What to do while you wait for access

Your playbook access will be ready within a few hours. In the meantime, this primer gives you a head start — the core questions your organization needs to answer, and the framework your playbook will help you act on.

What's inside your playbook

AI governance committee setup guide

AI tool inventory & use case tracker

Integration assessment

Tool inventory & retention survey

Meeting template: implementation & learning

Walkthrough videos for each module

The core problem this solves

Knowing what AI you have is only the start

Most organizations can name a few AI tools. The harder questions are what those tools are actually doing — what data they're accessing, what decisions they're informing, and what happens when something goes wrong.

An AI tool used for scheduling carries different risk than one generating investment memos, summarizing due diligence, or flagging portfolio company anomalies. Without visibility into use cases and data flows, you can't assess exposure — and you can't answer the questions your board, LPs, or regulators are increasingly asking.

The playbook builds the infrastructure to close that gap: a structured inventory of what's in use and how, a governance committee with real accountability, and a reporting cadence that holds up under scrutiny.

Start here — five questions to answer before your first governance meeting

1. What is AI actually being used for across your organization?

Not just which tools exist — what decisions are they informing? Where is AI-generated output being acted on without a human review step? The risk profile of a tool depends almost entirely on its use case, not its name.

2. What data is passing through your AI tools?

Client information, financial records, personnel data, deal terms — sensitive data flowing through AI tools requires a different level of scrutiny. Do you know what each tool has access to? Do you know how those vendors store, process, or train on it?

3. Where is AI influencing decisions — and is that visible to decision-makers?

AI-assisted analysis, automated scoring, flagging systems — these shape outcomes whether or not they're labeled as AI. If a recommendation or summary was AI-generated, does the person acting on it know that? Do they know the limitations of the model that produced it?

4. Who owns AI risk in your organization today?

If there's no clear answer, accountability sits nowhere. Someone needs the mandate to make decisions, enforce policy, and report to leadership. Without that, governance exists on paper at best.

5. What would be hardest to explain to your board, an LP, or a regulator today?

This is the most useful question in any early governance conversation. The answer tells you where your real exposure is — not the theoretical risks, but the ones you'd struggle to defend in a room with someone asking hard questions.

A practical first step

Run a quick AI use case sweep before your playbook access arrives

Ask each team lead three questions and log the answers in a simple spreadsheet:

What AI tools is your team using? Include embedded features in tools you already use — Salesforce, Notion, Microsoft 365, etc.
What are you using them for, specifically? "Drafting client communications" is more useful than "productivity." The use case is what determines the risk level.
What data is involved, and does any output inform a decision? Flag anything where AI-generated content is being acted on — even informally.

This sweep doesn't need to be perfect. It gives you a starting point for the AI Tool Inventory module in your playbook, and it surfaces the informal use — and informal influence — that's usually the highest-risk.

Why this matters to your LPs and board: Investors and regulators are increasingly asking about AI governance as part of due diligence and portfolio oversight — not just whether AI is in use, but how it's being used, what it's touching, and who's accountable. Having a documented process is a meaningful signal of operational maturity. The playbook gives you that infrastructure.