Why a controls register, not just a policy
Many Australian organisations have responded to AI governance expectations by writing a policy. A policy is necessary but not sufficient. A policy says what should happen; a controls register documents what actually happens — the specific mechanisms, checks and accountabilities that translate governance intent into operational reality.
When a regulator, auditor or board member asks how you govern your AI, a policy answers in principle. A controls register answers in fact. The OAIC began its first compliance sweep of privacy policies in January 2026 and will move to automated decision-making disclosure enforcement from December 2026.
What goes in a controls register
An AI controls register has two layers: a system-level register for each AI system, and a control-level register for specific controls on each system.
For each AI system: name and purpose; business owner and technical owner; risk classification; regulatory obligations that apply; and controls implemented or planned. For each control: description; type (preventive, detective, corrective); owner; testing frequency; most recent test result; and any remediation items.
Mapping to AI6
Practice 1 — Accountability: Named executive; documented accountability per AI system; board oversight mechanism; AI governance in risk committee terms.
Practice 2 — Impact Assessment: Risk assessment methodology; mandatory completion before deployment; reassessment triggers for material changes; Privacy Impact Assessment for sensitive data.
Practice 3 — Risk Management: AI in enterprise risk register; risk appetite statement; controls proportionate to risk classification; escalation path for emerging risks.
Practice 4 — Transparency: Privacy policy disclosure of automated decisions — mandatory from December 2026 under APP 1.7; disclosure to individuals when AI affects decisions about them; AI system register maintained.
Practice 5 — Testing and Monitoring: Pre-deployment testing for bias and accuracy; post-deployment monitoring schedule; incident reporting mechanism; model drift detection for high-risk systems.
Practice 6 — Human Oversight: Human review mechanism for consequential decisions; override capability documented; escalation path for edge cases; oversight proportionate to risk classification.
Making controls testable
The most common failure in AI control environments is writing controls that cannot be tested. The [Role] reviews a random sample of [n] outputs from [System] monthly against [criteria], records findings in [location], and escalates material issues to [Role] within [timeframe] is a testable control. Every control in your register should meet this standard.
