# Monitoring and Audit Framework

## Objective

Create enough visibility to know whether governance exists in practice.

## What to monitor

- approved tool roster
- active users by tool
- requests for new tools
- policy exceptions
- training completion
- incident count and type
- review failures or near misses

## Governance review cadence

Monthly:

- review incidents and exceptions
- review new tool requests
- review training completion status

Quarterly:

- review policy relevance
- reassess approved tools
- evaluate repeat failure patterns
- update training content

## Basic governance metrics

- percentage of AI-using staff trained
- percentage of known tools formally approved
- number of incidents or near misses
- number of exceptions granted
- percentage of high-impact workflows with review controls