SME AI Readiness Assessment — Design for Singapore Context
Suraj came in with a draft framework for an SME AI Readiness Assessment (5 dimensions, 25 questions, archetype-based scoring) sourced from another AI conversation. Research Team validated it against real Singapore regulation and the actual competitive landscape before finalizing. Short version: the draft’s structure was sound, but two things needed grounding — the Compliance & Governance questions were generic, and nobody had checked whether this already exists in the market. It does. That changes the design.
What already exists
Pertama Partners’ “AI Readiness Audit” is not a quiz — it’s a paid consulting engagement. SGD $15K–35K for sub-100-employee companies, gated entirely behind a contact form. 2-4 weeks, stakeholder interviews, ~8 dimensions, deliverable includes a gap analysis, ROI-estimated opportunity map, phased roadmap, and a 90-minute executive briefing. Zero self-serve, zero top-of-funnel value — the entire funnel is “book a call.”
Everyone else in the market (Sopra Steria, Fountain City, EIT AI Community, CIGen, Scalefocus) runs free self-serve quizzes — 6-10 questions, numeric score, dashboard/spider chart output. Dimensional sets converge almost identically across all of them: Strategy, Data, Technology, Culture, Governance, sometimes Operating Model or Expertise as a 6th.
Critically: none of them use archetype or persona-based output. Every single one gives a number and a chart, not a named type like “Digital Explorer.” That’s real, unclaimed white space — not something Meiree would be copying by using it.
The actual gap to fill
Two markets exist side by side and don’t talk to each other: Pertama’s paid/high-touch/zero-funnel-value audit, and the free-but-generic/non-Singapore-specific self-serve quizzes. Nobody occupies the middle: a free, Singapore-SME-specific, archetype-based quiz that bakes in real PSG/grant-eligibility signals and PDPA/AI Verify governance checks — the exact value Pertama charges $15K+ for, given away as a lead magnet, with the paid consulting engagement as the upsell.
Grounding the Compliance & Governance dimension (the part that was generic)
The original draft’s governance questions (“do you have an AI usage policy?”) were platitudes. Real Singapore instruments to ground them in instead:
- IMDA’s Model AI Governance Framework — voluntary, 11 principles (transparency, explainability, safety, security, fairness, data governance, accountability, human oversight, etc.), with a 2026 Agentic AI annex. Associated toolkit: AI Verify (IMDA + PDPC) — heavier than an SME needs directly, but the right thing to reference/align to.
- PDPA obligations specifically — PDPC’s March 2024 Advisory Guidelines on AI require fresh, specific consent when data collected for one purpose (e.g. a CRM) gets repurposed to feed/train an AI tool. Section 26 Transfer Limitation governs data leaving Singapore — relevant to nearly every SME using a cloud-based AI vendor, satisfied via consent, contractual clauses, or certifications like CBPR.
- IMDA’s own “Digital Health Check” (under CTOaaS/SMEs Go Digital, 400K+ users in 2024) already covers broad digital readiness — this is a real existing government tool, but it doesn’t go deep on AI-specific governance. That’s exactly where Meiree’s tool should differentiate: depth on compliance, not breadth on digital maturity generally.
- ECI (Enterprise Compute Initiative) has explicit, checkable readiness criteria (tech team ≥2, prior AI PoC experience, accessible datasets, ≥10 SG headcount, CEO sponsorship) — a natural bridge for SMEs that score high enough to consider scaling into a grant application.
Design decisions
- Keep the free self-serve quiz format — but don’t treat “it’s free” as the differentiator, since that’s already the market norm. The differentiator is the archetype output plus the Singapore-specific depth.
- Keep the 5-dimension core (Data, Process, Tech, People, Compliance) — validated as aligned with what the market already converges on.
- Don’t add a 6th scored dimension for Strategic & Financial Alignment. Instead, ask 2 unscored context questions before showing results (“what’s your primary goal?”, “do you have dedicated budget/time this year?”) — these personalize the recommended next step without muddying the readiness score itself.
- Ground every Compliance & Governance question in a citable Singapore instrument, not generic AI-ethics language — see the 25 questions below.
- Funnel structure: free quiz → archetype + one concrete next step → paid audit/consulting upsell. This directly undercuts Pertama’s sales-call-only gate while monetizing the same backend service they do.
The 25 questions
Each question scored 1-5 (least to most ready). Max score 125, converted to a percentage for the archetype band.
Data Readiness
- Centralization: (1) Paper, notebooks, verbal communication (2) Data exists but locked in individual siloed spreadsheets (3) Cloud tools (Xero, HubSpot) that don’t talk to each other, manual copy-paste (4) Central database or automated pipelines connecting main tools (5) Single source of truth with automated validation and real-time dashboards.
- Freshness: How often is your core operational data updated? (1) Rarely/ad hoc (3) Monthly (4) Daily (5) Real-time/live.
- Variety: Do you have unstructured data (customer emails, call recordings, support tickets) alongside structured data (ERP numbers), or only the latter?
- Quality confidence: If you handed your data to someone today, how much manual cleanup would they need before trusting it?
- Ownership/access: Can you actually export your own data from your current tools, or is it locked in a vendor with no clean export path?
Process Maturity
- Documentation: Are your core workflows mapped out in writing, or do they live in employees’ heads?
- Standardization/variance: If three different employees handle the same task (e.g. an invoice), do they do it three different ways?
- Exception rate: How often does the process require manual human intervention to fix errors or edge cases?
- Repeatable volume: Is there enough repetitive volume in this process to make automation worth the setup cost?
- Change capacity: Has your team successfully adopted a new tool or process change in the last 12 months?
Tech Infrastructure
- Cloud vs. desktop: Are your core tools cloud-based with open APIs, or isolated desktop applications?
- Integration: Can your systems (CRM, accounting, ops) exchange data automatically, or is everything manual copy-paste?
- Vendor AI ecosystem: Are your existing software vendors (CRM, accounting tool) already embedding AI features you could just switch on?
- IT support capacity: Do you have in-house IT, a reliable vendor, or nobody responsible for tech issues?
- Security basics: Do you have MFA, regular backups, and access control in place across core systems?
People & Culture
- Psychological safety: Do employees generally see automation as a tool that helps them, or a threat to their job?
- Prompt literacy: Is your team comfortable using tools like ChatGPT or Claude for everyday tasks already?
- Internal champion: Is there someone specific driving AI adoption internally, or is it nobody’s job?
- Leadership sponsorship: Is a senior leader (ideally the owner/CEO) personally driving this, not just delegating it?
- Upskilling plan: Do you have any training or upskilling plan in place for AI tools, even informal?
Compliance & Governance
- AI usage policy: Do you have clear, written rules on what data employees can and cannot paste into public AI tools?
- Data mapping for AI: Have you identified which datasets feeding your AI tools contain personal data, and mapped where that data is processed and stored (relevant to PDPA’s Section 26 transfer limitation obligation)?
- Consent for repurposed data: If data was originally collected for another purpose (e.g. a CRM), have you obtained fresh, specific consent before using it to train or feed an AI tool, per PDPC’s 2024 AI Advisory Guidelines?
- Vendor data agreements: Does your contract with your AI vendor include a data processing agreement or equivalent clause meeting PDPA’s comparable-protection standard for any data processed overseas?
- Client/regulatory constraints: Do your client contracts or industry regulations place any restrictions on third-party automated data processing that you’d need to check before deploying AI?
Unscored context questions (asked separately, personalize the output, don’t affect the score)
- What’s the primary goal driving your interest in AI? (Reducing operational costs / increasing sales output / freeing up staff from mundane tasks / creating new offerings)
- Do you have dedicated budget or time allocated for testing/implementing new tools this year?
Archetype output (refined from the original draft)
| Score | Archetype | Reality | Immediate next step |
|---|---|---|---|
| 0–20% | The Digital Explorer | Operating traditionally; AI now would cause chaos, not clarity | Move core operations off paper/siloed Excel into basic cloud tools first |
| 21–50% | The Siloed Operator | Data and tech exist but fragmented, nothing talks to anything | Connect systems with simple integrations (Zapier, native APIs) before touching AI |
| 51–80% | The AI-Ready Automator | Standardized processes, solid tech base, ready for a real pilot | Pick one high-volume, low-risk task (FAQs, email drafting) and pilot it |
| 81–100% | The Intelligent Enterprise | Clean pipelines, strong governance, genuinely ready to scale | Explore fine-tuning on internal data or agentic workflows; consider ECI-style scaling |
Related
- meiree
- pertama-partners
- imda
- trends
- 2026-07-02-sme-ai-readiness — source for 5 content pieces (X, Newsletter, Blog, TikTok)