Guides

How to assess AI readiness

How to assess AI readiness comes down to a short, repeatable method: examine six dimensions of your organization, score the evidence in each, and act on the lowest. This is the full method we use, published so you can run it yourself.

The method in five steps

Before the dimensions, the shape of the thing. Assessing readiness is not a survey you take in the abstract; it is an examination of one part of your business against a fixed rubric. The whole method is five moves:

  1. Pick the scope. Choose the specific process you actually want to change, not "the company." Readiness is always readiness for something.
  2. Gather the evidence. For that process, collect what exists today across the six dimensions: documents, access, logs, and the names of the people who own each piece.
  3. Score each dimension out of 10 against the rubric below, counting only what you could show, not what you believe.
  4. Find the constraint. Read the lowest-scoring dimension first. That is where your first project will fail.
  5. Turn the scores into a plan: fix the foundations that are too weak to build on, or pick a first use case that avoids them.

The six dimensions, and why these six

Every serious framework covers roughly the same ground. Microsoft's readiness assessment uses seven pillars, Cisco's index uses six, Gartner leans on strategy, data, and governance. We use six because they map to what actually breaks in practice, and to what our paid assessment examines, so a self-scored read and a paid one speak the same language:

  • Strategy: is there a real, owned, funded reason to do this?
  • Data: does the data exist, and can the work reach it?
  • Systems: can AI actually be wired into what you run?
  • People: will the people affected use it and flag it when it is wrong?
  • Governance: are the rules written down and followed?
  • Operations: can you keep it running past the demo?

The number of buckets matters less than the discipline of scoring all of them. Most stalled projects were strong on the two dimensions the sponsor cared about and never scored the one that killed them.

How to score: evidence, not opinion

Score each item within a dimension 0 (no), 1 (partly, or you are not sure), or 2 (yes, and you could show a document, a log, or a named person). That gives each dimension a score out of 10. The rule that makes the whole thing honest is the last one: a 2 is not a feeling, it is something you could put on a screen. "I think our data is fine" is a 1 until someone shows the quality check. Score what exists today, not what is on next quarter's roadmap, and do not average the six into a single number. The per-dimension scores are the information; the average hides exactly the weak spot you are trying to find.

Assessing each dimension

For each of the six, here is what to look at, what a strong signal looks like, and what a weak one looks like. The readiness checklist breaks each dimension into five scorable items; this is how to read them.

1. Strategy

  • What to look at: the written list of candidate use cases, the AI budget line, and who is named as the owner of AI decisions.
  • Strong looks like: two or three specific processes named, each with a number attached (hours saved, cost, error rate) and a written definition of what "working" means, plus one executive who owns both the decisions and the money.
  • Weak looks like: "we need an AI strategy" with no named process, no number, and no single owner. If two departments disagree, nobody can break the tie.

2. Data

  • What to look at: for each candidate use case, which systems hold the data, who controls access, when its quality was last checked, and which fields are regulated or personal.
  • Strong looks like: someone can name the systems and the access owners in the room, and a real quality check happened within the last year.
  • Weak looks like: nobody can say where the data actually lives. This is the most common first surprise in our own work, and it stretches six-week projects into six-month ones.

3. Systems

  • What to look at: whether the systems that would feed or receive AI output have APIs or reliable export paths, whether a test environment resembles production, and whether access can be scoped narrowly.
  • Strong looks like: real integration paths exist, a prod-like test environment is available, and identity setup can grant a system account least-privilege access.
  • Weak looks like: the only way data moves is a human copying between screens, and the first real test of the AI would be on live customers.

4. People

  • What to look at: how staff already use AI tools including the unsanctioned ones, whether anyone in-house can evaluate a vendor’s claims, and whether there is a training plan and budget for the people whose work would change.
  • Strong looks like: you know the shadow usage, at least one person can push back on a vendor technically, and affected managers have had a say in what is coming.
  • Weak looks like: a blanket ban that has quietly pushed AI onto personal accounts with no rules and no record.

5. Governance

  • What to look at: whether a written AI usage policy exists and has actually been read, whether it states where data may and may not be sent, whether there is an approval path for new uses, and which regulations apply.
  • Strong looks like: a policy the relevant staff have read, a clear rule on data egress, and one named person tracking the rules that apply to you.
  • Weak looks like: no policy, or one nobody has seen. A policy nobody has read protects nobody, including the company.

6. Operations

  • What to look at: who would monitor and maintain each system after go-live, the human process that catches its mistakes, the exit terms on anything you buy, the ceiling on usage-based spend, and whether the target process is documented as it actually runs.
  • Strong looks like: a named team owns year two, a defined escalation path exists for when the AI is wrong, and the process is documented as it really runs.
  • Weak looks like: the demo works and nobody owns what happens after. Every AI system is wrong sometimes, and here there is no one to catch it.

Turning scores into a plan

The output of the method is not a grade, it is an ordering. Read the weakest dimension first, because that is your constraint. A rough guide per dimension: 4 or less means fix that foundation before funding any AI build; 5 to 7 means pick one contained use case that avoids the weak spot and use it to build the missing muscle; 8 or more means this dimension is not your problem, so look elsewhere. The plan writes itself from the two or three lowest scores, in order.

Where a weak dimension points at a specific kind of work, it has a name. Low governance scores are the ground covered by AI governance consulting, and if the risk items are what worry you, that is an AI risk assessment. If nobody owns AI decisions at all, that strategy gap has a job title: fractional chief AI officer. Low operations scores around repetitive manual work are often where AI automation pays off first, and if the whole question is where AI fits in the business, AI strategy consulting starts one step earlier than a readiness read.

Where self-assessment goes wrong

Self-scoring fails in predictable ways, and knowing them is most of the defense. The big one is the optimistic sponsor answering for areas they do not run: ask the people closest to each dimension instead. The second is scoring the roadmap rather than reality, so a data catalog planned for next quarter becomes a 0 today. The third is that a company scoring 9 or 10 across the board has almost certainly scored itself wrong, not built something excellent. Have a second person score the same scope separately and compare; the disagreements are usually where the truth is. And treat the whole exercise as directional. It reflects what you believe about your organization, which is useful and sometimes wrong.

Doing it yourself, and when to bring in outside eyes

You can run this method with your own team, and for a first read you should. Work through the AI readiness checklist, which is these six dimensions broken into 30 scorable items, ungated and free. For a related exercise on where automation specifically pays off, the automation opportunity assessment guide runs the same evidence-first approach on manual work. We do not show industry benchmarks, and we will not, until we have a real dataset to show them from. A score against a published rubric is worth something; a made-up "top 10% of your industry" line is not.

The honest limit of doing it yourself is verification. A self-assessment scores what you believe; it cannot check whether the data is really as clean as the data owner thinks, or whether the integration is really as simple as the roadmap says. That is the gap our paid assessment fills: our senior team inside your actual systems for 3–6 weeks, scoring the same six dimensions against evidence instead of self-report, at a published fixed price of $20,000 to $80,000, ending in a written recommendation you own. The method is the same either way. The difference is whether the scores are what you told us or what we found.

Questions people ask

How do you measure AI readiness?
You score evidence, not opinions, across a fixed set of dimensions. Pick the process you actually want to change, gather what exists today for each of the six dimensions (documents, access, logs, a named person), score each dimension out of 10 against a rubric, and read the lowest one first. The number is only as good as the evidence behind it, which is why a "2" should mean you could show a document or a log, not that you feel confident.
Can you assess your own AI readiness, or do you need a consultant?
You can, and for a first directional read you should: work through our AI readiness checklist with your own team before paying anyone. The limit of self-assessment is that it scores what you believe about your organization, and every company we have looked at closely believed at least one thing about its own systems that was not true. Our paid assessment exists for that gap: our senior team inside your actual systems for 3–6 weeks, verifying the same six dimensions against evidence at a published fixed price of $20,000 to $80,000.
What is the difference between AI readiness and AI maturity?
Readiness asks whether you could start safely; maturity asks how far along you already are. A first-time adopter can be highly ready (clean data, clear owner, good governance) with zero maturity, and a company running several models can be low on readiness if it scaled faster than its governance. The method here measures readiness, which is the more useful question at the start of a project, because it tells you what will break before you spend money finding out.
Who should be involved in an assessment?
The people closest to each dimension, not the executive sponsor answering for everything. Ask the data engineer about data, the line manager about people and process, whoever owns the systems about integration and logging, and whoever tracks regulation about governance. The single most reliable way to inflate a readiness score is to let one optimistic person answer for areas they do not run day to day.

Tell us about the work.

A few lines is enough. We read every enquiry ourselves and reply within one business day.