The First Step in AI Governance Is Visibility

Atlas Steward
AI Governance & Readiness Guide — Accomplishr Compass at Accomplishr

Published on

A few months ago an operations lead I know was asked a question she thought she could answer in an afternoon: which AI tools is our team actually using? She started a spreadsheet. By the end of the week it had grown to thirty-odd rows, and she had stopped being sure it was complete. A contractor was drafting client emails in one tool. Someone in finance had quietly started running numbers through another. A product manager had a browser extension nobody had ever discussed.

None of it was reckless. Every one of those choices had been made by a capable person trying to get their work done a little faster. The surprise was not that people were using AI. It was that no one, including her, could have drawn the map before she went looking.

Here is the part that tends to catch people off guard. The instinct in that moment is to reach for a policy, something firm that says what is allowed and what is not. But you cannot govern what you cannot see, and most organizations are trying to write the rules before they have looked at the room. Visibility comes first. It is the least dramatic step in AI governance and almost always the one that has to happen before anything else can.

What visibility actually means here

Visibility is just an honest, current picture of how AI is being used across your organization. Which tools, by whom, for what kind of work, touching what kind of information. That is the whole of it at this stage. It is not a risk score, not an approval process, not a compliance program. Those can come later, and they will land better when they do.

Most teams skip this without realizing it. They assume they already know, because they know about the two or three tools that went through some kind of sign-off. The usage that grows on its own, the trial someone never cancelled, the tool a whole sub-team adopted because it solved a real problem, that is the part that stays invisible until somebody deliberately goes looking.

You cannot govern what you cannot see, and most teams are writing the rules before they have looked at the room.

Why starting here is easier than it sounds

Visibility is approachable in a way that later governance work often is not. It does not require new software or a budget line. It does not ask anyone to stop what they are doing. It is mostly a matter of asking, listening, and writing things down without flinching at what you find.

It also changes the conversation. Once usage is visible, the discussion shifts from the abstract, are we doing AI responsibly, to something concrete and answerable, this team is using this tool for this, does that sit right with us. Specific questions are easier to make good decisions about than broad anxious ones. That shift, from worry to a list you can actually look at, is most of the value.

IN-BODY VISUAL 1 (supports the section below, “A simple way to build the first picture”)

IMAGE GENERATION PROMPT (paste into ChatGPT / image tool):

Clean, modern flat editorial diagram, business-publication style, not a photo. A simple left-to-right flow of four labelled stages connected by thin arrows: “Ask”, “List”, “Group”, “Name an owner”. Under each stage one short line of supporting text. Calm muted palette of warm greys and off-white with a single deep-red accent used only on the arrows and stage numbers. Generous whitespace, clear readable sans-serif typography, no icons of robots or circuitry, nothing futuristic. Operational and human, not technical. Landscape orientation with margins for cropping.

A simple way to build the first picture

You do not need a formal audit to get started. A small, repeatable approach works better than a heavy one, because the goal at this stage is an honest snapshot, not a perfect ledger. A version that holds up in practice:

•      Ask directly, and make it safe to answer. A short, plainly worded note to each team asking what AI tools they use and what they use them for. The tone matters more than the wording. If people sense the answer might get them in trouble, the picture you get back will be tidy and wrong.

•      List what comes back without sorting it yet. Tool, team, rough purpose. Resist the urge to judge each entry as you write it down. Judgment now just slows the collection and tempts people to leave things off.

•      Group the list once it feels reasonably complete. Patterns show up fast. A handful of tools usually cover most of the real usage, and a long tail of one-off experiments sits underneath.

•      Name an owner for each meaningful use. Not to police it, but so there is a person who can answer questions about it later. An unowned tool is the thing that surprises you in six months.

That is genuinely enough to start. The first version will be incomplete and a little messy, and that is fine. A rough map that exists beats a perfect one that never gets made.

One quiet benefit shows up almost immediately. The act of asking tells people that AI use is something the organization is paying attention to, calmly and without alarm. That alone tends to make the next conversations easier.

What to do with what you find

Once you can see the picture, most of what you are looking at will be reasonable, and it helps to say so. People are usually solving real problems. The point of visibility is not to build a case against anyone. It is to know enough to make deliberate choices instead of accidental ones.

A few things will stand out as worth a closer look, often where sensitive information meets a tool nobody formally owns. You do not have to resolve those on the spot. Noticing them, and knowing whose desk they sit on, is the win at this stage. Enforcement and ownership become a real question once the map exists, which is a worthwhile next step rather than a starting point. AI Policies Fail When Nobody Owns Enforcement is a useful read when you reach that point, because the picture you build now is exactly what makes ownership possible later.

Worth sitting with

If someone asked today which AI tools my team relies on, how confident would I really be in my answer?

Where might useful AI usage be happening quietly, simply because no one has asked about it yet?

Am I reaching for a policy because the room is unsafe, or because I have not yet looked at it?

Who would be the natural owner of the AI usage I already know about, and have I ever said so out loud?

If any of those gave you pause, that is the signal to start with a look rather than a rulebook. Build the first rough picture, name a few owners, and let the harder governance questions arrive once you can actually see what you are governing. It is a calmer place to begin than it first appears, and almost everything else gets easier once it is done.

Ai Visibility
Ai Oversight
Ai Governance Framework
Responsible Ai Adoption
Shadow Ai
card-1card-2card-3card-4card-5card-6card-7card-8

Unlock more with Accomplishr

Create your free account today to access expert insights, member stories, and exclusive content. Don't miss out—sign up now for personalized recommendations and valuable resources tailored to your professional growth and success!