Skip to content
TruthVouch Docs

Board-Ready Governance Reports

TruthVouch automatically generates board-ready reports demonstrating your AI governance posture in minutes. Reports prove to auditors, regulators, and investors that you control AI risk.

Board-ready governance reports and compliance dashboards

Report Types

Executive Governance Summary (1-2 pages)

High-level overview for board meetings:

Includes:

  • AI Governance Status: Enabled/Disabled by department
  • Policies Deployed: Count and status
  • Violations Blocked: Number this month
  • Key Controls: PII masking, content safety, audit trail
  • Compliance Coverage: % of AI systems governed

Example:

AI GOVERNANCE REPORT | Q1 2024


Status: ACTIVE
Policies: 12 deployed (all approved)
Systems Covered: 47/50 (94%)


This Month:
- 2,847 LLM calls processed
- 23 policy violations blocked
- 0 security incidents
- 100% audit trail integrity


Key Controls:
✓ PII Masking: Enabled
✓ Content Safety: Enabled (94%+ accuracy)
✓ Injection Detection: Enabled
✓ Hash-Chained Audit: Enabled
✓ Policy Versioning: 100% tracked


Compliance: SOC 2 Type II, ISO 42001, EU AI Act compliant

Detailed Governance Report (5-10 pages)

For compliance teams and auditors:

Includes:

  • Policy inventory and audit trail
  • Violation trends and analysis
  • Per-department governance status
  • Control effectiveness metrics
  • Audit log samples
  • Recommendations

Full Technical Report (15-20 pages)

For auditors and regulators:

Includes:

  • Everything in Detailed, plus:
  • All policy versions and change history
  • Complete audit trail (queryable format)
  • Cryptographic proof of audit integrity
  • Control mapping to frameworks (SOC 2, ISO 42001, NIST AI RMF)
  • Evidence of policy testing

Compliance Framework Mapping

Reports automatically map controls to frameworks:

SOC 2 Type II Mapping

CC6.1: Logical and Physical Access Controls
→ TruthVouch Controls:
  ✓ API key management
  ✓ Role-based access (policy editors vs. viewers)
  ✓ Audit log access restrictions


CC6.2: Prior to issuing system credentials
→ TruthVouch Controls:
  ✓ MFA for account login
  ✓ API key rotation policy
  ✓ Slack notifications on API key usage


CC7.2: System Monitoring
→ TruthVouch Controls:
  ✓ Hash-chained audit trail
  ✓ Real-time policy violation alerts
  ✓ Unauthorized access detection

ISO 42001 Mapping

4.3 Risk Management
→ TruthVouch Controls:
  ✓ Identifies AI risks via policy violations
  ✓ Mitigates risks with governance policies
  ✓ Logs all risk-related decisions


4.4 Governance Monitoring
→ TruthVouch Controls:
  ✓ Monitors all LLM usage
  ✓ Enforces governance policies
  ✓ Audit trail for compliance


7.5 Data Protection
→ TruthVouch Controls:
  ✓ PII detection and masking
  ✓ Prevents unauthorized data exposure
  ✓ Audit log shows data handling

EU AI Act Mapping

Article 8: Risk Management
→ TruthVouch Controls:
  ✓ Identifies high-risk AI usage
  ✓ Mitigation via governance policies
  ✓ Continuous monitoring


Article 9: Transparency
→ TruthVouch Controls:
  ✓ Audit trail documents every AI use
  ✓ Policy documentation
  ✓ Violation reports


Article 73: Incident Reporting
→ TruthVouch Controls:
  ✓ Critical violations logged
  ✓ Export for regulatory notification
  ✓ Timestamped proof

Generating Reports

Navigate to AI Governance → Reports → Generate.

Configure:

  • Report Type: Executive, Detailed, or Full Technical
  • Time Period: This month, quarter, year, or custom range
  • Framework: SOC 2, ISO 42001, EU AI Act, NIST AI RMF, or All
  • Format: PDF, HTML, or JSON

Click Generate (takes 30-60 seconds).

Report Sections

Policy Inventory

Lists all policies with status and history:

Policy: Block PII in Prompts
Status: Active (Deployed: 2024-01-15)
Versions: 3 (current version 1.2)
Last Updated: 2024-03-10
Approvals: Security ✓, Engineering ✓, CTO ✓


Policy: Model Whitelist
Status: Active (Deployed: 2024-02-01)
Versions: 1
Last Updated: No changes
Approvals: Security ✓, CTO ✓

Violation Analysis

Trends and patterns in policy violations:

VIOLATIONS THIS MONTH: 87 total


By Policy:
- PII Detection: 45 violations (52%)
- Content Safety: 28 violations (32%)
- Model Whitelist: 10 violations (11%)
- Rate Limit: 4 violations (5%)


By Department:
- Engineering: 50 violations (57%)
- Marketing: 25 violations (29%)
- Sales: 12 violations (14%)


By Type:
- Blocked: 82 (94%)
- Warned: 5 (6%)


Trend: ↓ Down 12% from last month

Control Effectiveness

Metrics proving your controls work:

CONTROL EFFECTIVENESS


PII Masking:
- Attempted PII exposure: 45
- Successfully blocked: 45
- False positives: 0
- Effectiveness: 100%


Content Safety:
- Harmful content detected: 28
- Correctly classified: 26
- False positives: 2
- Accuracy: 93%


Audit Trail:
- Requests logged: 2,847
- Hash verification passed: 2,847
- Tamper attempts: 0
- Integrity: 100%

Audit Log Samples

Representative entries from your audit trail:

Sample 1 (Allowed):
Timestamp: 2024-03-15 09:45:23 UTC
User: john@company.com
Model: gpt-4
Prompt: "What's 2+2?"
Policies: PII ✓, Safety ✓, Model ✓
Decision: ALLOWED
Latency: 42ms


Sample 2 (Blocked):
Timestamp: 2024-03-15 10:12:07 UTC
User: jane@company.com
Model: claude-3
Prompt: "My SSN is 123-45-6789, help with tax returns"
Policies: PII ✗ (violation detected)
Decision: BLOCKED
Reason: "Prompt contains SSN"
Latency: 28ms

Recommendations

Suggested improvements:

RECOMMENDATIONS


1. Deploy PII Masking to Production (Priority: HIGH)
   Current: Only in development
   Impact: Prevent data exposure to LLMs
   Effort: 1 day
   → Will reduce PII violations by ~70%


2. Add Rate Limiting Policy (Priority: MEDIUM)
   Current: Only content safety
   Impact: Prevent token overflow attacks
   Effort: 2 hours
   → Protect from cost overruns


3. Enable Sentinel Agent (Priority: MEDIUM)
   Current: Only application LLMs covered
   Impact: Also govern employee ChatGPT/Copilot usage
   Effort: 1 week rollout
   → Coverage of 100% of AI tools

Scheduled Reports

Configure automatic delivery:

Weekly Executive Summary:
- Every Monday 9:00 AM
- Recipients: CEO, COO, CAIO
- Format: PDF email + Slack


Monthly Detailed Report:
- First business day of month
- Recipients: Compliance, Security, Engineering leads
- Format: PDF + dashboard link


Quarterly Full Technical:
- Quarter end + 5 days
- Recipients: Auditors, compliance team, CTO
- Format: PDF + queryable JSON

Sharing with Auditors

From any report:

  1. Create audit-ready export: JSON format with cryptographic signatures
  2. Generate audit package: Includes all policies, audit trail, evidence
  3. Create read-only link: Share with auditors without giving dashboard access

Auditor Experience:

Auditor clicks link → Read-only view of:
✓ All policies deployed
✓ Complete audit trail
✓ Control evidence
✓ Cryptographic signatures proving integrity
→ Can't modify anything
→ Can download for their records

Compliance Evidence

Reports provide evidence for auditors across frameworks:

ControlEvidenceStatus
SOC 2 CC6.1API key management policy✓ Documented
SOC 2 CC7.2Monitoring policies✓ Active
ISO 42001 4.3Risk identification logs✓ 2,847 entries this month
EU AI Act 8Risk mitigation decisions✓ 87 violations blocked
EU AI Act 9Transparency audit trail✓ 100% logged

Export Formats

PDF

Professional formatting for printing/sharing:

  • Logo and branding
  • Charts and graphs
  • Compliance framework labels
  • Signature page for sign-off

HTML

Interactive report for dashboard viewing:

  • Click to expand/collapse sections
  • Search within report
  • Print-friendly CSS

JSON

Programmatic access for auditors:

{
  "report_type": "governance",
  "period": "2024-01-01 to 2024-03-31",
  "policies": [
    {
      "name": "Block PII",
      "status": "active",
      "violations": 45,
      "effectiveness": 1.0
    }
  ],
  "audit_trail": [
    {
      "timestamp": "2024-03-15T09:45:23Z",
      "model": "gpt-4",
      "decision": "allowed",
      "hash": "sha256:abc123..."
    }
  ]
}

Integration with GRC Tools

Export reports to:

  • ServiceNow: ITSM and risk management
  • Jira: Track compliance tasks
  • Salesforce: Risk/compliance module
  • Custom webhook: Any compliance platform

Common Report Use Cases

Board Meeting (Monthly)

  1. Generate Executive Summary
  2. Highlight violations blocked this month
  3. Show control effectiveness %
  4. Reference compliance framework mapping
  5. Share 1-page summary with board

Audit (Quarterly/Annual)

  1. Generate Full Technical Report
  2. Provide auditor access link
  3. Include policy change history
  4. Provide audit trail JSON
  5. Document any remediation

Certification (Annual)

  1. Generate reports for SOC 2, ISO 42001, etc.
  2. Map to specific control requirements
  3. Provide as audit evidence
  4. Share with certification team

Investor Due Diligence

  1. Generate Executive Summary
  2. Highlight “100% of AI systems governed”
  3. Show “Zero AI-related security incidents”
  4. Reference compliance frameworks

Next Steps