Buyer's question

How to Audit Your Current AI Usage Find out what's actually happening before adding more.

Before any company adds AI tools, they should audit what's already in use. The shadow IT problem is real — half your team is probably using Claude or ChatGPT through personal accounts, and you have no idea what data has been pasted into them. Here's the audit workflow.

Short answer

A 4-step audit: (1) survey the team about what they use, (2) check expense reports for unrecognized AI subscriptions, (3) review browser activity if your IT has the data, (4) interview 5-10 power users to learn what's actually working. Produces a clear picture in a week.

Why this matters

The single most predictable surprise in any AI rollout: a substantial fraction of your team is already using AI tools. Personal Pro subscriptions. Free tools. Browser extensions. Often with customer data pasted in.

Without an audit, you build policy and rollout on a fiction ("we don't use AI yet"). With an audit, you build on what's actually happening.

The 4-step audit

Step 1: Team survey

Send a no-blame survey. "We want to know what AI tools are already being used here. There is no penalty for answering honestly; this helps us provision the right tools for the team." Ask: which tools, which workflows, what's working, what's not.

Step 2: Expense report scan

Pull last 6 months of expense reports. Search for: Claude, ChatGPT, OpenAI, Anthropic, Copilot, Jasper, Notion AI, Perplexity, Otter, Fathom, Granola. Personal reimbursed subscriptions are a strong signal.

Step 3: Browser / network activity (if available)

If your IT has device management with browsing data, look at AI tool usage patterns. Not surveillance — pattern visibility. How much usage, what tools, by whom.

Step 4: Power user interviews

Identify 5-10 of the heaviest AI users from steps 1-3. Sit with them for 30 minutes each. Learn what's actually working in their workflow. This is the most valuable input to your rollout strategy.

What the audit produces

Tool inventory: which tools, how many users, paid vs free, business-tier vs personal.
Data risk map: which workflows have been touching customer/financial/PHI data through free tools — high priority to migrate to enterprise tiers.
Adoption hotspots: functions or people who are way ahead. These are your future workflow owners.
Adoption gaps: functions where AI could help but isn't being used. Targets for the rollout.
Working patterns: what your team has discovered works. Cheaper than reinventing.

Common findings

Personal Pro subscriptions outnumber enterprise seats 3:1.
Sales reps using ChatGPT for follow-up emails with customer context pasted in.
Marketing using Claude for content drafting through personal accounts.
Engineering using GitHub Copilot through personal accounts.
Operations using meeting transcription tools without clear data handling.

None of this is malicious. All of it is fixable. The audit just makes it visible.

FAQ

Will the team be defensive about a usage audit?

Frame it as no-blame and as preparation for properly provisioning the team. Most people are happy to share when they don't fear punishment.

How long does the audit take?

About a week. Survey results in 3-5 days; expense scan in a day; interviews in 2-3 days.

Who should run the audit?

The AI lead, ideally with IT or HR support depending on company structure. Not a one-person job.

What if we find policy violations during the audit?

Treat the first audit as amnesty. Establish policy going forward. Punishing past behavior kills future transparency.

Do we need to do this before starting any AI rollout?

Strongly recommended. Without the audit, you're building on assumptions.