Map the AI your company does not officially control.

The Shadow AI Audit defines a leak as data, cost, quality, ownership, or vendor control leaving the operating frame without being visible to leadership.

The work is not another scorecard. It turns AI spend, usage, or risk into a decision leadership can act on: what should stop, what should be fixed, what deserves more budget, and what must stay controlled before it expands.

This page is for leaders, finance, operations, IT, and business teams that already have visible AI activity but not enough evidence to decide. The common symptom is not lack of AI; it is too much activity without ownership, full cost, or a shared quality threshold.

It is useful before renewals, when several teams buy similar tools, when pilots stay in permanent demo mode, or when nobody can say whether AI truly improves the workflow that matters.

We use the Four Leaks of AI ROI: spend, adoption, leaks, and role drift. Every signal is tied to cost, owner, risk, and decision. This structure avoids confusing enthusiasm, usage, and measurable return.

The framework also forces a simple discipline: an AI use case needs scope, a pre-AI baseline, a quality threshold, a value measure, and a review date. Without those five elements, the company funds a story instead of an operating asset.

Deliverables are designed to be used in decision meetings, not merely read. They separate available evidence, reasonable assumptions, risks to reduce, and measurements to install. Every item should support a concrete decision.

• Shadow AI inventory by team and data class
• Leak risk map for data, cost, vendor, and output quality
• Policy gaps and safe usage paths
• Priority controls for sensitive workflows
• Executive action plan with quick wins and governance backlog

Heatmap of exposed data, unmanaged tools, and unowned workflows.

Control backlog with owner, effort, impact, and urgency.

The report avoids broad abstract recommendations. It shows the workflows involved, the evidence behind each conclusion, confidence limits, and the next expected decision. A good Harmondale report should make the next meeting shorter.

10-18 working days

The first phase gathers inventory, cost, past decisions, and field examples. The second qualifies priority workflows, checks assumptions with owners, and separates spend, quality, risk, and adoption issues. The end converts analysis into a decision backlog.

€7k-€20k depending on sensitivity and departments covered

Budget depends mainly on the number of teams, quality of available traces, data sensitivity, and expected analysis depth. A short scope can be enough when the decision is urgent; a broader scope is justified when several budgets or departments are involved.

Objections are normal because the audit touches budgets, team habits, and sometimes tools people genuinely like. The role of the audit is to make decisions defensible, not to turn AI into a search for blame.

• The audit does not shame teams for using AI; it turns hidden work into manageable work.
• It starts with practical exposure, not legal panic.
• It separates low-risk experimentation from sensitive workflows that need controls.