EW-AiRM™ · Risk <> Controls Master Map

Every AI risk + Every control: One map.

1,150 canonical AI risks, mapped against 831 evidence-based controls. 765,944 pairs, tiered by how directly each control addresses each risk. 
Not as an explorable diagram, not a gate — the actual dataset the other tools draw on, made directly searchable.

WHAT IS ON EWAIRM.TOOLS

Operational tools you can run on a live deployment.

What's in the map?

1,150 canonical risks (MIT taxonomy, 7 domains, 24 subdomains).
831 controls (MIT Mitigation Database).
Every pair classified Primary, Secondary or Tertiary.
765,944 mapping pairs in total.

How to use it?

Search by risk domain, control quadrant, or keyword. Filter to Primary mappings, or expand to the full set. Every result links back to its MIT-taxonomy source.

Why this exists?

Most frameworks assert “appropriate controls” and leave the mapping to whoever implements them.
State the number once, clearly, and let the tool demonstrate it rather than repeating it as a headline claim.

Where does this fit?

The evidence base the Assessment Tool draws its recommendations from, and the reference the HAiPECRTM Filter's audit record points back to.

Where can I find out more about the underlying mapping methodology and algorithm(s) used to produce this?

T
That simple: click on "Methodology Guide" in the Risk <> Controls Map below and details how the current mapping has been arrived at will open on your screen

EW-AiRM™ Assessment Tool — Demo (Lite)

What this is. A live demo of the EW-AiRM™ Assessment Tool. Pick a tier below to see how the assessment depth changes with organisational exposure. Answer the questions to generate a board-level snapshot of AI risk posture.

What this is not. The production tool runs 109 questions across the four EW-AiRM™ layers. This demo shows a curated subset — enough to evaluate the method and to teach it, not enough to substitute for the full assessment.

109questions in the production tool, across four layers
66Strategic · 6 pillars, 27 assessment dimensions
21HAiPECR · 7 ethical dimensions
10Operational · MIT FutureTech domains
12Resilience · 8 AI Black Swan categories
Step 1 · Choose your tier
EW-AiRM™ scales with organisational exposure. Switch tiers to see questions appear and disappear.
Always-on filter

The Five Non-Negotiables

These five conditions apply at every tier. Any one of them at a failing status overrides the composite score and forces an F-Critical posture — the framework does not let a poor Non-Negotiable hide behind a good Risk Posture Index.

01

Strategic Layer

Six pillars covering the governance decisions made before and around AI deployment. Production tool: 66 questions across 27 assessment dimensions. This demo shows up to 8.

02

HAiPECR Ethical Filter

Seven dimensions (Human oversight, Accountability, inclusivity, Privacy, Explainability, Conduct, Responsibility) applied across all three EW-AiRM™ layers. Production tool: 21 questions. This demo shows up to 8.

03

Operational Layer

Risk identification built on the MIT FutureTech AI Risk Repository (7 domains, 24 subdomains). Production tool: 10 questions plus the four-quadrant risk register. This demo shows up to 3.

04

Resilience Layer

Eight AI Black Swan categories: low-probability, high-consequence events that traditional risk registers miss. Production tool: 12 questions plus the resilience governance framework. This demo shows up to 3.

Output

Board-Level Snapshot

Risk Posture Index
Standard tier
0
Low
0
Medium
0
High
0
Unacceptable
Non-Negotiables status
Strategic
HAiPECR
Operational
Resilience
Answer the assessment to generate a verdict. The board snapshot updates live as you respond.
Beyond the demo

What the production tool adds

This demo shows the question logic and the output. The production EW-AiRM™ Assessment Tool is a working instrument built for evidence, audit, and the boardroom. Everything below is in the full version and deliberately held back here.

SL/PL1/Q3Std+LOW

The full question set

All 109 questions across the four layers, each with a reference code (for example SL/PL1/AD2/Q3), an applicable-tier marker, and a cumulative “expected at this tier” maturity descriptor.

CSE

Cumulative tier scoring

A Yes / No response, then a tier-specific maturity selection. Tiers are cumulative: an Enterprise assessment carries the Core and Standard questions beneath it, scored as one.

Auto: HighSet: MediumOVRcomment: residual covered by vendor SLA

Override & audit trail

Every auto-calculated risk can be overridden with a mandatory comment. Overrides are flagged (OVR) and retained, so the assessment carries its own defensible audit trail.

PL3 / Q6N/Aexcluded — rationale recorded

Formal exclusions

Criteria that genuinely do not apply can be formally disabled, each with a recorded rationale, so the score reflects scope rather than silent omission.

Risk fingerprint

The Board Report renders a risk fingerprint: every assessed criterion as a colour-coded cell, so the whole posture reads as one signature you can compare across time, business units, or AI systems.

Board & detailed reports

A board-ready report and a full detailed report, each generated from the live data, with radar dashboards for the portfolio risk profile and the risk profile by layer.

F-CRITICALRPI 55 — overridden

F-Critical override

Any Non-Negotiable at a failing status overrides the composite score and forces an F-Critical posture. Governance basics cannot be averaged away.

DOCXPDFJSONoffline

Export, offline, private

Export to Word, PDF, or JSON. A single self-contained file: no install, no server, no cloud. The assessment never leaves the device it runs on.

fx=IF(resp="No","Unacceptable",LOOKUP(...))RefQRespTierRisk

Excel sibling

A companion scoring workbook with 485 transparent formulas, for audit and procurement teams who want to see the calculation rather than trust it.

© 2026 De-Risking Solutions Ltd. EW-AiRM™ and HAiPECR are trademarks. Demo content; not for distribution.
The assessment tool will also be available via the MAESTRO AI Governance Consortium (in formation).
human-ai.institute · Listed on OECD.AI Policy Observatory

Like what you're seeing?
Then get in touch to find out more:

The fastest way to understand EW-AiRM™ is to run an assessment against an AI use case you already know.