Lakeshore Compliance Partners

Blog · May 15, 2026

How to Build an AI Inventory for Employment Decisions

The AI inventory is the foundation of every HB 3773 compliance file. Get it right and the rest of the build (notices, policy, vendor diligence) is straightforward. Get it wrong — or skip it — and every downstream artifact is built on sand.

Here's the methodology we use in every Compliance Engagement, in enough detail that an HR team could run a first pass internally.

What a complete inventory looks like

A defensible AI inventory has six columns for every entry:

  1. Tool name and vendor
  2. AI feature(s) in use (matching, ranking, scoring, generative summary, predictive)
  3. Employment decision touched (hiring, promotion, discipline, scheduling, etc.)
  4. Population affected (applicants, candidates, employees; volume per year)
  5. Notice status (deployed, drafted, missing)
  6. Risk rating (high / medium / low) and rationale

The four-layer interview structure

Don't try to discover AI by asking "what AI do we use?" — you'll get an underestimate. Instead, work through four discovery layers:

Layer 1: The HR-tech stack itself

ATS, HRIS, payroll, performance management, learning management, time and attendance, workforce management. Every system in the stack. Pull the vendor list from procurement or IT. For each, list the specific AI features available and which are enabled.

Layer 2: Sourcing and recruiting tools

LinkedIn Recruiter, Indeed Hiring Platform, ZipRecruiter sourcing features, Hireflix or similar interview tooling, AI-assisted email tools used by recruiters, sourcing extensions and Chrome plugins. This is a category that often lives outside HR's full visibility.

Layer 3: Informal generative-AI use

ChatGPT, Microsoft Copilot, Google Gemini, Claude, internal LLM deployments. Ask specifically: "Does anyone on the HR team or among hiring managers paste résumés, interview notes, candidate emails, or employee data into a chatbot to summarize, score, or rank?" The honest answer is usually yes for at least one workflow.

Layer 4: Functional adjacencies

Background-check vendors, drug-test platforms, reference-check automation, employee-monitoring tools (productivity, attention, etc.), shift-bidding platforms. Anything that touches an employment decision, even tangentially.

How to risk-rate each entry

We use a simple three-axis rating:

  • Decision impact: does the AI's output influence a hiring, promotion, or termination decision? (high impact = high risk)
  • Population scale: how many people does it touch per year? (more = higher)
  • Documentation gap: how complete is your current notice/policy/vendor diligence for this tool? (less complete = higher)

High on all three axes → fix first. High on impact, low on population → fix soon but not first. Low on all three → document and monitor.

Common discovery findings

What an honest first-pass inventory typically surfaces:

  • ATS matching features that were enabled by default at some point and never turned off
  • Video-interview scoring features the company didn't know were running
  • Generative-AI use among 1–3 individuals on the HR team that's never been formalized
  • Sourcing extensions or AI plug-ins used by hiring managers outside HR's view
  • Vendor-side AI inside workforce-management or scheduling tools

None of those are unusual. All of them need to be on the inventory.

About the template

We provide our full structured inventory template (with the risk-rating worksheet, sample entries, and the four-layer interview script) to every Compliance Engagement client. It's a working artifact, not a downloadable PDF — it gets configured to your specific stack during the engagement. If you'd like to walk through the structure before committing, book a 20-minute Risk Review and we'll show you how it works on your real environment.

Why this is the right place to start

You can't write defensible notices without knowing what tools they cover. You can't adopt a credible policy without naming the systems it governs. You can't claim vendor diligence on tools you haven't catalogued. The inventory is upstream of every other artifact in the file. Skip it and every downstream step is brittle.

For the deeper take on why "no complete inventory" is the most common compliance gap, see The 4 Most Common HB 3773 Compliance Gaps. For the legal framework the inventory supports, see our plain-English pillar guide.

Want to know where your real HB 3773 exposure sits?

Book a 20-minute Risk Review. We'll walk through your AI footprint and whether you need a full engagement or just a few targeted fixes. No pressure, no obligation.

Book a 20-Minute HB 3773 Risk Review

Lakeshore is a compliance consultancy, not a law firm. This article is general information and not legal advice.