AI Readiness Assessment: A Practical Framework Before You Spend on AI

Most AI projects fail before any model is trained. They fail because the organisation was not ready - the data was scattered across six systems, the process being automated was undocumented, the buyer had no clear KPI, and nobody owned the outcome after go-live. An AI readiness assessment is the work you do before commissioning a build to find out which of those problems you have, how expensive they are to fix, and which AI opportunities are actually worth pursuing in the next twelve months.

This guide covers what a credible assessment includes, how to score readiness across the dimensions that matter, what outputs to demand from any provider, and what the work should cost. It is written for operators who are about to spend money and want to spend it well.

What an AI readiness assessment actually is

An AI readiness assessment is a structured review of an organisation's data, processes, technology, skills, and governance against a specific set of AI use cases. It is not a generic capability audit. The output should answer three questions: which use cases are viable now, which need preparatory work first, and which should be deferred or abandoned. A good assessment ends with a prioritised roadmap, a cost estimate for each initiative, and an honest list of the things that need fixing before any of it works.

The distinction worth holding onto: readiness is always relative to a use case. An organisation can be highly ready for sales-process automation and completely unready for a customer-facing RAG assistant, because the data quality, governance bar, and risk profile differ. Assessments that produce a single "readiness score" without specifying the use case are theatre.

Gartner's 2024 forecasting noted that at least 30% of generative AI projects will be abandoned after proof-of-concept by end of 2025, with poor data quality and unclear business value cited as primary causes. That failure rate is what an assessment exists to prevent.

The six dimensions that actually predict success

Most readiness frameworks list ten to fifteen criteria. In practice, six dimensions explain most of the variance between projects that ship and projects that stall.

1. Data availability and quality

Does the data needed for the use case exist, in a system you control, with sufficient history, and in a state that does not require months of remediation? For a sales lead-scoring model you need 12-24 months of labelled outcomes (won, lost, no-decision) tied to firmographic and behavioural data. For a RAG assistant you need authoritative source documents with clear versioning. The common failure mode is discovering, three weeks into a build, that the "single source of truth" is actually three spreadsheets maintained by different teams.

2. Process clarity

Is the process being augmented or automated documented in a form a junior team member could follow? If not, you are paying an AI agency to do the business analysis your operations team should have done five years ago. That is fine, but price it accordingly. Workflow automation projects on undocumented processes typically run 40-60% over initial estimates because the discovery phase keeps surfacing edge cases nobody mentioned.

3. Technical foundations

Are the source systems API-accessible? Do you have authentication infrastructure that allows secure machine-to-machine access? Is there a staging environment to test against? Legacy systems without APIs (older ERPs, AS/400 systems, on-premise databases with no external access) do not block AI projects but they roughly double integration cost and add three to six weeks of lead time.

4. Governance and risk posture

Who decides what the AI is allowed to do? Who reviews outputs? What happens when it gets something wrong? For regulated industries this maps directly onto FCA, ICO, or sector-specific obligations. The ICO's guidance on AI and data protection sets clear expectations around lawful basis, transparency, and meaningful human review of automated decisions. Organisations without a named data protection lead or an established review process for new processing activities will struggle to deploy customer-facing AI safely.

5. Skills and operational capacity

Who runs the system after the agency leaves? AI systems are not fire-and-forget. Prompts drift, source data changes, evaluation metrics need monitoring, and integrations break when upstream APIs deprecate endpoints. Either you have someone internally who can own it, or you contract for ongoing operation. Both are valid; pretending you have capacity you do not have is the failure mode.

6. Executive sponsorship and incentive alignment

Is there a named executive whose bonus or quarterly review depends on this working? AI projects that are owned by "innovation" budgets with no operational P&L stake tend to stall at the pilot stage. The strongest signal of readiness is a head of operations or revenue leader who has put a number against the outcome.

A scoring model you can actually use

For each dimension, score the organisation 1-5 against the specific use case under consideration:

• 1 - Blocker: the problem is severe enough that the use case is not viable until it is fixed. Example: no labelled outcome data for a predictive model.
• 2 - Major gap: significant remediation needed, 3-6 months of preparatory work before build can start meaningfully.
• 3 - Workable with effort: issues exist but can be addressed during the build itself, with proportional cost increase.
• 4 - Ready: minor friction only.
• 5 - Strong: dimension is a positive asset for the project.

Any score of 1 on any dimension means the use case is not currently viable. A composite score below 18 (average of 3 across all six) typically means the project should be deferred or restructured. Above 24 (average of 4) means the use case is genuinely ready to commission.

The point of the scoring is not the number. The point is forcing the conversation - which dimension is the weakest, what specifically would move it from 2 to 4, and what does that remediation cost? An assessment that does not produce that conversation has failed.

What a credible assessment process looks like

A serious readiness assessment is two to four weeks of work, depending on organisational complexity. For a mid-market business with 5-15 source systems and 3-5 candidate use cases, expect:

Week 1 - Discovery. Stakeholder interviews (typically 8-15 people across operations, technology, data, compliance, and the executive sponsor). Inventory of source systems, data flows, and existing automations. Review of current process documentation. Initial use-case longlist, usually 15-30 candidates surfaced from the interviews.

Week 2 - Technical assessment. Deeper review of the top 8-10 candidate use cases. Data sampling where possible. API and integration feasibility checks. Review of authentication, hosting, and security posture. Conversations with vendors and product owners for the systems involved.

Week 3 - Prioritisation and costing. Scoring each candidate against the six dimensions. Producing T-shirt-sized estimates (small: under £25k, medium: £25-75k, large: £75-200k, programme: over £200k) with confidence intervals. Mapping dependencies between initiatives.

Week 4 - Roadmap and presentation. A 12-month sequenced plan showing what to build first, what to prepare for, and what to defer. Identified remediation work (data cleanup, process documentation, governance setup) priced separately. Presentation to the executive team with explicit decision points.

The deliverables should include: a written report (typically 25-50 pages), a scored use-case register, a costed roadmap, and a remediation backlog. If a provider offers an assessment without producing all four artefacts, ask what you are paying for.

What it should cost

For UK mid-market organisations, fixed-fee readiness assessments typically run £8,000-£25,000 depending on scope. The variance is driven by organisational complexity (number of source systems, number of business units, regulatory exposure) and the breadth of use cases under consideration.

Be sceptical of free assessments offered by implementation agencies. They are sales tools, optimised to surface use cases the agency is good at building, not to give you an honest view of readiness. They are also typically a week or less of effort, which is not enough time to do the work properly. A free two-hour discovery call followed by a sales proposal is not an assessment.

Be equally sceptical of assessments priced above £50,000 from large consultancies. The McKinseys and Accentures of the world will produce a credible report, but the cost-to-value ratio for mid-market organisations is poor, and the report typically lacks the implementation-level detail (specific tools, specific integration patterns, specific cost estimates per system) that operators actually need to act on it.

The sweet spot for mid-market is a specialist agency or consultancy that does both strategy and implementation. The assessment is more useful because the people writing it know what builds actually cost and what breaks in production. Productive's 2024 agency benchmark report found that strategy-only engagements have the lowest client satisfaction scores in the AI services category, largely because recommendations rarely survive contact with implementation reality.

Red flags in readiness assessment proposals

A few patterns that should trigger more questions:

• Generic frameworks with no use-case specificity. If the assessment is the same regardless of whether you are deploying a customer chatbot or automating finance reconciliations, it will not produce actionable output.
• No data sampling. Any assessment that produces a verdict on data readiness without actually looking at the data is guessing.
• No cost estimates in the output. A roadmap without costs is not a roadmap, it is a wishlist.
• No named remediation work. If everything is rated "ready," the assessment was a sales exercise. Real organisations always have gaps.
• Tool-locked recommendations. If the assessment recommends the same vendor for every use case, the provider has an incentive problem.
• No ICO or sector-regulator references. Any UK assessment that does not address UK GDPR obligations and, where relevant, FCA or sector guidance is incomplete.

Using the output - what to do in the first 90 days after

The assessment is worth what you do with it. The strongest pattern we see in organisations that successfully scale AI:

Days 1-30: Commission the highest-ranked use case as a contained build, ideally something internal-facing where the cost of imperfection is low. Begin the highest-priority remediation work in parallel (typically data consolidation or process documentation).

Days 31-60: First use case in pilot. Measure against the KPI defined in the assessment. Begin scoping the second use case based on what was learned.

Days 61-90: First use case in production with monitoring. Decision point on second use case. Review the readiness scores - some dimensions will have improved through the act of building, others will have surfaced new issues.

The compounding benefit is real. Organisations that ship one well-scoped AI system in the first 90 days are dramatically more likely to ship the next five, because they have built the operational muscle (governance, monitoring, prompt management, evaluation) that the second project does not need to invent.

Frequently asked questions

How long does an AI readiness assessment take?

For a UK mid-market organisation with 5-15 source systems and a handful of candidate use cases, expect two to four weeks of elapsed time. The actual consultant effort is typically 15-25 working days spread across that period, with stakeholder interviews concentrated in the first week and analysis and roadmap work in the latter half. Larger organisations with multiple business units or regulated environments can extend to six to eight weeks. Assessments that promise turnaround in under a week are either pre-templated outputs with a logo changed, or they are sales discovery dressed up as assessment work.

What is the difference between an AI readiness assessment and an AI strategy?

A readiness assessment evaluates whether the organisation can execute on specific AI use cases now, and what would need to change to make it possible. An AI strategy sits one level up - it answers what role AI should play in the business over the next 24-36 months, which capabilities to build internally versus buy, and how AI fits into broader operational and commercial priorities. In practice the two are often combined, with the assessment providing the evidence base that the strategy is built on. If you only commission one, commission the assessment - strategy without readiness evidence is fiction.

Can we do an AI readiness assessment internally without an external provider?

Yes, if you have the right skills in-house. The work is structured enough to be done internally given a senior operator who understands the process side, a data lead who can credibly assess data quality, and someone with hands-on AI implementation experience to estimate effort. The blockers are usually time (internal teams cannot dedicate three weeks to assessment work alongside their day jobs) and breadth (internal teams know the current state intimately but often lack reference points for what "good" looks like elsewhere). A hybrid model - external lead, internal team contributing the substance - tends to produce the best output.

What deliverables should we expect from a credible assessment?

Four things: a written assessment report covering current state across the six readiness dimensions, a scored register of candidate use cases with prioritisation rationale, a costed 12-month roadmap with sequenced initiatives, and a separate remediation backlog covering the foundational work that needs doing regardless of which use cases you pursue. A presentation to the executive team is standard. Some providers also include a vendor and tooling recommendation appendix. If you receive a single slide deck and a verbal recommendation, you have been sold something that is not really an assessment.

How does GDPR affect an AI readiness assessment?

UK GDPR obligations shape several dimensions of readiness, particularly for any use case involving personal data. The assessment should identify the lawful basis for processing under each candidate use case, flag where Data Protection Impact Assessments will be required, and assess whether existing data governance can support the transparency and individual rights requirements that automated decision-making triggers. The ICO's published guidance on AI provides a clear baseline. For regulated sectors (financial services, healthcare, legal) additional sector obligations layer on top. Any assessment that treats GDPR as a checkbox at the end rather than a structural input to use-case viability is doing it backwards.

What does a readiness assessment cost for a UK mid-market business?

Fixed-fee assessments from specialist agencies typically range from £8,000 to £25,000 depending on organisational complexity and breadth of use cases. The lower end covers a focused assessment of two or three use cases for a single-entity business with modern technology foundations. The upper end covers multi-business-unit organisations with significant legacy estate or regulatory complexity. Large consultancy pricing for equivalent work is typically £40,000-£150,000. The work itself is not enormously different - the price difference reflects overhead and brand premium rather than depth of analysis.

What happens if the assessment concludes we are not ready for AI?

This is the most valuable possible outcome, and it is uncommon for the answer to be a flat "no" - more often it is "not for these use cases, but here is what you could do instead, and here is the foundational work that would unlock the original use cases in 6-12 months." If the assessment surfaces that data fragmentation, process undocumentation, or governance gaps are blocking the use cases you had in mind, you have saved yourself from spending £100,000+ on a build that would have failed. The remediation work is usually cheaper than the failed build, and the next assessment will be much faster.

Should the same agency that does the assessment also do the build?

There are legitimate arguments both ways. The case for separation: the assessment is more objective if the provider has no commercial interest in the recommended build. The case for combination: an assessment by a team that will actually build the thing is grounded in implementation reality, with cost estimates that hold up and recommendations that can be acted on. Our view is that combination works well when the provider is transparent about pricing on both sides and willing to be challenged on recommendations. Separation works well when the assessment provider has a strong track record of producing implementation-agnostic output and the buyer has the technical confidence to evaluate competing build proposals afterwards.

Where to go from here

If you are at the point of commissioning AI work and want a clear-eyed view of what is viable, what needs fixing first, and what twelve months of execution should actually look like, a structured assessment is the cheapest insurance available against an expensive failure. AI Advisory runs fixed-fee readiness assessments for UK mid-market organisations, producing the four deliverables above and a costed roadmap you can act on without us. Get in touch to discuss scope.

Ready to put this into production? book a discovery call.