AI Governance
Most teams are using more AI tools than leadership knows about. A developer has connected a coding assistant to the company codebase. Someone in marketing is running customer emails through a summarization tool. Finance is using an AI to categorize expenses. None of this was approved because no one thought to ask. An AI tool inventory is how you find out what is actually happening — and it takes one focused afternoon.
Why inventory before policy
Policies written before you know what tools are in use either miss the actual problem or ban things people depend on, which means they ignore the policy. The sequence matters: inventory first, risk assessment second, policy third.
The five columns your inventory needs
Tool name — the specific product, not the category.
Business function — what department uses it and for what purpose.
Data accessed — what information does this tool see? Customer data, employee data, financial data, proprietary processes?
Governance status — documented (covered by policy), undocumented (in use but not covered), or pending review.
Owner — who is responsible for this tool's use within the business?
How to find tools you do not know about
Ask each department to list every tool they use that involves AI, machine learning, or automation. Review your SaaS billing — most AI tools will appear on your credit card statement. Check browser extensions. Check API keys in your codebase. Check your single-sign-on dashboard if you use one. You will almost always find tools you did not know were in use.
What to do with the inventory
Sort by data sensitivity. Tools that touch customer data, financial data, or proprietary information get reviewed first. For each, ask two questions: is this use covered by our vendor agreements, and is there a human reviewing outputs before they affect a customer or a financial decision? Document the answers.
The AI Readiness Workflow guides you through building this inventory systematically and produces a structured document you can share with your team.