Our Framework
The Tolt Assurance Framework. Structured. Evidence-based. CBI-ready.
Our framework is not a generic checklist. It is a structured, three-pillar methodology designed to give Irish regulated financial services organisations a clear, repeatable, and defensible process for governing AI.
A three-pillar approach to
AI assurance.
The Tolt Assurance Framework is built on three pillars - Govern, Validate, and Operate. Each pillar contains specific workstreams, evidence requirements, and outputs that map directly to what the Central Bank of Ireland expects from regulated firms.
The framework is designed to be proportionate. We scope each engagement to the size, complexity, and risk profile of your organisation so you get the governance you need, not a one-size-fits-all exercise that wastes your time and budget.
Every engagement ends with a complete, documented evidence set that you can put in front of your board, your risk committee, or your regulator.
What each pillar covers.
Three distinct workstreams. Each one building on the last. Together, they give you a complete, auditable AI governance framework.
1. Govern - Policies & Controls
We establish the foundations of your AI governance, the policies, roles, and controls that the CBI expects to see in place before any AI system goes near a regulated process.
Workstreams Include:
- AI governance policy and framework design
- AI model inventory and risk classification
- Roles, responsibilities & accountability mapping
- Board & senior management oversight
2. Validate - Model testing & evidence
We conduct independent validation of your high-risk AI models, testing for fairness, explainability, and robustness, and producing the documented evidence your regulator will ask for.
Workstreams Include:
- Independent model validation and testing
- Fairness and bias assessment
- Explainability and transparency documentation
- EU AI Act conformity assessment support
3. Operate - Monitoring & Reporting
We embed governance into your day-to-day operations, building the monitoring, reporting, and human oversight processes that keep your AI compliant on an ongoing basis, not just at point of audit.
Workstreams Include:
- Model monitoring & performance reporting
- Human-in-the-loop oversight design
- Incident response and escalation procedures
- Board and risk committee reporting templates
How an engagement works.
A clear, four-phase process from initial scoping to a complete, regulator-ready evidence pack.
Scoping & Materiality Assessment
We identify your AI systems and determine which are in scope for the CBI's supervisory focus so we work on what matters, not everything.
Gap Analysis
We assess your existing controls, policies, and documentation against the Tolt Assurance Framework to identify your critical governance gaps.
Remediation Roadmap
We deliver a prioritised, actionable roadmap, clear on what needs to be done, in what order, and what the regulatory risk is if it is not.
Evidence & Reporting Pack
We compile the complete suite of evidence and documentation required to demonstrate your compliance to the CBI and your own governance bodies.
WHAT YOU RECEIVE
A complete AI governance deliverable set.
The output of a Tolt engagement is not a slide deck. It is a comprehensive set of documents and evidence designed to withstand regulatory scrutiny and to give your board and risk committee the confidence they need.
AI Governance Framework Document
AI Model Inventory & Risk Register
Independent Model Validation Reports
Board & Risk Committee Reporting Packs
CBI Supervisory Submission Pack
Typical Engagement
6-9 Weeks
From initial scoping call to final deliverable pack
Built to the standards that matter to your regulator.
The Tolt Assurance Framework is mapped to the regulatory and technical standards that the CBI and EIOPA are actively applying to Irish regulated firms in 2026.
EU AI Act
Risk-based classification, conformity assessments, and documentation requirements for high-risk AI systems.
CBI Supervisory Framework
Mapped to the Central Bank of Ireland's 2026 supervisory priorities for AI governance in regulated organisations.
EIOPA AI Guidelines
Aligned to EIOPA's guidelines on AI governance for insurance and reinsurance undertakings.
ISO/IEC 42001
The international standard for AI management systems increasingly referenced by regulators as a benchmark for governance maturity.
GET STARTED
Ready to build a governance framework your regulator can't fault?
Book an AI Readiness Audit. We will tell you exactly where your gaps are and give you a clear, prioritised path to close them.