What Is the Agent Opportunity Score (AOS)?

Every SMB founder we meet has a version of the same dilemma. A finance lead points at invoice processing. A sales director argues that proposal generation matters more. Customer service wants ticket triage gone yesterday. Three confident opinions, no shared measure. The next quarter's AI budget is going to fund whichever voice was loudest in the room — not whichever process actually returns the most for the least risk.

The Agent Opportunity Score (AOS) is what we built to replace that argument with a number.

What is the Agent Opportunity Score?

The Agent Opportunity Score is a 0–100 composite score that easyAI assigns to every applicable process in an audit. It combines three independent dimensions — ROI potential, agent suitability and implementation risk — into a single comparable number. The output is a ranked list of AI agent opportunities, with the top three surfaced as the audit's named recommendations and the remainder plotted on an opportunity map.

It is the output of a structured methodology, not an analyst opinion. Every dimensional score is computed from an explicit input vector taken from the buyer's wizard answers, not from a consultant's intuition; every final AOS is shown together with its inputs in the Executive Report, so a board member or auditor can see exactly which inputs produced it. The methodology is inspired by ISO/IEC 42001 [1] and the NIST AI Risk Management Framework [2]. Methodology lead: Daniela Piskackova.

Why does an SMB need a single comparable AI opportunity score?

Most AI prioritisation work in mid-market firms collapses into one of two failure modes: the loudest-voice trap or the vendor-tour trap. The loudest-voice trap funds whichever department head argued hardest at the last leadership meeting. The vendor-tour trap funds whichever AI product the founder last saw demoed. Both produce the same outcome — capital deployed against the wrong process, sometimes for years, before the post-mortem catches up.

A composite score solves a narrow but important problem: it turns "should we automate ticket triage or proposal generation first?" from a preference into a measurable comparison. Two processes with very different risk profiles, ROI shapes and integration footprints become directly rankable because the methodology has already normalised the trade-offs against the same 0–100 scale.

The frame matters because it constrains the conversation. The AOS is not a verdict on which AI tool to buy; it is a verdict on which problem to solve first. Buyers who confuse the two end up with deeply integrated AI in a process that was the wrong target. We explore the deeper decision discipline behind that distinction in our 50 questions before AI implementation cornerstone — the AOS is the quantitative spine; that piece is the qualitative one.

What are the three dimensions of the AOS?

The AOS factors a process into three independent dimensions and scores each from buyer-supplied data. We stop at the conceptual layer here; the per-dimension input vectors are documented inside the Executive Report for each audit so the inputs behind every dimensional score are visible to the reader.

ROI potential — what does it measure?

ROI potential captures the financial upside of letting an AI agent take part of a process over: cost savings from labour redeployed elsewhere, throughput gains from faster cycle times, and revenue uplift where the process is a direct or indirect revenue line. The dimension is computed from the buyer's own numbers — team size, fully-loaded hourly rate, process volume, frequency, current cycle time. We do not benchmark against industry averages where the buyer can supply real figures; benchmark fallbacks are reserved for cases where input data is sparse, and they are flagged in the report when they are used.

Agent suitability — what does it measure?

Agent suitability captures how cleanly an AI agent can take part of the process over. The signals include input determinism (does the process consume structured or fuzzy inputs?), output verifiability (can the agent's work be checked without a human re-running the task from scratch?), escalation paths (does the workflow already have a defined human-in-the-loop checkpoint, or does one need to be designed in?), and the regulatory context that constrains how much autonomy an agent can hold. A high-suitability process is one where the agent's actions are observable, reversible, and bounded by an explicit oversight protocol — which is the design pattern the NIST AI RMF "Manage" function describes [2].

Implementation risk — what does it measure?

Implementation risk captures the technical, operational and regulatory factors that raise the cost or failure probability of deployment. Technical risk includes integration debt with the existing IT stack; operational risk includes change-management load on the team that runs the process today; regulatory risk includes EU AI Act exposure where the process touches Annex III categories such as employment screening or creditworthiness [3] and UK GDPR exposure where personal data flows through the pipeline [6]. Higher risk does not disqualify a process — it shifts when and how the process should be implemented.

How are the three dimensions combined into a single score?

The three dimensional scores reconcile into a single 0–100 AOS. The principle is straightforward: ROI is rewarded, implementation risk is penalised, and agent suitability acts as a gate. A process with strong ROI but poor suitability — say, a workflow where the agent's outputs cannot be reliably verified — will not surface as a top candidate even when the financial case looks attractive in isolation. A process with mid-range ROI but exceptional suitability and low risk may outrank a higher-savings process that is structurally harder to deploy. The composite is a sequencing signal, not a verdict on absolute value.

The exact weighting and combination math sit inside the kernel methodology and are out of scope for this article. What matters at the buyer level is the directional reading: higher AOS means the process is, on the methodology's terms, a stronger AI agent candidate today; lower AOS means the methodology would stage the process later or not at all in the current planning horizon.

How are processes ranked, and how are the top 3 chosen?

Every applicable process from a library of 40+ standardised SMB process types — across finance, customer service, HR, sales, operations, IT support and others — is scored. The full list is then ranked by combined AOS. The top three surface as the audit's named opportunities with full process deep-dives, 90-day implementation plans, and tech-stack recommendations carrying two to three alternatives per process. The remainder is plotted on the opportunity map (impact vs effort), so nothing is discarded; it is staged for the next planning cycle.

Ranking is by combined score. The cut-off at the top-3 boundary is operational, not editorial: the audit's deliverable surface (Executive Report and Implementation Brief) is built around three deep-dives because that is what a 50-500 person SMB can realistically absorb in a single quarter. A larger team with surplus implementation capacity can take more candidates from the opportunity map; the score remains a portable signal regardless of how many opportunities the buyer chooses to act on.

What does a real AOS profile look like?

The clearest way to read the score is through a worked example. The Pennine Wholesale Solutions Ltd profile is a UK wholesale-distribution composite we publish as our public sample (illustrative, not a real customer). The three top-ranked processes in that audit carry the following AOS values:

• Email & Ticket Triage Automation (Customer Service) — AOS 76 / 100. Top-ranked. The process has high suitability (structured inbound, clear escalation paths), strong ROI from labour redeployed off triage and into account work, and moderate implementation risk.
• Proposal & Quotation Generation Automation (Sales) — AOS 68 / 100. Mid-ranked. Comparable ROI to triage but a higher implementation-risk profile, mostly from integration debt with the existing CRM and pricing engine. Still a strong candidate, with sequencing implications.
• Lead Capture & Qualification Automation (Sales) — AOS 63 / 100. Third-ranked. Lower absolute ROI than the other two, but a clean suitability profile and low integration friction make it the natural follow-on once the higher-ranked processes are in flight.

Read the scores as a sequencing signal. The gap between 76 and 63 does not say "63 is bad." It says: triage first, proposal second, lead capture third — across the 90-day roadmap. All three are strong candidates on the methodology's terms; the AOS tells the buyer the order, and the dimensional sub-scores explain why that order makes sense.

How should an SMB buyer interpret an AOS number?

The composite is a sequencing signal; the three sub-scores explain the why. A high AOS with elevated implementation risk reads as "valuable but stage it carefully" — the methodology has already absorbed the risk in the combined number, but the buyer needs to understand the sequencing implication when planning the next quarter. A mid AOS with high suitability and low risk reads as "quick win" — the process may not produce the biggest savings line in the report, but it is the one that returns capital fastest with the least change-management load.

Two readings to avoid. First: treating the AOS as a verdict on the technology to buy. The score is about which process to solve, not which vendor to pick. Second: treating a higher-scoring process as automatically the right starting point for every SMB. A 70+ AOS in a process that runs against a fragile legacy integration may be a worse first-quarter project than a 60-something AOS in a clean process where the team is ready to absorb the change. The score is a recommendation; the buyer still owns the calendar. The broader question of how those sequencing calls fit into a multi-quarter plan is handled in our AI strategy framework for SMBs cornerstone.

How does the AOS relate to ISO 42001 and NIST AI RMF?

The AOS is inspired by ISO/IEC 42001 [1] — the international standard for AI management systems, covering governance, risk identification, internal audit and lifecycle controls — and the NIST AI Risk Management Framework [2], which organises AI risk handling around four functions: Govern, Map, Measure and Manage [4]. The two frameworks shape how the methodology treats agent suitability (which mirrors the Map and Measure functions) and implementation risk (which inherits NIST's Govern-and-Manage discipline and the ISO 42001 lifecycle posture). The OECD AI Principles, revised May 2024 [5], provide the cross-jurisdictional baseline both frameworks reference.

What the AOS is not: a certification. easyAI is not a certification body. Our methodology draws on principles from ISO 42001 and NIST AI RMF; we do not provide formal certification or conformity audits. An AOS profile is not a substitute for an ISO 42001 management-system audit or for any deployer-side conformity work the EU AI Act may require [3]. The deeper governance picture — what UK and EU SMBs actually owe under the regulatory stack — is covered in our AI governance from day one cornerstone, which sits alongside the AOS as the qualitative companion to this quantitative framework.

How does the AOS hold up to scrutiny?

Two design choices make the AOS auditable rather than mystical. The first is that each dimension is computed from an explicit input vector — the buyer's own wizard answers — and the input vector is shown in the Executive Report next to the dimensional score it produced. A third party reading the report can trace every score back to the inputs that drove it. There is no analyst slider hidden in a methodology black box.

The second is the quality-gate layer the audit runs before release. The methodology cross-validates recommendations across the top-three processes: are the proposed tech stacks complementary or contradictory? Is the autonomy level recommended for each agent realistic given the company's AI maturity? Are savings estimates internally consistent with the hour-reduction figures they reference? More than two dozen automated quality checks run against the draft deliverables, covering completeness, evidence and coherence. Where input data is sparse, a documented fallback methodology takes over and is flagged in the report so the reader knows which numbers are buyer-driven and which lean on benchmarks.

The point of all of this is defensibility. An AOS of 76 in the Pennine profile is not "our analyst liked this process best." It is a number a board member can interrogate, an IT lead can plan against, and a regulator-facing function can document. That is the bar we are designing toward.

Who designed and stands behind the AOS?

The methodology lead for the AOS framework is Daniela Piskackova, Co-founder and AI Audit Lead at easyAI. She designed the scoring framework and calibrates it as the methodology evolves with the regulatory landscape and our audit caseload. The audit-as-a-service market is full of products where senior partners write the methodology and the deliverables are templated downstream; we deliberately built the opposite shape, which is why the methodology behind every audit is anchored to an identifiable senior lead rather than left as an anonymous black box.

The full team and methodology context is on the /en/about#daniela page. The pricing for the audit deliverables — Executive Report, Implementation Brief, and the optional structured JSON export of the underlying scoring data — sits on /en/pricing. The live methodology summary, with the ISO 42001 and NIST AI RMF references kept up to date, is on the homepage at /en/#methodology.