Final Assessment — AI Governance Practitioner

20-question final exam covering the AI Governance & Model Risk for Financial Services course. Pass mark 70%.

Final Assessment

This is the final assessment for AI Governance & Model Risk for Financial Services.

20 multiple-choice questions
Pass mark: 70%
Covers all seven modules
Unlimited retakes
On passing, you earn your AI Governance Practitioner certification

When you're ready to apply this to a real programme, our AI Enablement service builds governance into the workflow design from day one — exactly the embedded model this course recommends.

Good luck.

AI Governance Practitioner Final Assessment

20 questions — Pass mark: 70%

Q1.What is the central premise of this course?

Governance is overhead and should be minimisedGovernance done well is an accelerator of AI deployment, not a brakeOnly the regulator decides what governance looks likeAI cannot be governed safely

Q2.Why does AI governance often feel like a brake?

Because it is a brake by designBecause it is bolted onto AI projects late, sits outside the workflow, and demands evidence the team did not collectRegulators require itCompliance is slow

Q3.What is the EU AI Act's core mechanism?

Banning AI in financial servicesRisk-tiered classification (unacceptable, high, limited, minimal) with graduated obligationsOpen-source mandatesLLM-specific rules

Q4.What does PRA SS1/23 cover?

Capital requirementsModel risk management — including AI/ML — across the model lifecycleCybersecurityCustomer complaints

Q5.What is DORA?

An EU operational resilience regulation for financial institutions and their critical ICT third parties, applicable from January 2025A US data privacy lawAn optional industry frameworkA cybersecurity certification

Q6.What is the first step in mapping AI use cases to risk tiers?

Hire a regulatory consultantBuild a complete inventory, including shadow AI and vendor-embedded AIRead the regulations end-to-endSet up a committee

Q7.What is shadow AI?

AI deployed inside the business by individual teams without central governanceOpen-source AIAI used at nightAI from sanctioned countries

Q8.Which use case is MOST likely to be high-risk under the EU AI Act?

An internal coding copilotAutomated credit decisioning for consumer loansA document classifier for archive searchA FAQ chatbot

Q9.In the classic 3LoD model, who owns the risk?

AuditFirst line — the business unit creating the activitySecond lineThe board

Q10.What is the most common 3LoD failure mode for AI?

Too many committeesDiffuse ownership — first line says 'the AI team built it', AI team says 'the business asked for it', and nobody is accountablePoor documentationWrong technology

Q11.What does 'embedded governance' mean?

Governance committees meeting more oftenGovernance designed into the workflow itself, with evidence produced as a by-product of operationMore auditorsAutomated compliance checking

Q12.What is a decision log?

Meeting minutesA persistent, queryable record of every material decision the AI system made — inputs, output, confidence, overrideA regulatory submissionA model performance dashboard

Q13.What is the difference between a model card and a model risk file?

Model card is a lightweight summary; model risk file is the full governance documentation for material/regulated modelsThey are the sameModel card is for marketingModel risk file is shorter

Q14.What is data drift vs concept drift?

Same thingData drift = input distribution changes, relationship stable; concept drift = the relationship between inputs and the right answer changesData drift is biggerConcept drift only affects LLMs

Q15.What is the right cadence for reviewing override patterns?

AnnuallyContinuously, with formal review at least monthly for material modelsOnly when something goes wrongNever

Q16.What should trigger a model incident?

Any errorAny SLO breach, anomalous behaviour, customer complaint about an automated decision, or internal escalationOnly customer complaintsOnly audit findings

Q17.What should be the deliverable of the first 90 days of a governance programme?

A complete enterprise AI policy frameworkA use case inventory, working risk classification, and defensible posture for the highest-risk use cases already in productionAll audit findings closedA dedicated AI risk team hired

Q18.When should you build the central AI governance committee?

Day oneAfter you have a working inventory and classification framework, so the committee has substance to governNeverWhen the regulator asks

Q19.What is the most common scoping mistake in AI governance programmes?

Doing too littleTrying to write a comprehensive policy framework before you have any deployed use cases or operational evidenceWrong toolsToo few people

Q20.What is the executive sponsor's primary job in an AI governance programme?

Approve budgetsReframe governance from 'brake' to 'accelerator' inside the organisation, and protect the team during the political pressure pointsAttend meetingsWrite policy

Certificate Locked

Complete all 7 modules and pass the final exam to earn your AI Governance Practitioner certificate.