⟪ With Intent.

Building structure that makes AI adoption trustworthy, not just possible

Designing the governance and information architecture a private equity firm needed before AI tools could be deployed responsibly.

Context

A private equity firm was preparing to adopt Microsoft Copilot across its organization.

The firm managed sensitive deal information, portfolio company data, and investor materials across an environment that had grown organically over time. People knew where their own work lived. They were far less certain about who else could see it, how AI tools would interpret the structure of the tenant, or what would happen when a model began surfacing content based on relevance rather than permission.

Before Copilot could be introduced in any meaningful way, the organization needed to understand what it was working with. Where information lived. Who had access to what. And whether the underlying architecture could support responsible AI use.

It could not. Not yet.

The Tension

The desire to move quickly was understandable. AI tools were generating visible value across the industry. Peers were moving. Leadership was ready.

But deploying Copilot into an environment where sensitive deal materials sat in broadly shared libraries, where access boundaries were informal, and where document organization reflected historical habit rather than deliberate design, would create risk before it created value.

The tension was not between innovation and caution.

It was between speed and readiness.

The Misalignment

There was an implicit assumption that governance was a configuration problem. A set of permissions to adjust, a few settings to change, and the environment would be ready.

In practice, it was a design problem.

Governance decisions required understanding how the firm actually worked. How deals moved through stages. How portfolio company relationships were structured. How information needed to be accessible to some people and protected from others, sometimes simultaneously.

What the technology could support was not in question. But it needed to be told how the organization functioned before it could function well within it.

The structure of the environment reflected how people had always worked, not how they needed the work to be understood by something that would traverse it at scale.

How I Approached It

I started with the firm's existing deal lifecycle and document patterns before touching any settings.

The goal was to understand the real categories of sensitivity in the environment: not what felt sensitive in the abstract, but what the organization had a genuine need to protect and from whom. This led to a classification framework built around four tiers, ranging from broadly accessible operational content to highly restricted deal materials. A fifth designation served as a control mechanism, flagging documents that AI tools should treat as entirely off-limits regardless of the user's role.

The information architecture followed the classification logic rather than preceding it. Deal library structures were designed to reflect how the firm actually organized its work, with folder hierarchies generated directly from deal data to reduce manual maintenance and ensure consistency across the portfolio.

Access groups were defined around roles in the deal process rather than job titles. That distinction mattered. It meant access decisions could survive organizational change without requiring continuous manual recalibration.

A pilot approach was built into the design from the start. Rather than rolling out governance decisions across the full organization at once, the framework was designed to be tested at smaller scale, validated against real use, and extended only when the foundations proved stable.

What Shifted

As the governance framework took shape, conversations about Copilot changed.

They moved from questions about what the tool could do to questions about what the organization was ready for. That shift was productive. It surfaced decisions that needed to be made regardless of any AI rollout: who owned what content, how long deal materials should be retained, what happened to information when a deal closed.

The classification system created shared vocabulary where informal judgment had existed before. People who had previously made intuitive calls about sensitivity could now name what they were doing and apply it consistently across the organization.

The restricted designation gave leadership a precise control mechanism. Rather than a binary choice between allowing Copilot access or restricting it entirely, they had a way to protect specific materials while enabling the tool across the rest of the environment.

Readiness became something the organization could measure rather than assume.

Why It Mattered

Private equity environments carry a specific kind of information risk. The same organization manages relationships with investors, active deals, portfolio companies, and sensitive financial materials, often simultaneously and often with meaningful overlap between teams.

AI tools that surface information indiscriminately in that environment are not just unhelpful. They create exposure.

The governance work here was not about limiting what AI could do. It was about ensuring that what AI did was trustworthy. That when the tool surfaced a document, the person receiving it could be confident it was appropriate for them to see.

That confidence is what makes adoption durable. Not the features, not the speed. The sense that the system has been designed with care, and that the people using it can trust what it gives them.

When the foundations are right, the technology can do what it promises.

Published:
April 27, 2026
Context:
Foundations
Filed under:
Information Architecture
Change Enablement
AI Governance
Next
Previous

A note on authorship

The thinking here is mine. I use AI to help organize and refine my notes into a clearer written form, but the observations, perspective, and responsibility remain my own.

Reproduction

Quoting with attribution and a link back is welcome. Reproducing, republishing, scraping, or repackaging this work in full without permission is not.

The gap between "I posted it" and "the system knows it" is getting expensive
The MVP made sense for startups. It doesn't always translate.
Performance gets worse before it gets better.
Most organizations don't have a growth problem. They have a readiness problem.
Building structure that makes AI adoption trustworthy, not just possible
Building the shared language an organization needed before any new technology could take hold
Reducing complexity without oversimplifying the work
Designing for scale, constraint, and the realities of frontline work
Enterprise organizational design in a high-stakes consulting environment
Email Joshua ChristensenVisit Joshua Christensen's LinkedIn Page