IT work is ticketed, logged, and runbook-shaped — the most natural place for AI to act, and often the largest single ROI in the program. Get IT right and every other function inherits the guardrails.
Weeks 1–2 · Every Program
Before a single skill ships to finance or legal, six layers go in — live within the first two weeks.
Installed bottom-up, weeks one and two.
Week One
The 90-Day IT Playbook
Every phase ends with something live or something measured — and week twelve ends with a decision.
Weeks 1–2
Weeks 3–4
Weeks 5–8
Weeks 9–12
Week 12
Model Routing & Spend
Which models run where, at what cost, is written policy plus telemetry — not a memo asking people to be careful.
All requests
Executive & high-stakes — board materials, deal analysis.
Daily knowledge work — drafting, summarizing, analysis.
Transactional volume — classification, routing, tier-1 deflection.
“Marketing tripled premium usage — flagged, explained, resolved.” Anomalies arrive as sentences, not spreadsheet rows.
Thresholds per function, alerts to the owner, escalation on breach. Set once, enforced automatically.
The Outcome
Worked Example
An e-commerce site, overnight, no one at a desk — the first four minutes with the triage agent on shift.
Incident summary — draft
Severity: P1 · customer-facing ·Scope: order confirmations, all regions
Probable cause: upstream payment-provider timeout
Runbook: PAY-07 — fail over to secondary processor, replay queued orders
“We’re aware of an issue affecting order confirmations and are actively resolving it. No action is needed on your part…”
Before
to acknowledge an overnight incident
After
triaged, summarized, and in a human’s hands
The engineer wakes to a correlated cause, a drafted summary, and a customer response in three languages. The decision is still theirs.
The Incident Loop
Every incident runs the same loop — and the runbook gets smarter each pass.
…and back to detect.
The Skill Catalog
Eight named, callable workflows — chosen from where the ticket data says the hours go.
Classifies, correlates, auto-routes above a confidence threshold — first response drafted before a human opens the ticket.
One flow across identity, tickets, HR — including the post-M&A account sprawl nobody has a map of.
Identity export in, per-manager certifications out, reconciled in real time. Two weeks becomes two days.
Rationale, impact, rollback — written at the moment of change, not reconstructed at audit time.
Tribal knowledge becomes living documents the whole team can run.
Answers in any office language, escalates cleanly. 30–60% of tier-1 volume never reaches the queue.
Ticket volume, incident trends, SLA posture — writes itself instead of eating a Friday afternoon.
Catches the silent ERP sync failure before finance does.
Vendor & Operating Discipline
One lifecycle for every AI tool — say yes quickly, no defensibly, and keep it proven in production.
Vet
SOC 2, data residency, model-training opt-out — in writing.
Sandbox
Defined data boundaries before any wide rollout.
Approve
A real procurement path — exit plan decided at signing.
Monitor
Scheduled spot checks; vendor model changes logged with an approver.
Re-validate
What held for eight users gets re-proven at eight hundred.
Fallback
Critical paths get a manual fallback and a second vendor.
The Point
The Guardrail Playbook
Six sections, named owners, a review cadence — a playbook your team runs after we leave.
Internal · Controlled Document
AI Guardrail Playbook — v1.0
Which tier runs where, and who can change it.
Which tools may connect to what — explicitly, by name.
What never leaves the company, by classification.
The caps, the alerts, and who gets them.
Who’s paged when a prompt leaks data or an output goes wrong.
A playbook nobody revisits expires.
Worked Example
A new hire joins — and the same flow runs in reverse on exit day, which is the one that matters for security.
Before
Six tickets, six queues, each with its own SLA — something always missed.
After
One skill call — plan generated, tickets opened, completion tracked, day-one access proven.
The Post-M&A Estate
For serial acquirers, this is the workstream that pays for the whole program.
The provisioning plan spans both estates. Acquired employees work on day one, not week three.
A living map of who has access to what, across every system the deal brought in.
The silent sync failure between acquired ERP and parent CRM — caught before finance sees it.
Every credential revoked, every access documented — one report for the deal team.
The IT Dashboard
The board we review at week twelve — a stalled number is visible the week it stalls.
MTTA trend
Deflection by category
Access-review cycle time
was 14 days · auditor-ready export attached
Weekly actives per skill
Integration health
degradation narrated & ticketed 08:12
Model spend by function
anomaly explained — resolved, cap adjusted
The Bottom Line
The Proof Behind the Playbook
Engagement
Enterprise mobile approvals shipped in four weeks — the #1 RFP blocker eliminated.
Engagement
94% reduction in manual procurement touchpoints; 87% of exceptions resolved without a human.
The Foundation
Built into every band from day one — not bolted on after.
The Rest of the Spectrum
Ready to move
Start with one function. We’ll show you the process inventory, the skills we’d ship, and the number we’d be accountable to.
Talk to LightCI