01Assign business, technical, security, compliance, reviewer, vendor, support, and expansion owners for AI decisions.
02Define employee AI rules, approved tools, public-tool limits, sensitive-data handling, review duties, and shadow AI reporting.
03Track AI ideas, employee tools, workflow candidates, owners, data categories, risk tier, expected value, and status.
04Maintain model, agent, vendor, version, data access, evaluation, monitoring, incident, change, and retirement records.
05Review affected people, decisions, records, data sensitivity, fairness, reversibility, and business consequences before approval.
06Score workflow risk, data access, tool permissions, approval rules, vendor controls, fallback paths, and launch readiness.
07Define which outputs, actions, customers, payments, compliance claims, and permanent records require reviewer approval.
08Review subprocessors, support access, data use, model training terms, retention, incident support, and procurement status.
09Log prompts, source records, tool calls, outputs, reviewer decisions, blocked actions, incidents, and changed records.
10Review quality, exceptions, approvals, tool calls, costs, adoption, incidents, ROI, and risk register status before expansion.