An AI impact assessment is a structured process used to evaluate the potential effects of deploying an artificial intelligence system. These assessments are critical for AI assurance, particularly when systems are intended for use in high-risk domains such as public security, defence, social services, or healthcare.

The goal of an AI impact assessment is to anticipate and mitigate harms before deployment. It provides a framework for identifying where a system may produce unintended consequences, exacerbate inequalities, or create compliance risks.

Typical components of an AI impact assessment include:

• System description and intended use

• Stakeholder analysis, including who is affected and how

• Risk identification, including technical, social, legal, and ethical risks

• Mitigation strategies and safeguards

• Consultation and transparency measures

In assurance practices, impact assessments serve as a foundational document that guides testing protocols, monitoring plans, and governance requirements. They are often required by regulation (e.g., under Canada’s Directive on Automated Decision-Making or the EU AI Act) and are increasingly integrated into procurement and deployment workflows.

An effective impact assessment should be iterative, updating as the system evolves or new information emerges. It should also involve multidisciplinary input, including legal, technical, policy, and user perspectives.

Assurance teams evaluate impact assessments to:

• Validate that risks have been properly scoped and addressed

• Ensure that system limitations and trade-offs are documented

• Confirm alignment with ethical standards and organisational values

• Inform the scope and intensity of downstream assurance activities

By conducting an impact assessment, organisations demonstrate foresight, responsibility, and preparedness. In doing so, they strengthen public trust, reduce downstream costs, and contribute to a more accountable and transparent AI ecosystem.