I help boards trust their AI — by governing the data that feeds it.

Problem

Enterprise AI initiatives were outpacing the controls around them. Delivery teams wanted to ship; risk teams wanted evidence; regulators wanted traceability. Internal teams needed a repeatable way to assess inherent AI risk, define mitigations, and produce assurance evidence without slowing delivery — and without a different answer for every client.

Approach

• Designed an enterprise AI assurance framework aligned to DAMA DMBOK, ISO 27001, and APRA CPS 234 & CPG 235 — with EU AI Act readiness mapped in for forward-compatibility.
• Built a Responsible AI control library: risk taxonomy, model classification, decision-point register, bias / fairness controls, human-in-the-loop checkpoints, and operational risk owners.
• Mapped regulatory obligations to AI lifecycle stages, controls, and accountability models in Collibra — every obligation tied to a control, every control tied to an owner.
• Stood up repeatable AI assessment, AI inventory, and approved-use-case workflows, embedded into ADMP delivery rituals so assurance was a pipeline step, not an afterthought.
• Coordinated third-party AI due diligence — technical docs, control environments, testing evidence, contract obligations, and ongoing vendor risk reviews.
• Trained delivery leads on "assurance-by-design" — what to capture, when, and how to evidence it without blocking sprints.

Outcomes

• Improved regulator and internal-risk confidence through repeatable assurance artefacts that auditors could trace end-to-end.
• Enabled secure, auditable migrations for Australian Retirement Trust and Challenger.
• Reduced data and AI risk during legacy decommissioning and cloud migration.
• Cut time-to-assurance from weeks of bespoke work to a templated 3–5 day flow per use case.
• Created reusable patterns that other Accenture delivery teams now apply across regulated AU clients.

Problem

Ziko was layering AI features onto cloud data without governance scaffolding. Data ownership, sensitivity, lineage, and access patterns were largely tribal knowledge — a regulator and customer trust risk as AI usage grew.

Approach

• Conducted AI and data governance assessment for the Azure migration.
• Established Data Owners, Stewards, governance forums, decision rights, and escalation paths.
• Implemented MS Purview classification, sensitivity labels, and data estate map.
• Aligned Purview policies with Azure security, access management, and audit requirements.

Outcomes

• Delivered a governed, AI-ready cloud platform with scalable compliance and security.
• Strengthened trust in AI-driven outputs through structured governance.
• Improved traceability of data inputs feeding AI models inside Ziko.

Problem

Long-running ETL was blocking same-day reporting; on-prem footprint was expensive; planned migration timelines were aggressive and audit-sensitive.

Approach

• Re-architected ETL with quality gates, lineage capture, and reusable patterns.
• Embedded governance into the Snowflake migration — access, classification, masking, and review cadence.
• Stood up risk-aware delivery rituals across onshore/offshore teams up to 23 developers.

Outcomes

• ETL processing time reduced from 8 hours to 28 minutes — same-day data availability.
• Snowflake migration completed in <25% of planned time, saving approximately $1.5M.
• Improved client confidence in AI-driven outputs through governance traceability.

Problem

Core banking migrations are unforgiving: data quality, secure handling, and audit traceability all need to land cleanly the first time, with members and regulators watching.

Approach

• Implemented data management policies aligned to regulatory and audit expectations.
• Built evidence packs and traceability supporting audit readiness.
• Introduced operating disciplines — punctuality, cadence, escalation paths.

Outcomes

• Digitisation and storage savings exceeded $300k.
• Operational discipline and punctuality lifted from 48.3% to 92.5% in three months.
• Built a collaborative, risk-aware culture across business and technology.

Problem

Selling a regulated wealth division means separating customer, investment, and insurance data across seven core applications under strict regulator and contractual deadlines — with zero tolerance for leakage between buyers. The data that landed with each buyer had to be clean, complete, evidenced, and legally defensible. Failures here mean APRA conversations, broken contractual warranties, and personal-data breaches.

Approach

• Planned, mapped, and resolved data issues across seven core applications spanning customer, policy, investment, and claims domains.
• Designed BI and data architecture supporting the split and downstream compliance for both buyers.
• Coordinated onshore/offshore teams across multiple time zones and embedded risk management and governance rituals.
• Built field-level mappings with provenance, ownership, and SFT-compliant evidence trails.
• Worked through politically sensitive divestment dynamics — keeping technical teams focused while the commercial deal moved.
• Defined cut-over and run-back procedures so a failed transfer never left customers without a system of record.

Outcomes

• Successful Successor Fund Transfer (SFT) and Project EDISON delivery — on time, on regulator schedule.
• Clean data separation across seven applications under tight, audited deadlines.
• Stakeholder engagement maintained throughout a politically sensitive divestment.
• Both buyers (Zurich and Insignia) onboarded data with documented integrity and no post-handover material defects.
• Established a divestment-data playbook reused inside ANZ’s wider transformation programs.

Problem

Each client had different risk frameworks, regulators, and AI maturity — but all needed structured governance to defend AI-driven outputs to internal audit, board, and external regulators.

Approach

• Mapped each client’s obligations to data assets, analytics outputs, and operational controls in Collibra.
• Delivered data quality remediation, metadata management, lineage, and secure ETL pipelines.
• Built audit-ready governance artefacts supporting data quality, AI usage, and risk controls.

Outcomes

• Improved client confidence in AI-driven solutions through compliance traceability.
• Embedded structure, accountability, and governance across teams of up to 23 developers.
• Built a reusable assurance pattern across predictive analytics, BI, and automation programs.

Problem

Reporting was unreliable, data standards were inconsistent across domains, and ETL pipelines were hard to monitor — limiting trust in enterprise reporting and downstream digital initiatives.

Approach

• Implemented structured data quality, metadata, and secure handling processes across business units.
• Improved ETL pipelines and monitoring for stable business reporting operations.
• Worked across stakeholders to support Toyota’s digital transformation.

Outcomes

• Enhanced governance maturity and consistent data standards across finance, sales, and customer domains.
• Stabilised business reporting and improved data transparency.
• Enabled cohesive, high-performing teams across onshore and offshore contributors.

Problem

The client had policies, an audit committee, and a growing AI inventory — but no single place to answer the question regulators actually ask: "Show me the obligation, the control that implements it, the owner who runs it, and the evidence it works." Compliance was a quarterly hunt across SharePoint, JIRA, and a dozen control owners.

Approach

• Modelled the regulatory obligation library inside Collibra — APRA CPS 234 & CPG 235, ISO 27001, internal risk taxonomy — at the clause level, not just the framework level.
• Mapped each obligation to controls, owners, evidence sources, and the AI / data assets it governs — with Collibra communities aligned to business domains, not IT silos.
• Built lineage and asset relationships so an AI use case shows the obligations it must satisfy, the data assets it consumes, and the control evidence supporting it.
• Defined a quarterly attestation cycle inside Collibra workflows so control owners certify evidence rather than email it.
• Trained domain stewards in how to maintain their own governance artefacts — moving from central admin overhead to federated ownership.

Outcomes

• Single defensible source of truth for AI and data governance evidence — auditors and regulators can self-serve.
• Eliminated quarterly evidence-hunt overhead — replaced with attestation workflows.
• Shortened time-to-answer on regulator queries from weeks to days.
• Created a federated stewardship model that scales with the AI inventory.

Problem

The insurer was adopting AI in claims and underwriting fast, but its data estate was a patchwork: Azure SQL, on-prem SQL, Snowflake, Power BI semantic models. Nobody could answer "where is PII in our AI training data, and who owns it?" in under a week. APRA expected better.

Approach

• Designed the Purview rollout sequence — Azure native first, then Snowflake via the multi-cloud connector, then Power BI semantic-model registration.
• Built the classification taxonomy: PII, sensitive PII, health, financial, customer-identifiable, model training, model output — mapped to APRA CPS 234 & Privacy Act obligations.
• Implemented automated sensitivity labelling on Azure-hosted data with policies that propagate to downstream BI assets.
• Established a Data Owner / Steward operating model aligned to insurance business domains (claims, underwriting, customer, finance).
• Integrated Purview outputs into the AI assurance workflow — so model documentation references real-time classifications of training inputs.

Outcomes

• "Where is PII in our AI training data?" became a 30-second query.
• Audit-ready evidence pack for APRA CPS 234 and Privacy Act obligations — auto-refreshed.
• Surfaced previously undetected sensitive-data flows into Power BI dashboards — closed before regulator review.
• Reduced AI assurance turnaround time by integrating live classifications into model documentation.

Problem

Small Sydney businesses needed real websites — not template builders — but couldn’t justify $25k–$60k agency fees. Most ended up with generic Wix sites that didn’t convert. They needed bespoke design, governed copy, working forms, and SEO — without the agency price tag.

Approach

• Used AI design and code generation tools end-to-end — discovery, sitemap, copy, layout, code — with a human-in-the-loop for brand voice, accessibility, and accuracy.
• Applied a governance-by-design lens even at SMB scale: privacy notice, accessibility checks, form-data handling, basic SEO, and analytics consent.
• Built reusable templates and component libraries so subsequent client builds got faster without losing bespoke feel.
• Embedded contact forms, booking flows, and Stripe / payments where relevant — wired to authenticated email so leads landed reliably.

Outcomes

• Delivered consultancy-grade websites at small-business price points and turnaround times.
• Multiple Sydney SMB clients launched within weeks rather than months.
• Demonstrated, in production, what AI-assisted delivery actually looks like — the same patterns I bring to enterprise clients.
• Proof point: governance-by-design scales down, not just up.

Problem

The team was processing high-volume document and email workflows manually — slow, error-prone, and expensive. Quality varied by operator, evidence trails were thin, and growth was bottlenecked on hiring. Pure RPA had been tried and stalled because the inputs were too unstructured.

Approach

• Mapped the existing process — intake, classification, extraction, review, action, reporting — and quantified handling time per step.
• Replaced manual intake/classification with LLM-assisted triage; replaced manual extraction with structured-output AI; left exceptions and judgement calls with humans.
• Built explicit governance into the automation: every AI decision logged, every override traceable, every output reviewable.
• Wired the workflow into existing tooling rather than ripping it out — so the team kept their familiar surface but the heavy lifting moved underneath.
• Designed a tiered review model — high-confidence outputs auto-actioned; medium-confidence sent for spot-check; low-confidence routed to a specialist.

Outcomes

• Required headcount reduced by ~50% on the workflow — without redundancies; reassigned staff to higher-judgement work.
• Turnaround time on standard requests dropped from days to hours.
• Audit traceability improved — every AI decision logged with confidence score and reviewer.
• Demonstrated AI automation done with governance, not in spite of it — a pattern now reusable across other Sydney engagements.