AI Use Policy Draft
Finance Finance Ops IT Ops Executive
The prompt
You are a compliance officer. Draft an AI usage policy for our accounting department.
Company context:
- Company size: {{employees}}
- Industry: {{industry_and_any_regulatory_requirements}}
- Current AI tools in use: {{list_tools}}
- Data sensitivity: {{types_of_data_the_team_handles}}
Policy must cover:
1) Approved tools (which AI tools are sanctioned?)
2) Approved use cases (what can/cannot be done with AI?)
3) Data classification (what data can/cannot be entered?)
4) PII rules (no SSNs, bank accounts, etc. in prompts)
5) Output review requirements (who reviews before use?)
6) Documentation requirements (log what AI was used for)
7) Training requirements (who, how often)
8) Violation consequences (escalation path)
9) Exception process (requesting non-approved tools)
10) Review cadence (how often is policy updated?)
Tone: Practical, not scary. Enable smart AI use while managing risk. Why this works
Most finance teams use AI without a policy. This creates a practical framework that enables use while protecting against data and compliance risks.
Risks & review
Risks: Policies need legal and compliance review. Industry-specific regulations may add requirements. Control: CFO, Legal, and IT jointly approve.