Executive summary
- The organization is currently utilizing AI across multiple operational areas, including bid preparation and estimating, project management, and subcontractor communications. Based on structured evaluation, the organization is operating with a high level of AI-related risk exposure. AI usage is occurring in the following areas:
- Bid preparation, cost estimating, and proposal development
- Project scheduling and field operations management
- Subcontractor and vendor communications
- Safety documentation and incident reporting support
- AI usage appears distributed across estimating, project management, and field supervision, driven by individual adoption without centralized oversight or defined ownership
- At present, there is no formal governance framework, usage policy, or oversight mechanism governing AI usage. This creates exposure related to:
- Uncontrolled handling of competitively sensitive bid data, subcontractor pricing, and project financials within AI systems
- AI influence over estimating, scheduling, and safety-adjacent documentation without defined review or approval standards
AI usage overview
AI is currently being used within the organization in the following functional areas:
- Primary Use Cases
- Bid preparation, cost estimating, and proposal drafting, Embedded
- Project scheduling, progress tracking, and field coordination, Embedded
- Subcontractor and vendor communications, Moderate to Embedded
- Safety documentation and incident reporting support, Moderate
- General Observations
- Usage appears decentralized and ungoverned, driven by individual project managers and estimators
- AI is being used for cost-sensitive estimating, scheduling decisions, and external communications
- Leadership visibility into AI usage is absent at the organizational level
- AI tools in use include general-purpose consumer platforms without enterprise data controls
- Adoption is expanding organically across active projects without defined boundaries or review requirements
Key risk exposures
- Uncontrolled Bid and Estimating Data Exposure. Competitively sensitive bid figures, subcontractor pricing, material costs, and project margin data are likely being entered into AI tools without data handling restrictions. Exposure of this information, whether through model training, data logging, or platform access controls, could compromise competitive positioning and client contractual obligations.
- AI Influence on Cost, Schedule, and Safety-Adjacent Decisions AI is being used to support estimating, scheduling, and documentation functions that directly influence project outcomes, subcontractor relationships, and potentially OSHA-regulated documentation. These outputs are being produced and used without standardized review protocols or defined accountability.
- Absence of Any AI Governance or Policy Layer There are no documented AI usage policies, approved tool lists, data handling standards, or escalation paths governing AI activity across the organization. This represents a complete governance gap, leaving the organization without the foundational controls required to manage AI-related risk.
- Subcontractor and Employee Data Handled Without Controls Subcontractor contact information, labor rates, licensing data, and potentially employee records may be processed through AI tools without restriction. This creates exposure related to contractual confidentiality obligations and applicable privacy standards.
- Expanding Operational Dependence Without Corresponding Oversight AI is becoming embedded in core project workflows, estimating, scheduling, and field coordination, increasing reliance on AI-generated outputs without mechanisms to validate accuracy, assign accountability, or enforce consistent usage standards across projects.
Immediate priority actions
- The following actions are recommended to reduce immediate exposure:
- Establish organizational visibility into which AI tools are in use and across which functions
- Restrict entry of bid data, subcontractor pricing, project financials, and employee information into AI tools until data handling standards are defined
- Require review of AI-assisted outputs used in client-facing proposals, subcontractor agreements, or safety documentation
- Define initial expectations for acceptable AI use aligned to existing project controls and contractual obligations
- Identify a designated owner responsible for AI usage oversight across active projects
Note: These actions are intended to reduce immediate exposure and do not constitute a complete governance solution. This document reflects an assessment of governance-layer exposure and does not constitute legal advice. Organizations with regulatory, privacy, or enforcement obligations should consult qualified legal counsel.
Recommended next step
- Assurance Assessment Required Rationale The organization is operating with elevated risk across all five scoring categories, with governance and policy gaps scoring at near-maximum. AI is actively embedded in estimating and project management functions, workflows with direct revenue, contractual, and safety implications, without any defined controls, ownership, or review standards. This level of exposure requires a structured assessment before usage can be responsibly maintained or expanded. A structured Assurance Assessment will:
- Provide a formal evaluation of AI-related risk and material exposure across estimating, project management, and field operations
- Define required governance controls based on confirmed usage patterns and the organization’s operational and contractual environment
- Establish a clear path to implementing a controlled AI usage framework aligned to construction industry obligations
Closing
This Diagnostic provides an initial view into AI usage and associated risk exposure. It is designed to establish visibility and support decision-making regarding next steps. Further evaluation is required to define appropriate governance structures and controls aligned to the organization’s operational and regulatory environment.
Fellowship Intelligence is an AI governance and control-layer advisory firm. The AI Risk Diagnostic is the first stage in a structured engagement pathway: it establishes an initial view of AI usage, identifies risk exposure, and determines whether a formal assessment is warranted. The Assurance Assessment evaluates that exposure in depth and produces a defined governance framework aligned to the organization’s operational environment; Implementation installs it, the policy layer, workflow controls, ownership structure, and oversight mechanisms required to operate AI with accountability and consistency. Continuity provides the ongoing monitoring, auditing, and governance maintenance required to sustain that framework as AI usage evolves.