Building an AI controls register for Australian organisations

An AI controls register documents the specific controls applied to each AI system, what they are, who owns them, how they're tested, and whether they're working. It sits alongside the AI risk register but focuses specifically on what the organisation is doing about the identified risks. For Australian organisations subject to APRA (Australian Prudential Regulation Authority), ASIC (Australian Securities and Investments Commission), or Privacy Act obligations, the controls register provides the evidence that governance is operational, not just documented.

Controls framework

Structure controls around the regulatory expectations that apply: CPS 230 for operational risk; CPS 234 for information security; ASIC REP 798 findings for market conduct; Privacy Act for data protection; Anti-discrimination legislation for fairness; WHS obligations for worker-facing AI.

Preventive controls. AI policy and acceptable use standards; risk classification before deployment (tollgate/approval process); vendor due diligence before procurement; bias testing before deployment; DPIA before processing personal data; board approval for high-risk AI deployments.

Detective controls. Ongoing model performance monitoring; drift detection (PSI, KS tests); fairness monitoring across demographic groups; output sampling and human review; KRI monitoring with defined thresholds and escalation; incident detection and reporting; shadow AI detection (periodic discovery audits).

Corrective controls. Model rollback procedures; incident response and escalation; remediation tracking; regulatory notification procedures; customer remediation processes; vendor escalation and exit provisions.

Documentation per control

Each control should document: control name and description; which AI system(s) it applies to; which regulatory requirement it addresses; named owner (individual); testing methodology and frequency; last test date and result; evidence location (where test evidence is stored); status (effective / partially effective / ineffective / not tested).

Integration with APRA CPS 230

CPS 230 requires organisations to identify, assess, and manage operational risks. AI systems create operational risks that require controls. The controls register demonstrates to APRA that: material AI risks have been identified; controls are designed and implemented; controls are tested and effective; control failures are escalated and remediated. APRA's 30 April 2026 letter specifically expects continuous validation, meaning detective controls must operate on an ongoing basis, not annually.

Primary sources: APRA CPS 230 · ASIC

Related reading