Sample output

Sample Current-State Review

A realistic example of the executive snapshot, AI register, risk picture, policy gaps, and action plan produced by a Usage Register review.

This is an example of the Current-State Review a client receives after discovery.

Book a discovery call How it works

Executive snapshot

High-level summary for the review period — example organisation, 27 staff, 5 departments.

AI tools identified

across 5 departments

Use cases captured

from survey responses

High-risk use cases

require immediate review

Pending actions

across 30 and 90 day plan

71%

Survey response rate

19 of 27 invited

Review gaps found

human review missing or unclear

Priority findings

The most important issues identified in this review, ranked by risk and urgency.

01High

Client data in personal AI accounts

Sales and Management are using personal ChatGPT and Claude accounts with customer email content and board notes. Data may be processed under personal terms, not business terms.

02High

Call summary tool — no account confirmation

The AI tool summarising customer calls has no confirmed account type or data processing terms on record. Use should be paused until account type and terms are confirmed.

03Medium

No approved tools list for staff

Staff are selecting AI tools without a reference list. Without a published approved and restricted tools list, self-selection will continue to introduce risk.

AI usage picture by department

Tools identified per team and highest risk level found in that department.

SalesHigh

3 tools identified

Personal ChatGPT used with client email content

OperationsLow

2 tools identified

Business-provided tools only, low data sensitivity

Customer ServiceHigh

2 tools identified

Call summary AI — account type unknown

MarketingLow

2 tools identified

Approved candidates identified

ManagementMedium

1 tool identified

Free account used for board notes and summaries

Data exposure summary

Categories of data found to be involved in AI use cases, with the highest exposure level flagged.

Customer contact detailsHigh

Client call notes and summariesHigh

Internal business documentsMedium

Proposal and contract draftsMedium

Campaign creative contentLow

General internal textLow

AI Register snapshot

A subset of the AI tool and use-case register. In the platform, each row links to full use-case and risk detail.

AI Tool	Department	Use Case	Account Type	Risk	Status
C ChatGPT	Sales	Drafting customer replies	Personal/free	Medium	Restrict pending review
M Microsoft Copilot	Operations	Summarising internal documents	Business-provided	Low	Approved candidate
A Call summary AI	Customer Service	Summarising customer calls	Unknown	High	Review required
C Canva AI	Marketing	Creating campaign visuals	Business-provided	Low	Approved candidate
C Claude	Management	Summarising board notes	Personal/free	Medium	Review required
H HubSpot AI	Marketing	Drafting campaign emails	Business-provided	Low	Approved candidate

Review and policy gaps

Issues identified during the review that need to be addressed. Classified by severity.

HighNo human review rule for client-facing AI output

Three use cases produce output that may go directly to customers without a documented review step.

HighPersonal accounts used for work or client inputs

Two departments are using personal or free-tier accounts with work or client-related content.

HighUnknown account type for call summary tool

The call summary AI used by Customer Service has no confirmed account type or data processing terms on record.

MediumNo approved tools list published to staff

Staff are selecting tools without a reference list of approved, restricted, or prohibited tools.

Current-state summary

This example organisation has active AI use across Sales, Operations, Customer Service, Marketing, and Management. Survey response rate was 71 per cent, giving a reasonable picture of current usage.

Most usage is low to medium risk, but two departments have significant gaps. Customer Service is using a call summary tool with an unknown account type and no data processing confirmation. Sales is using personal ChatGPT accounts with customer email content.

The immediate priority is to restrict client data in personal accounts, confirm the call summary AI account type, and add a human review rule for client-facing AI output. A published approved tools list would reduce self-selection risk across the whole team.

Sample action plan

Practical next steps by timeframe, based on the gaps and risk picture above. Immediate actions address the highest-risk findings first.

In a live review, each action is assigned to a named owner with a target date.

Immediate

Confirm approved tools list
Restrict client data in personal accounts
Review call summary AI account and terms
Add human review rule for client-facing output

Next 30 days

Publish AI usage guidance for staff
Confirm human review rules by use case
Assign tool owners and review owners
Update data protection records where needed

Next 90 days

Re-run discovery for new tools or teams
Review and update register records
Update policy and action plan
Prepare stakeholder or client summary

What this sample is and is not

This is an illustrative sample based on a fictional organisation. Actual outputs depend on survey responses, organisation context, team size, and platform records. Usage Register supports AI governance and risk reduction but does not certify legal compliance.

Want to see what your review would look like?

Book a discovery call and we'll talk through your current AI usage, team size, and the right starting point.

Book a discovery call View pricing