EVALUATION · GA-040 · Pass: 75%

Evaluation — AI Risk Register for Agencies

Detailed documentation pack, scoring model, evidence requirements, assessor workflow and credential release logic.

Applied Evaluation: AI Risk Register for Agencies

Course code: GA-040. Pass threshold: 75%. This evaluation confirms practical capability through submitted evidence, assessor review and an executive defense. Attendance alone is not sufficient for credential release.

Primary outputan AI-enabled policy or service concept with documented risks, controls and accountable ownership
Assessment artifactAI impact memo, data governance checklist and executive adoption roadmap
Credential decisionPass / revise / fail based on documented evidence

Assessment Sections

  1. Knowledge and standards check: terminology, standards, risks, controls and public-sector relevance.
  2. Scenario task: diagnose the public-sector operating case and identify affected users, data, approvals, risks and decision owners.
  3. Prototype task: produce an AI-enabled policy or service concept with documented risks, controls and accountable ownership that can support internal review or pilot planning.
  4. Documentation task: submit AI impact memo, data governance checklist and executive adoption roadmap with evidence links, assumptions, unresolved risks and owner assignments.
  5. Operational defense: explain assumptions, trade-offs, data flows, security implications, implementation sequence and success metrics.
  6. Final review: evaluator confirms whether the evidence reaches the 75% pass threshold and whether credential release is justified.

Evaluation Rubric

CriterionWeightEvidence
Problem definition and public value20%

Clear user group, agency need, measurable benefit and realistic scope.

Workflow, data and governance quality25%

Accurate process map, required data fields, owners, approvals, evidence and dependencies.

Prototype / artifact quality25%

Usable artifact that can support implementation, procurement, policy adoption or operational review.

AI/data risk, bias and accountability controls20%

Documented risks, mitigations, privacy/accessibility/security controls and accountability model.

Executive communication10%

Concise decision brief with next steps, metrics, owner and adoption path.

Portfolio Evidence Required

  • Completed public-value canvas with mission problem, target users and measurable outcome.
  • Current-state and target-state workflow map with owners, handoffs and decision points.
  • Prototype or implementation artifact for AI risk register design, control ownership and mitigation tracking.
  • Governance checklist covering security, privacy, accessibility, compliance, ethics and operational ownership.
  • Executive decision brief with options, risks, dependencies, resources and recommended next step.
  • Evaluator review record showing rubric scores, feedback and pass threshold evidence.

Governance Review

Governance checkData quality

Defined data owner, source, freshness rule, validation method and limitation statement.

Governance checkHuman oversight

Decision points where a human remains accountable and can override system output.

Governance checkBias and fairness

Known affected groups, potential harms and mitigation review path.

Governance checkTransparency

Plain-language explanation, audit trail and public communication note when appropriate.

Sample Review Questions

  1. Which user problem does the prototype solve, and what evidence proves the need?
  2. Which workflow, data, API, vendor, legal or policy dependency creates the highest implementation risk?
  3. Which cybersecurity, privacy, accessibility, procurement, ethics or compliance control must be documented first?
  4. Which stakeholder must approve the next step, and what decision memo do they need?
  5. What metric will demonstrate that the service, policy or risk-control improvement is working?
  6. What is not yet verified, and what review is required before live implementation?

Assessment Documentation Pack

// Assessment Documentation Pack v2.0

Assessment documentation package

This assessment documentation pack defines how GA-040 — AI Risk Register for Agencies is evaluated, recorded and certified. It converts the course from attendance-based training into evidence-based capability verification. The learner must demonstrate that the an AI-enabled policy or service concept with documented risks, controls and accountable ownership is usable, documented, reviewable and defensible in a public-sector operating environment.

Assessor brief

The assessor reviews the submitted work as if it were going to an internal agency approval meeting. The review focuses on practical usability, governance evidence, public value, risk ownership, documentation quality and whether the learner can defend implementation choices under realistic constraints. Primary reviewer profile: data governance lead / AI governance reviewer.

Weighted scoring model

ComponentWeightPass ruleEvidence
Knowledge and standards check15%

Terminology, statutory/compliance context and public-sector relevance are accurate.

Short-answer responses, standards mapping and oral clarification where needed.

Scenario analysis20%

The learner diagnoses the operational problem, stakeholders, constraints, risks and decision path.

Scenario worksheet, problem statement, stakeholder map and decision assumptions.

Practical artifact30%

The main artifact is complete enough to support internal review or pilot preparation.

AI impact memo, data governance checklist and executive adoption roadmap

Governance documentation20%

The documentation covers dataset provenance, model-risk assumptions, bias checks and human oversight.

Governance checklist, control notes, review log, owner matrix and mitigation plan.

Executive defense15%

The learner explains trade-offs, residual risk, next steps, implementation sequence and success metrics.

Five-minute defense, evaluator notes and final decision memo.

Evidence requirements

  • The artifact must be tied to a named public-sector service, policy, system, workflow, risk area or leadership decision.
  • The submission must show current state, target state, responsible owners, constraints, assumptions and implementation risks.
  • All claims must be supported by a visible evidence source: workshop template, control map, interview note, process map, checklist, dataset inventory, policy excerpt or decision memo.
  • The learner must identify what remains unverified, what needs legal/security/privacy review and what decision is required before implementation.
  • The evidence package must align with the 5-hour AI Governance Microcredential and support future wallet-ready credential verification.

Integrity controls

  • Use learner-specific cases or agency-specific scenarios to reduce generic copy-paste submissions.
  • Require versioned files and evidence references so that changes after assessor review are traceable.
  • Apply peer challenge before final submission to detect unsupported assumptions and missing stakeholders.
  • Require evaluator comments for every score below the satisfactory band.
  • Keep a minimal audit trail: date, assessor, rubric version, score, decision, evidence links and remediation status.
  • Do not issue the credential when attendance is complete but artifact evidence is incomplete.

Documentation pack

Assessment cover sheet

Purpose: Identifies learner, cohort, course code, artifact title, evaluator, pass score and certification decision.

Minimum standard: All required identity, course, evaluator and version fields completed.

AI/data governance evidence matrix

Purpose: Documents the core evidence for AI Risk Register for Agencies.

Minimum standard: Each major recommendation is linked to an owner, evidence source, risk and next action.

Scenario response worksheet

Purpose: Shows how the learner interpreted the public-sector problem and operating constraints.

Minimum standard: Includes user group, agency value, affected process, constraints and decision points.

Governance and risk checklist

Purpose: Confirms that security, privacy, accessibility, legal, procurement, ethics and operational ownership were considered.

Minimum standard: Every relevant control has status, owner, evidence note and unresolved issue flag.

Executive decision memo

Purpose: Compresses the assessment output into a leadership-ready recommendation.

Minimum standard: Clear recommendation, options, risks, dependencies, KPI, owner and 30/60/90-day next step.

Evaluator record

Purpose: Creates an audit-ready review record for internal QA and credential issuance.

Minimum standard: Scores, comments, remediation notes, date, assessor identity and final decision are recorded.

Review workflow

1. Submission intake

Owner: Programme coordinator

Action: Verify learner identity, course code, required files and consent for credential processing.

Record: Submission receipt and checklist status.

2. Completeness screen

Owner: Assessment administrator

Action: Check that all mandatory documents, templates and evidence links are present.

Record: Complete / incomplete decision with missing-item notes.

3. Technical or policy review

Owner: data governance lead / AI governance reviewer

Action: Score the artifact against the rubric, review assumptions and mark unresolved risks.

Record: Rubric scores, evaluator comments and evidence references.

4. Executive defense

Owner: Lead facilitator or panel

Action: Ask the learner to defend choices, trade-offs, adoption path and residual risks.

Record: Defense notes and final clarification requests.

5. Certification decision

Owner: Credential officer

Action: Confirm pass threshold, remediation status and credential release eligibility.

Record: Pass / revise / fail decision and credential metadata.

Scoring scale

Excellent

Score range: 90–100%

Descriptor: Artifact is implementation-ready, governance evidence is complete, risk ownership is clear and the executive defense is strong.

Competent

Score range: 80–89%

Descriptor: Artifact is usable with minor revisions; documentation is mostly complete and the learner can explain trade-offs.

Pass with conditions

Score range: 75–79%

Descriptor: Minimum capability is demonstrated, but the evaluator must record required corrections before or after credential release depending on programme policy.

Revise and resubmit

Score range: 60–74%

Descriptor: Core understanding exists, but documentation, risk controls or artifact quality are insufficient for certification.

Not yet competent

Score range: 0–59%

Descriptor: Submission does not demonstrate practical capability or cannot be linked to defensible public-sector evidence.

Remediation policy

  • One remediation cycle is recommended for scores from 60% to 74%.
  • The evaluator must specify exactly which document, control, assumption or artifact component must be corrected.
  • The revised submission should be reviewed against the same rubric version unless the cohort rules state otherwise.
  • A learner who fails to submit mandatory evidence cannot receive a credential even if the knowledge check is passed.
  • Repeated generic or unsupported submissions should be escalated to programme QA review.

Certification decision rules

  • Credential eligible: final score at or above 75% and all mandatory evidence accepted.
  • Conditional pass: score meets minimum threshold but minor corrections must be recorded in the learner file.
  • Revise: score below threshold or major evidence gap; no credential until resubmission is accepted.
  • Fail: artifact is unusable, unsupported, non-original or disconnected from the assessment scenario.
  • Panel review: required when the evaluator and facilitator disagree on the final certification decision.

Audit trail

  • Learner name or learner ID, cohort ID, course code and assessment version.
  • Submission timestamp, file list, version numbers and evidence links.
  • Rubric scores by component, assessor comments and total score calculation.
  • Remediation requests, resubmission timestamp and final decision.
  • Credential metadata: issuer, credential type, course code, issue date, expiry/renewal rule if applicable and verification reference.

Documentation quality bar

  • The documentation can be understood by a supervisor who did not attend the workshop.
  • The main artifact can be reviewed by legal, security, privacy, procurement or operations without rewriting the submission from zero.
  • Every key recommendation has at least one evidence source and one responsible owner.
  • Metrics are operational, not decorative: time saved, risk reduced, adoption rate, compliance status, service quality or implementation readiness.
  • The final package shows what is ready now, what needs review and what cannot be implemented yet.

Assessor notes

  • Score the artifact, not the confidence of the presentation.
  • Reward clear ownership, documented constraints and realistic implementation sequencing.
  • Penalize vague strategy language that has no workflow, data, evidence or decision owner behind it.
  • Ask for clarification when a risk is named but no mitigation or owner is assigned.
  • Use the executive defense to test whether the learner understands consequences and trade-offs.
Minimum passing rule

Minimum passing result is 75%. A learner below the threshold receives a remediation decision rather than a credential release. A credential can only be issued when the final artifact, governance documentation and assessor record are complete.

Forms Used During Evaluation

Learner + programme coordinatorAssessment cover sheet

  • Learner ID
  • Course code
  • Cohort
  • Artifact title
  • Submission date
  • Consent for credential processing
  • Assessor assigned
LearnerScenario response worksheet

  • Public-sector problem
  • Affected user group
  • Current-state workflow
  • Target-state change
  • Constraints
  • Risks
  • Decision required
AssessorRubric scoring sheet

  • Component score
  • Weight
  • Evidence reference
  • Assessor comment
  • Correction required
  • Final weighted result
Facilitator / panelExecutive defense checklist

  • Trade-off explained
  • Residual risk
  • Owner named
  • Metric defined
  • Implementation sequence
  • Panel notes
Credential officerGA-040 credential release record

  • Final score
  • Pass threshold
  • Decision
  • Credential type
  • Issuer metadata
  • Verification reference
  • Release date

Credential Rule

Certificate eligibility requires course completion, complete artifact submission, final evaluation passage, assessor comments, audit trail and internal review. Credentials are issued through a verifiable credential-oriented model suitable for portfolio and wallet presentation.