AI risk management at normal companies isn’t recklessness, it’s uniformity. Either everything gets treated as dangerous (and adoption stalls) or everything gets waved through (until the incident). The fix is a repeatable scoring method that sorts uses in about 30 minutes: five factors, scored 1-3, summed into green/amber/red tiers with pre-agreed controls per tier. This page is the method, the scoring rubric, the controls, and the one-page record format. Not legal advice, high-stakes or regulated uses need qualified review on top.
The unit of analysis: the use case, not the tool
The security review answers “is this vendor and product safe to hold our data?” That’s necessary and insufficient, because the same approved tool spans wildly different risk depending on what it’s doing:
| Use of the same assistant | Real risk profile |
|---|---|
| Summarizing a public industry report | Near zero |
| Drafting replies to customer complaints | Moderate, external audience, brand and accuracy stakes |
| Screening job applications | High, determines outcomes for people; regulated territory (EU AI Act high-risk) |
So the assessable unit is a use case: who uses which tool to do what, with which data, producing output that goes where. One sentence in that shape is the header of every assessment. If you can’t fill in the sentence, the use isn’t defined enough to assess, which is itself a finding.
The five factors
Each scored 1-3. The factors are chosen so that a non-specialist can score them from knowledge of the workflow alone, no model internals required.
1. Data sensitivity, what goes in
| Score | Definition |
|---|---|
| 1 | Public or non-sensitive internal data |
| 2 | Confidential business data (internal docs, non-public plans, code) |
| 3 | Personal data, client-confidential material, or regulated data |
Score the most sensitive data the workflow will realistically touch, not the average. The categories align with the never-paste list in AI and data privacy.
2. Decision impact on people, what it decides
| Score | Definition |
|---|---|
| 1 | No effect on decisions about individuals |
| 2 | Informs or influences decisions about people (rankings, flags, summaries a human weighs) |
| 3 | Effectively determines outcomes for people (screening that filters, scoring that gates) |
Be honest about the 2/3 boundary: if humans approve the AI’s ranking 95% of the time, the AI is determining outcomes regardless of the org chart. That’s the rubber-stamping problem from Responsible AI in practice.
3. Audience, where the output goes
| Score | Definition |
|---|---|
| 1 | The user themselves (drafts, research, brainstorming) |
| 2 | Internal colleagues or systems |
| 3 | External parties, customers, candidates, public, regulators |
External audience raises stakes on every error class: a hallucinated fact in a personal draft costs a correction; the same fact in a customer proposal costs trust or worse.
4. Autonomy, how it acts
| Score | Definition |
|---|---|
| 1 | Suggests only; a human executes every action |
| 2 | Acts with human approval per action (drafts queued to send, changes pending confirm) |
| 3 | Acts autonomously (sends, edits records, executes tasks without per-action approval) |
This factor climbs as tools become agentic, an AI agent running multi-step tasks is a 3 by construction. Autonomy also compounds security exposure: an autonomous tool reading untrusted content is the classic prompt-injection target, which is why amber/red tiers loop back to the security review.
5. Reversibility, what an error costs to undo
| Score | Definition |
|---|---|
| 1 | Errors easily caught and corrected before harm |
| 2 | Errors costly to correct (rework, apologies, refunds) |
| 3 | Errors irreversible or severe (legal exposure, safety, a person wrongly rejected, money moved) |
Scoring and tiers
Sum the five factors: range 5-15.
| Total | Tier | Meaning |
|---|---|---|
| 5-7 | Green | Standard policy suffices |
| 8-11 | Amber | Proceed with added controls |
| 12-15 | Red | Deep review before any rollout, or decline |
Two override rules trump the arithmetic, because averaging can hide a critical factor:
- Any use scoring 3 on decision impact (determines outcomes for people) is at minimum amber, and red if data sensitivity or reversibility is also 3. Hiring screeners land here every time, appropriately, since they’re also the EU AI Act’s most SMB-relevant high-risk category.
- Any use with regulated data (3) and autonomy (3) together is red regardless of total.
Worked examples
| Use case | D | P | A | Au | R | Total | Tier |
|---|---|---|---|---|---|---|---|
| Marketing drafts blog posts from public research | 1 | 1 | 3 | 1 | 1 | 7 | Green |
| Meeting notetaker on internal calls, summaries to attendees | 2 | 1 | 2 | 2 | 1 | 8 | Amber |
| Support assistant auto-sends replies to routine tickets | 2 | 1 | 3 | 3 | 2 | 11 | Amber (high) |
| AI screening tool filters job applications before human review | 3 | 3 | 2 | 2 | 3 | 13 | Red (also by override) |
(D = data, P = people impact, A = audience, Au = autonomy, R = reversibility.)
Controls per tier
Pre-agreeing the controls is what makes the method fast, the score is the decision:
Green (5-7):
- Covered by the acceptable-use policy; tool must be on the approved list for the data class. That’s it. Log one line in the register.
Amber (8-11):
- Named use-case owner (a person, not a team).
- Data scoped: only the fields the task needs enter the workflow, the minimization habit from AI and data privacy.
- Review designed, not assumed: full review of external outputs, or documented sampling for high-volume flows, per the oversight patterns in Responsible AI.
- Tool’s security review confirmed current for this integration scope.
- One-page assessment filed; re-score on change triggers.
Red (12-15):
- Everything in amber, plus: governance-owner and leadership sign-off; deep-tier security review; a written oversight plan (who can intervene, how, with what authority); legal/professional input where the use touches employment, credit, or regulated data; a staged rollout with logging; and a defined rollback.
- And the question that must be asked out loud: should we do this at all? Some red uses are worth it with controls. Some are a hiring screener you don’t actually need. Declining is an assessment outcome, not a process failure.
The one-page record and the register
Each assessment produces one page, enough to reconstruct the reasoning, short enough to actually get written:
AI USE-CASE RISK ASSESSMENT
Use case: [who] uses [tool] to [do what] with [data], output to [audience]
Requested by: [name] Assessed by: [governance owner] Date: [date]
Scores: Data [ ] · People [ ] · Audience [ ] · Autonomy [ ] · Reversibility [ ]
Total: [ ] Tier: [Green/Amber/Red] Overrides triggered: [none / which]
Controls required: [list, per tier]
Owner: [name] Review trigger: [material change / incident / annual]
Decision: [approved / approved with conditions / declined] Notes: [2-3 lines]The register is just these records in one place, a spreadsheet or a folder works. It earns its keep three ways: it’s the inventory the EU AI Act sequence starts from, it’s the evidence that diligence happened when anyone asks, and it’s what makes re-assessment a five-minute diff instead of a fresh exercise.
Running it: the process in six steps
- Requester writes the use-case sentence and drafts scores. Ten minutes with the rubric. Self-scoring makes the process scale; the next step keeps it honest.
- Governance owner reviews the scoring. Confirms or adjusts, checks overrides, checks the tool is approved for the data class. Fifteen minutes for anything green or amber.
- Apply the tier’s controls. Pre-agreed, so this is assignment, not negotiation.
- File the page; update the register.
- Re-score on triggers. Material change to data, autonomy, audience, or the tool behind the workflow; any incident; or the annual register pass. The most common trigger in practice: a green drafting use quietly gains autonomy (“we just let it send now”), which is exactly the drift the autonomy factor exists to catch.
- Feed patterns back into policy. If a category keeps arriving amber for the same reason, encode the fix as a standing rule in the acceptable-use policy and stop re-deciding it.
Teams in legal or legal-adjacent work should treat this method as the floor, not the ceiling, privilege and matter-confidentiality add considerations covered in the legal guides.
FAQ
What is an AI use-case risk assessment?
A structured 30-minute evaluation of one specific AI use, who uses which tool to do what, with which data, output going where, scored on data sensitivity, people impact, audience, autonomy, and reversibility, mapped to green/amber/red control tiers, and recorded on one page in a living register.
Why assess use cases instead of tools?
Risk lives in the application. The same tool is near-zero risk summarizing public reports and red-tier risk filtering job applicants. Tool-level vetting (the security review) and use-level assessment answer different questions, vendor safety versus application safety, and approving a tool never implies approving every use of it.
How do we score an AI use case?
Five factors, 1-3 each: data sensitivity, decision impact on people, audience of output, autonomy, and error reversibility. Sum to 5-15: green 5-7, amber 8-11, red 12-15. Two overrides: outcome-determining decisions about people are at least amber (red if paired with sensitive data or irreversibility), and regulated data plus full autonomy is automatically red.
Who should perform the risk assessment?
The requester drafts the use-case sentence and self-scores; the AI governance owner reviews, adjusts, and confirms the tier. This split keeps throughput high enough that people use the front door while preserving a four-eyes check against optimistic scoring. Red-tier uses add leadership sign-off and, where employment or regulated data is involved, qualified professional input.
How often should assessments be revisited?
On triggers, material change to the use (new data class, new autonomy, new audience), change to the underlying tool, or any incident, plus one light annual pass over the register. The one-page record makes most re-scores a five-minute comparison rather than a new assessment.
Rolling this out and want a hand? Webisoft helps companies implement AI safely, get in touch.
Frequently asked questions
What is an AI use-case risk assessment?
A short, structured evaluation of one specific AI use, not the tool in general, scoring it on factors like data sensitivity, impact on people, output audience, autonomy, and error reversibility, then assigning controls proportionate to the score. It's how a company applies heavy scrutiny only where it's warranted.
Why assess use cases instead of tools?
Because risk lives in the use, not the logo. The same assistant is low-risk drafting internal notes and high-risk screening job applicants. Tool-level review (the security review) answers 'is this vendor safe to hold our data?'; use-case assessment answers 'is this application safe to run?' You need both, and they're different questions.
How do we score an AI use case?
Rate five factors 1-3: data sensitivity (public/internal/regulated-or-personal), decision impact on people (none/influences/determines), audience (individual/internal/external), autonomy (suggests/acts-with-approval/acts-autonomously), and reversibility (easily undone/costly/irreversible). Sum to 5-15: 5-7 green, 8-11 amber, 12-15 red, with two override rules for people-determining decisions and regulated data.
Who should perform the risk assessment?
The person who wants to run the use case drafts the scoring; your AI governance owner reviews and confirms the tier. Self-scoring plus one reviewer keeps the process fast enough that people actually use it, while the four-eyes check catches optimistic scoring.
How often should assessments be revisited?
On triggers and on a calendar: re-score when the use case changes materially (new data class, new autonomy, new audience), when the tool behind it changes, or after an incident, plus a light annual re-check of the register. Most re-scores take five minutes because the one-page record already exists.