Robot drawing architectural designs at desk while surprised and amused architects watch in office studio.

Your AI Intern Just Started. Here’s What Supervision Actually Looks Like Inside a 20-Person Architecture Firm.

June 16, 2026

Your AI Intern Just Started. Here's What Supervision Actually Looks Like Inside a 20-Person Architecture Firm.

The proposal still looks clean.

That's the problem.

Because in most firms, the mistake doesn't show up until it's already in front of a client. And by then, you're not fixing a draft—you're protecting your credibility.

If you run technology or operations in an architecture firm, you already know where this lands. You're the one expected to answer when something feels off. You're the one who gets pulled into the call when a client asks, "Where did this come from?"

The issue isn't AI.

It's that it entered your firm faster than your process did.

What follows is not theory. This is what a controlled version of AI actually looks like in a real 20-person architecture firm.

What This Looks Like in a 20-Person Architecture Firm

Here's how this gets anchored so it doesn't drift.

Ownership (real titles, not vague roles)

  • Director of Technology → owns AI policy and updates
  • Operations Manager → enforces workflow checkpoints (proposals, contracts, reporting)
  • Marketing Manager → owns content accuracy before publication
  • Principal / Partner → approves exceptions for client-facing or compliance-sensitive use

No ambiguity. If something goes wrong, you know exactly who owns it.

Where the checklist actually sits (proposal workflow)

Think of this as the last controlled step before anything becomes client-facing:

  1. Draft created (AI-assisted allowed)
  2. Internal edit (team level)
  3. Verification checklist triggered (required gate)
  4. Proposal finalized and sent

The checklist is not advisory. It is a required step in the approval workflow. If it's skipped, the proposal doesn't go out.

Policy review cadence

  • Monthly: quick check on tool usage and edge cases
  • Quarterly: formal policy update
  • After any incident: immediate review and adjustment

This keeps the policy aligned with how the firm is actually working—not how it looked on paper three months ago.

Failure → Fix Example (What This Actually Looks Like)

Here's the exact difference between uncontrolled and controlled use.

Left: What failed proposal content looks like
"Based on recent market data, 72% of healthcare facilities are adopting X standard, making this approach critical…"

No source. No validation. Sounds right. Completely invented.

Right: What a corrected version looks like after verification
"Recent healthcare facility standards emphasize [specific requirement]. This recommendation aligns with client requirements outlined in [verified source]."

What changed is not the writing. It's the process.

Where the fix happens

The verification checklist step catches it because:

  • Source check fails (no traceable number)
  • Accuracy check fails (no internal alignment)
  • Reviewer sends it back before it becomes client-facing

That one step is the difference between "we didn't catch it" and "it never left the firm."

Tool Boundary Examples (What's Actually Safe vs Not)

This is where most firms stay vague—and where problems start.

Clearly OK

  • Copilot summarizing internal meeting notes in your company-controlled environment
  • AI drafting internal outlines using non-sensitive, high-level prompts
  • Internal report summaries where source data stays inside your system

Clearly NOT OK

  • Uploading client BIM models, drawings, or Revit data into public AI tools
  • Pasting contracts, pricing, or healthcare project details into ChatGPT
  • Using personal AI accounts for client or internal company work

Gray area (where teams get into trouble)
"Anonymized" prompts that aren't actually anonymous

Example:
"Summarize this healthcare remodel contract with sensitive clauses removed"

Even without names, structure and context can still expose client information.

Rule that actually works:
If you wouldn't email it externally, don't paste it into a public AI tool.

Enforcement and Accountability (This Is Where It Gets Real)

Policies that don't change behavior aren't policies. They're suggestions.

Here's what enforcement looks like when it's taken seriously:

  • Every violation is logged (even small ones)
  • First occurrence → coaching + clarification
  • Repeated behavior → escalated to operations leadership
  • High-risk violations (client data exposure) → immediate review + workflow pause
  • All incidents reviewed monthly by the policy owner

The goal is not punishment.

It's visibility.

Because once people know it's being tracked and reviewed, behavior changes quickly.

The Rollout Plan (Week 1-4)

If you say "do this next week," it has to be real.

Here's what that actually looks like:

Week 1: Foundation

  • Write the one-page AI policy
  • Define approved, risky, and unknown tools
  • Assign policy owner

Week 2: Pilot Workflow (Proposals)

  • Insert verification checklist into proposal approval process
  • Train one team on how it works
  • Start using it immediately

Week 3: Expand + Train

  • Roll checklist into marketing and internal reporting
  • Explain tool boundaries to the full team
  • Reinforce "AI drafts, humans approve"

Week 4: Audit + Refine

  • Review first 2-3 weeks of usage
  • Identify where people are bypassing or confused
  • Adjust policy and checklist based on real behavior

You don't need a perfect rollout.

You need a working one.

What Controlled vs Uncontrolled Actually Looks Like

Uncontrolled firm

  • People use whatever tool is fastest
  • Data goes wherever it's convenient
  • Output is trusted because it sounds right
  • Problems show up in client conversations

Controlled firm

  • Tools are defined
  • Data boundaries are clear
  • AI drafts, but never approves
  • Verification happens before anything leaves the firm
  • Ownership is visible

That's the difference between reacting to problems and preventing them.

The External Evaluator Lens (What Clients Actually See)

Clients don't evaluate your AI usage.

They evaluate your consistency.

If one proposal contains a fabricated detail or one contract summary misses something critical, the question becomes:

"What else are they not catching?"

This is especially true in healthcare-related projects where expectations around data handling and accuracy are higher.

You don't get evaluated on intent.

You get evaluated on output reliability.

What to Do Next Week

Start with one workflow.

Not everything.

Pick proposals.

  • Add the verification checklist at the approval step
  • Define what data cannot enter external tools
  • Tell your team: AI can draft, but nothing goes out unreviewed
  • Assign one person to own enforcement

Then watch what breaks.

That's where your real policy gets built.

CTA

Schedule your 10 minute discovery call with 911 IT. We'll walk through your current workflows and show exactly where AI risk is already showing up. This helps you confirm whether this risk applies to your firm — and it only takes 10 minutes.

Schedule your 10-minute discovery call

 

Recent Articles

Man worried about system security and logs as hackers access data while another version of him enjoys a beach weekend.

While You’re Off the Clock, Your Systems Aren’t

 New hire struggles with a vendor payment scam while reminders warn about phishing and security best practices.

The First Week Mistake Nobody Plans For

 Illustration explaining password security issues and the importance of control with access control castle metaphor.

Your Password Problem Isn’t Security. It’s Control