I served as the AI Governance Lead for a fictional high-risk AI governance assessment involving Meridian Financial Services, a mid-sized financial services company piloting an automated loan underwriting system.
The system uses a third-party AI model, CrediSure Credit Decision Engine v2.3, to evaluate small business loan applications and produce one of three outcomes:
- Auto-approve
- Auto-deny
- Route to manual review
Because approximately 94% of applications are processed automatically and the system affects access to credit, I classified this as a high-risk AI use case requiring governance review before production deployment.
My final recommendation was:
Proceed with conditions. Meridian should not approve unrestricted production deployment until fairness testing, proxy-bias review, reason code validation, human oversight triggers, appeal procedures, vendor evidence review, monitoring thresholds, and governance committee approval are completed.
Caption: This screenshot shows the EU AI Act FRIA summary for the Meridian Automated Loan Underwriting System, including stakeholder consultation status, flagged rights, risk score, and conditional approval recommendation.
| EU AI Act | NIST AI Risk Management Framework | ISO/IEC 42001 |
|---|---|---|
| High-risk AI classification | Governance roles and responsibilities | AI management system scope |
| Fundamental Rights Impact Assessment | System context and intended use | Organizational roles and responsibilities |
| Human oversight | Risk measurement and testing evidence | AI risk assessment |
| Logging | Risk prioritization and treatment | AI risk treatment |
| Explanation to affected persons | Human-AI oversight | Management review |
| Fundamental Rights Impact Assessment | AI system lifecycle management | |
| Appeal and contestability | Third-party AI risk management | |
| Deployment conditions |
This portfolio demonstrates my ability to perform practical AI governance work for a high-risk AI system.
Specifically, this project shows that I can:
- Lead an AI governance review for a high-risk AI use case
- Document an AI system profile and governance intake record
- Identify and assess AI risks related to fairness, explainability, automation, vendor risk, and human oversight
- Apply EU AI Act, NIST AI RMF, and ISO/IEC 42001 concepts in a practical way
- Review third-party AI model and vendor governance concerns
- Design human oversight, exception review, and appeal procedures
- Prepare an executive-ready production readiness recommendation
- Use AI governance tooling to organize evidence, risks, policies, and framework assessments
This portfolio answers one central question:
Should Meridian Financial Services approve production deployment of a 94% automated AI loan underwriting system?
My answer:
Not for unrestricted production deployment. The system may proceed only with conditions because the current governance evidence does not fully support safe, fair, explainable, accountable, and well-monitored deployment.
| Artifact | Purpose | Link |
|---|---|---|
| AI System Profile and Intake Record | Documents system purpose, users, affected groups, data, vendor, and risk classification. | View Artifact |
| AI Risk Register and Mitigation Summary | Documents key AI risks, severity, controls, residual risk, and recommendations. | View Artifact |
| Human Oversight and Appeal Procedure | Defines human review triggers, override authority, escalation, and applicant appeal process. | View Artifact |
| Third-Party Vendor and Model Review | Evaluates CrediSure AI vendor risk, model limitations, and required evidence. | View Artifact |
| Production Readiness Decision Memo | Provides final executive recommendation. | View Artifact |
| Final VerifyWise Portfolio Report | Consolidated portfolio report generated from VerifyWise. | View Report |
Caption: This screenshot shows the Meridian Automated Loan Underwriting System registered as a high-risk AI use case in VerifyWise, with applicable frameworks, approval workflow, and pre-production governance status.
Skill demonstrated: AI use case intake, risk classification, and governance workflow setup.
> **Caption:** This screenshot shows the CrediSure Credit Decision Engine v2.3 documented in the model inventory.
Skill demonstrated: Model inventory documentation, model limitation tracking, and third-party AI model governance.
Caption: This screenshot shows the Small Business Loan Underwriting Dataset registered in VerifyWise, including data purpose, source, format, PII status, known bias concerns, mitigation approach, and connection to the CrediSure Credit Decision Engine and Meridian Automated Loan Underwriting System.
Skill demonstrated: Dataset governance, PII awareness, data source documentation, and bias mitigation planning.
Caption: This screenshot shows the six required risks for the Meridian Automated Loan Underwriting System, including risks imported from IBM AI Risk Database, MIT AI Risk Repository, and manually created custom risks.
Skill demonstrated: AI risk identification, risk rating, mitigation planning, residual risk analysis, and approval workflow documentation.
| Risk | Why It Matters |
|---|---|
| Discriminatory lending outcomes | The system may unfairly approve or deny applicants based on biased data, proxy variables, or historical lending patterns. |
| Proxy bias through credit and business variables | Variables such as geography, business age, industry, credit history, thin credit files, or cash-flow volatility may create unfair outcomes. |
| Weak explainability and incomplete reason codes | Meridian may be unable to explain automated denials, support appeals, or demonstrate compliance during review. |
| Accountability gaps in third-party AI deployment | Meridian remains responsible for deployment even if the vendor controls key model details. |
| Inaccurate automated denials | Qualified applicants may be incorrectly denied credit due to model error, incomplete data, or overly strict thresholds. |
| Lack of meaningful human oversight | Routing only 6% of applications to human review may be insufficient for a high-risk credit decision system. |
Caption: This screenshot shows the CrediSure AI vendor record in VerifyWise, documenting the third-party provider responsible for the credit decisioning model used by the Meridian Automated Loan Underwriting System.
Skill demonstrated: Third-party AI vendor risk management and vendor governance documentation.
Caption: This screenshot shows the three must-have ISO 42001 Annex controls completed for the Meridian Automated Loan Underwriting System: AI governance framework, AI system lifecycle management, and third-party AI risk management.
Skill demonstrated: Practical framework application and evidence-based AI governance assessment.
Caption: This screenshot shows the EU AI Act FRIA summary for the Meridian Automated Loan Underwriting System, including stakeholder consultation status, flagged rights, risk score, and conditional approval recommendation.
Skill demonstrated: Fundamental rights risk assessment, high-risk AI review, human oversight analysis, and conditional deployment recommendation.
Oyinadesola Edu_AI_Governance_Portfolio_Report.pdf
Caption: This screenshot shows the final VerifyWise portfolio report generated for the Meridian Automated Loan Underwriting System.
Skill demonstrated: Governance evidence organization and final reporting.
My final recommendation is:
Proceed with conditions.
Meridian should not approve unrestricted production deployment at this time.
The system may move forward only if the following conditions are completed:
- Complete fairness testing and disparate impact analysis
- Complete proxy-bias review
- Validate denial reason codes
- Define mandatory human review triggers
- Establish appeal and reconsideration procedures
- Complete vendor documentation review
- Complete security and privacy review
- Define model and outcome monitoring thresholds
- Implement decision-level audit logging
- Establish incident escalation procedures
- Obtain governance committee approval
This project demonstrates my ability to evaluate a high-risk AI system from an AI governance, risk, and compliance perspective.
The Meridian Automated Loan Underwriting System offers business benefits, including faster decisions, improved consistency, and operational efficiency. However, because it affects access to credit and automates most decisions, it requires strong governance before deployment.
As AI Governance Lead, my assessment found that the system should not receive unrestricted production approval until Meridian completes required fairness, explainability, human oversight, vendor, monitoring, privacy, and governance controls.
This project reflects how I would support responsible AI deployment in a real organization.
This is a fictional educational portfolio project created for AI governance, risk, and compliance training. It does not represent legal advice, regulatory certification, credit decisioning advice, or an actual assessment of a real financial institution.