Mon - Sat8.00 - 18.00 Sunday CLOSED
Offices47 Trinidad Terrace New Kingston, Jamaica.
[email protected]
1876 9265210
 
AI & AutomationAI and Cloud IntegrationAI Assurance & AuditingAI Assurance AuditorsAI Governance & ComplianceAI in AuditAI in Regulated IndustriesAI Risk & GovernanceAI Risk ManagementAI Standards & CertificationsAI Strategy for BusinessGovernanceGovernance & AssuranceGovernance & ComplianceGovernance & DisputesGovernance PillarGovernance Risk & ComplianceGovernance Risk and ComplianceGRC (Governance

AI Risk Classification: Governing by Consequence, Not by Technology

April 9, 2026by Dr Dawkins Brown

The Case for Risk-Proportionate Governance

One of the most common governance errors Caribbean enterprises make when building AI oversight frameworks is applying uniform governance requirements across all AI systems regardless of their risk profile. This approach is simultaneously too burdensome for low-risk applications and dangerously inadequate for high-risk ones. It produces compliance theatre — the appearance of governance — without the substance.

Effective AI governance is risk-proportionate. It begins with a disciplined classification of AI systems by their potential for harm, and applies governance requirements commensurate with that harm potential. The more consequential the AI system’s decisions, the more rigorous the governance. The less consequential, the lighter the governance burden — freeing resources to focus where they matter most.

This principle is embedded in global regulatory frameworks including the EU AI Act, and is increasingly reflected in Caribbean regulatory guidance. It is also, fundamentally, good risk management practice.

The Dawgen Global AI Risk Classification Framework

Dawgen Global’s AI Risk Classification Framework categorises AI systems across four tiers, based on an assessment of two primary dimensions: the potential severity of harm from system failure, and the degree of human oversight over AI outputs.

 

AI Risk Classification — Four-Tier Framework
• Tier 1 — Prohibited Applications: AI uses that pose unacceptable risks and must not be deployed
• Tier 2 — High-Risk Applications: AI that makes or significantly influences consequential decisions; full governance required
• Tier 3 — Medium-Risk Applications: AI that supports decisions but with meaningful human review; standard governance applies
• Tier 4 — Low-Risk Applications: AI with limited consequential impact; baseline governance and transparency requirements

 

Tier 1: Prohibited Applications

Certain AI applications pose risks so severe that no governance framework can adequately mitigate them, and they should be explicitly prohibited. Caribbean enterprises should develop a Prohibited AI Register that defines, with specificity, the AI uses that will not be permitted under any circumstances. Examples include:

  • Social scoring systems that aggregate personal data to produce citizenship or creditworthiness scores used to restrict access to services or rights
  • Real-time biometric identification in public spaces for law enforcement purposes, absent specific legal authorisation
  • AI systems designed to exploit psychological vulnerabilities, cognitive biases, or emotional states to manipulate user behaviour
  • AI-generated content designed to impersonate regulatory bodies, financial institutions, or public officials

Tier 2: High-Risk Applications

High-risk AI systems are those that make or materially influence decisions with significant consequences for individuals or organisations. In the Caribbean context, these typically include:

Sector High-Risk AI Applications
Financial Services Credit scoring and loan origination; insurance underwriting; fraud detection; AML transaction monitoring; investment recommendations
Human Resources CV screening and candidate shortlisting; performance assessment; promotion and compensation decisions; employee monitoring
Healthcare Diagnostic assistance; treatment recommendation; patient risk stratification; medical resource allocation
Legal & Regulatory Regulatory compliance monitoring; contract analysis; legal risk assessment
Critical Infrastructure Utility network management; transportation control; emergency response systems

 

Tier 2 systems require the full governance stack: documented AI risk assessment prior to deployment, independent model validation, named system owner, explainability capability, continuous performance monitoring, human review for individual decisions, and periodic AI audit.

Tier 3: Medium-Risk Applications

Medium-risk AI systems assist human decision-makers but do not determine outcomes autonomously. The human retains meaningful decision-making authority and the AI functions as a decision-support tool. Examples include AI-generated market analysis, customer segmentation for marketing, predictive maintenance recommendations, and AI-assisted report drafting.

Tier 3 governance requirements include: documentation of intended use and limitations, training for human users to understand AI outputs critically, performance monitoring, and periodic review. The key governance question for Tier 3 is whether the human oversight is genuinely meaningful — or whether human reviewers have become rubber stamps for AI recommendations.

Tier 4: Low-Risk Applications

Low-risk AI includes applications where the potential for harm is limited, the AI is transparent about its nature, and no consequential decisions are made. Examples include AI chatbots for customer information (clearly disclosed), AI-generated content tools for internal drafting assistance, and AI-powered search and summarisation tools.

Tier 4 requires baseline governance: disclosure of AI use to users where relevant, basic monitoring for performance and misuse, and inclusion in the AI system inventory. Governance should be proportionate — a light registration and monitoring requirement, not a full model validation programme.

Classification in Practice: The Assessment Process

Classification should not be self-assessed by the teams deploying AI systems. There is an inherent conflict of interest — teams under pressure to deploy quickly will underestimate risk. Dawgen Global recommends a structured classification process with three elements:

  • Self-Assessment by the AI system owner using a standardised questionnaire covering intended use, decision autonomy, affected population, harm potential, and oversight mechanisms
  • Independent Review by the Risk or Compliance function using a defined classification rubric, with escalation to the CRO for systems provisionally classified as Tier 2 or above
  • Board/Risk Committee Approval for all Tier 2 classifications, with documented rationale and defined governance requirements

 

A well-functioning AI Risk Classification process does not slow down AI deployment — it ensures that governance effort is concentrated where risk is highest, freeing teams to move quickly on low-risk applications.

Next in the Series — Article 5: Auditing the Algorithm: What AI Assurance Looks Like in Practice

About Dawgen Global

“Embrace BIG FIRM capabilities without the big firm price at Dawgen Global, your committed partner in carving a pathway to continual progress in the vibrant Caribbean region. Our integrated, multidisciplinary approach is finely tuned to address the unique intricacies and lucrative prospects that the region has to offer. Offering a rich array of services, including audit, accounting, tax, IT, HR, risk management, and more, we facilitate smarter and more effective decisions that set the stage for unprecedented triumphs. Let’s collaborate and craft a future where every decision is a steppingstone to greater success. Reach out to explore a partnership that promises not just growth but a future beaming with opportunities and achievements.

✉️ Email: [email protected] 🌐 Visit: Dawgen Global Website 

📞 📱 WhatsApp Global Number : +1 555-795-9071

📞 Caribbean Office: +1876-6655926 / 876-9293670/876-9265210 📲 WhatsApp Global: +1 5557959071

📞 USA Office: 855-354-2447

Join hands with Dawgen Global. Together, let’s venture into a future brimming with opportunities and achievements

by Dr Dawkins Brown

Dr. Dawkins Brown is the Executive Chairman of Dawgen Global , an integrated multidisciplinary professional service firm . Dr. Brown earned his Doctor of Philosophy (Ph.D.) in the field of Accounting, Finance and Management from Rushmore University. He has over Twenty three (23) years experience in the field of Audit, Accounting, Taxation, Finance and management . Starting his public accounting career in the audit department of a “big four” firm (Ernst & Young), and gaining experience in local and international audits, Dr. Brown rose quickly through the senior ranks and held the position of Senior consultant prior to establishing Dawgen.

previous
Algorithmic Accountability: Who Answers When AI Gets It Wrong?
next
Auditing the Algorithm: What AI Assurance Looks Like in Practice

https://www.dawgen.global/wp-content/uploads/2023/07/Foo-WLogo.png

Dawgen Global is an integrated multidisciplinary professional service firm in the Caribbean Region. We are integrated as one Regional firm and provide several professional services including: audit,accounting ,tax,IT,Risk, HR,Performance, M&A,corporate recovery and other advisory services

Where to find us?
https://www.dawgen.global/wp-content/uploads/2019/04/img-footer-map.png
Dawgen Social links
Taking seamless key performance indicators offline to maximise the long tail.
https://www.dawgen.global/wp-content/uploads/2023/07/Foo-WLogo.png

Dawgen Global is an integrated multidisciplinary professional service firm in the Caribbean Region. We are integrated as one Regional firm and provide several professional services including: audit,accounting ,tax,IT,Risk, HR,Performance, M&A,corporate recovery and other advisory services

Where to find us?
https://www.dawgen.global/wp-content/uploads/2019/04/img-footer-map.png
Dawgen Social links
Taking seamless key performance indicators offline to maximise the long tail.

© 2023 Copyright Dawgen Global. All rights reserved.

© 2024 Copyright Dawgen Global. All rights reserved.