Your AI policy is not the control
If you run compliance, risk, legal, or IT inside a regulated firm, your AI policy is probably calmer than your actual firm.
The document says people use approved tools. The daily habit says they use whatever helps them finish the work before 6 pm.
That gap is where shadow AI lives.
Most firms try to solve this by tightening the PDF. They add a paragraph about confidential data. They add a warning about ChatGPT. They run one training session and hope the behavior follows.
It doesn't.
The policy is not the control
A policy is a statement of intent.
A control is the thing you can prove after everyone forgets the meeting.
This distinction matters because AI use doesn't look like a neat software rollout. It starts as a shortcut. Someone asks a browser extension to summarize a client PDF. Someone drops meeting notes into a free tool. Someone asks a chatbot to rewrite an email because the internal assistant is slower or harder to reach.
None of this starts with malice. It starts with friction.
That is why the first real job is not punishment. The first real job is a census.
A shadow AI census is not a witch hunt. It is a map of what people actually use, where data moves, which teams touch regulated information, and which workflows need to be pulled into a safer path.
You cannot govern the AI you only imagine.
The census starts with behavior
The wrong way to run this is to ask, "Which AI tools have we approved?"
That gives you the official list. You already have that list. It is probably sitting in a policy folder, a vendor register, or a spreadsheet with green and red cells.
The better question is, "Where is AI already helping work get done?"
That question changes the posture. It moves the conversation from rules to evidence. Official guidance is moving in the same direction. Hong Kong's Privacy Commissioner does not frame AI governance as a single policy line. The model framework points toward governance structure, procurement review, risk assessment, human oversight, training, monitoring, and internal reporting. In plain English: show the operating system, not just the rule.
You are not looking for the fanciest model. You are looking for the daily path. The tool used by the analyst on a deadline. The extension installed by the marketing team. The PDF helper used by legal because it saves twenty minutes. The meeting bot someone invited because no one wants to write notes.
Those are the real control surfaces.
Policy layerEvidence layerApproved toolsNetwork and browser logsAcceptable use PDFActual use cases by teamTraining recordApproval trail for risky workflowsVendor listData retention and model training termsRisk registerOwner, reviewer, and last decision
When you look at the table that way, the PDF stops being the center of the system.
The source of truth becomes the evidence trail.
Build the map before the audit builds it for you
I would run the first pass with four plain inputs. When I map this, I start with the shortcuts people actually use, not the sanctioned list. The first useful finding is often the tiny tool nobody thought counted as AI.
Pull the network view: Look for recurring AI domains, browser extensions, PDF tools, meeting assistants, and copywriting tools.
Check the money trail: Review expense claims, card charges, and team-level SaaS spend for tools that never reached procurement.
Ask without blame: Run a short internal survey that asks what people use, what task it helps with, and what data they put in.
Sort by data exposure: Separate public drafting from customer data, internal financials, legal material, and regulated records.
Give people a better path: Move useful workflows into approved tools instead of pretending the shortcut will disappear.
The fifth step is the one most teams skip.
If the safer path is slower, staff will route around it. That is not a culture problem. It is a design problem.
You do not need to make every AI tool approved. You need to know which workflows exist, which ones matter, which ones carry data risk, and which ones deserve a governed internal alternative.
The emotional mistake is treating shadow AI like disobedience.
The operational truth is simpler: your people are telling you where the firm has friction.
That friction is useful. It shows you what to build, what to block, what to train, and what to review with legal before the examiner asks for the same trail.
The hard part is earning the truth
The first census usually fails when staff think the exercise is a trap.
If the message sounds like, "Tell us what you did wrong," people will protect themselves. They will mention the approved tools and keep the useful shortcuts quiet.
That does not make them dishonest. It makes them human.
The better frame is, "Show us where the approved path is too slow."
That one sentence changes the whole exercise. It tells people the firm is not trying to shame them for wanting better tools. It is trying to find the workflows where speed, data risk, and governance are colliding.
You will learn things the policy never told you.
The legal team may be using a PDF helper because contract review is too slow. The client team may be cleaning notes with a consumer tool because the CRM is painful. The finance team may be asking a model to rewrite board commentary because the internal template is too stiff.
Each one is a signal.
Some signals need a block. Some need a safer vendor. Some need a governed internal tool. Some only need training and a clear data rule.
The mistake is treating every discovery as the same level of risk.
A public blog draft and a customer complaint file do not belong in the same bucket. A policy that treats them the same will either be ignored or will slow the business down so much that staff build a private workaround.
That is why the census needs three outputs: the tool, the workflow, and the data class.
Without all three, you have a list. With all three, you have a map.
Sources behind this note
PCPD AI Model Personal Data Protection Framework, 11 June 2024: https://www.pcpd.org.hk/english/news_events/media_statements/press_20240611.html
PCPD AI compliance checks, 2025: https://www.pcpd.org.hk/english/resources_centre/publications/files/AI_ComplianceChecks.pdf
HKMA and HKIMR report release on generative AI in financial services, 9 April 2025: https://www.hkma.gov.hk/eng/news-and-media/press-releases/2025/04/20250409-3/
When you're ready
If one AI incident would force your team to rebuild the story from Slack messages, browser history, and scattered approvals, the census is overdue.
Reply with one sentence:
The AI tool your staff use that is not on the approved list.
The trigger you are seeing now: staff tools, vendor AI, regulator pressure, board questions, or customer-data exposure.
If the trigger is live, book 15 minutes and bring one department, one AI tool concern, or one vendor question. We will map the first risk surface together.
https://cal.com/dhruv-jain-vqeuqv/30min?user=dhruv-jain-vqeuqv