FirmAdapt
FirmAdapt
LIVE DEMO
Back to Blog
ai-strategyai-governancemid-marketai-transformation

Who Owns AI in a 200-Person Company?

By Basel IsmailJuly 10, 2026
Who Owns AI in a 200-Person Company?

Ask a 200-person company who owns AI and you'll usually get three answers in the same meeting. The CEO points at the IT director. The IT director says he approves tools but doesn't pick use cases. The COO says she thought marketing was running that pilot. Everyone is partly right, which is another way of saying nobody is accountable.

I've sat through a version of that meeting more times than I can count. I also spent years at American Express, where this problem gets solved with headcount. Big enterprises hire a Chief AI Officer, stand up a center of excellence, and give it a budget and a steering committee. A 15-person shop has the opposite solution. The founder uses ChatGPT, everyone copies the founder, and the blast radius of any mistake stays small.

A 200-person company gets neither option. A credible full-time AI executive is a serious six-figure commitment, hard to justify before you know what the role even owns. Meanwhile the free-for-all stops working somewhere around employee 75, once customer data sits in unsanctioned tools and departments pay for overlapping software. So ownership defaults to nobody, and the default turns out to be expensive.

What the ownership vacuum costs

Usage happens whether or not anyone is in charge of it. The U.S. Chamber of Commerce found that 58% of small businesses now use generative AI, up from 40% in 2024. Inside a mid-market company, that adoption shows up as sprawl. Marketing has a writing tool, sales has an AI prospecting tool, finance pastes vendor contracts into a free chatbot, and each choice is individually reasonable. Collectively you're paying several vendors for overlapping capability, none of it connects to your systems of record, and nobody can answer a basic question like which of these tools can see customer data.

Pilots stall for a related reason. Research from MIT's NANDA initiative found that roughly 95% of enterprise GenAI pilots deliver no measurable P&L impact. In MIT's telling, pilots stalled because tools never integrated into real workflows and nobody defined the outcome before building. Both trace back to a missing person, someone whose job was to say which process we're changing, what done looks like, and who answers for it in 60 days.

The same MIT research found that buying from specialized vendors succeeded about 67% of the time, while internal builds succeeded at roughly a third of that rate. Buy versus build is exactly the kind of call that goes badly when it's made ad hoc, and it's one of the first decisions a real owner takes off the table.

Why the gap is normal, and why it won't stay safe

If none of this is assigned at your company, you're in the majority. Gartner's work on agentic AI puts the share of organizations with a mature governance model for autonomous agents at roughly one in five. Most organizations Gartner talks to are far bigger than 200 people, and even they haven't sorted it out. Nobody should feel embarrassed about lacking an operating model for a technology this young.

The reason to move anyway is that the decision is about to get made for you. Gartner expects 40% of enterprise applications to include task-specific AI agents by the end of 2026, up from under 5% in 2025. The AI is arriving inside software you already own. Your CRM ships an agent that drafts outreach, your accounting platform ships one that codes transactions. Whoever administers each system then becomes an AI decision-maker by default, with no mandate and no guardrails. That's how a mid-market company ends up with a Salesforce admin deciding, alone, how much autonomy a customer-facing agent gets.

Most companies at this size will have de facto AI ownership within a year or two because the software will force it. The choice left is whether the owner gets picked deliberately or by accident.

The four realistic ownership models

Between roughly 100 and 500 employees, I've seen four models hold up, plus plenty of hybrids. Treat them as starting points.

The COO owns it

Accountability sits with the executive who already owns cross-functional process. This is my default for process-heavy businesses, because at this size most AI value is process redesign in disguise. Quoting, AP matching, onboarding, ticket triage, report prep. The person who owns those processes end to end knows which saved hour actually matters and whether a workflow change will survive contact with the team.

The tradeoffs are real. Your COO already has a full-time job, so something else on her plate has to be explicitly deprioritized. Operations leaders also tend to underinvest in plumbing like identity, access, and data hygiene because it never shows up in a process metric, so IT needs a strong consulted role and a hard veto on data access. And if your COO would be doing this out of duty rather than genuine interest, pick a different model, because the first year of the job is mostly persuasion.

IT owns it

The most common default, since AI looks like software and software belongs to IT. IT can evaluate vendors properly, wire up single sign-on, control which systems a tool can reach, and keep contracts out of consumer chatbots.

The failure mode is just as predictable. When IT owns AI alone, the program drifts toward pure risk management. Tool requests queue behind infrastructure work, every use case waits on a review, and within six months the business units quietly go back to personal accounts, where the usage is invisible. IT ownership works when your IT leader thinks in business outcomes and has real standing with department heads. If IT is one overworked sysadmin plus an MSP contract, it should hold the responsible role in the RACI below and no more.

A fractional AI lead

A part-time operator, typically a day or two per week, who owns the roadmap, the vendor calls, and pilot discipline, paired with an internal executive sponsor who owns the politics. The model exists because the full-time hire rarely makes sense at this size and often can't be recruited at all. Fair warning, fractional AI leadership is part of what we do at FirmAdapt, so discount my enthusiasm.

Two failure modes to watch. A fractional lead without a real sponsor has no authority, and the engagement decays into strategy documents nobody executes, so tie the arrangement to shipped workflows. And the context walks out the door when they do, so require a written decision log from day one. Done well, you're renting pattern recognition from someone who has seen ten deployments while you grow that judgment internally.

A small AI council

Three to five people meeting every two to four weeks. A typical composition is the COO or CFO in the chair, the IT lead, and two department heads who rotate yearly. The council owns the use-case queue, the approved-tool list, and the data rules.

Councils earn their keep through buy-in. Department heads who help set priorities don't sabotage them, and the meeting becomes the place where operations learns that finance already solved the document-extraction problem. Committees diffuse accountability, though, and a council that owns AI collectively is a polite way of saying nobody owns it. The fix is structural. The council recommends and coordinates, while one named chair carries accountability, and that chair's name goes on the budget line and in the CEO's monthly review.

A simple RACI for the decisions that matter

Whichever model you pick, it becomes real when you write down who holds which role for a handful of recurring decisions. RACI is old consulting furniture, but it earns its keep here. Responsible does the work, Accountable owns the outcome and is always exactly one person, Consulted gives input before the decision, Informed hears afterward. Here's a starting version, with "AI owner" meaning whoever your chosen model puts in charge.

  • Tool approval. Accountable: the AI owner. Responsible: IT, which runs the security and data review. Consulted: the requesting department head, plus counsel when customer data is involved. Informed: the leadership team. Commit to a ten-business-day turnaround, because slow approvals are how shadow tools happen.
  • Data access. Which systems a tool or agent can read or write. Accountable: the AI owner. Responsible: IT. Consulted: the department head who owns that data. Informed: the CEO. Write access to anything customer-facing gets a second sign-off, and it's fine for that to feel bureaucratic.
  • Use-case prioritization. What gets piloted next quarter. Accountable: the AI owner. Responsible: department heads, who propose candidates with an estimate of hours saved or revenue touched. Consulted: the CFO, who pressure-tests the math. Informed: the whole company, since a visible queue kills the sense that AI decisions happen in a back room.
  • Budget. Accountable: the CFO or CEO. Responsible: the AI owner, who brings one consolidated number instead of a dozen departmental line items. Consulted: department heads. Informed: leadership.
  • Kill or scale. Every pilot gets a decision date 60 to 90 days out, set upfront. Accountable: the AI owner. Responsible: the pilot's business owner. Consulted: the people actually using it. Informed: everyone. This one row fixes the zombie-pilot problem, which is the most common mid-market AI pathology I see.

Notice the accountable column. The same name appears in almost every row, and that's the test of whether you've actually chosen an operating model. If you can't write one name in that column, the decision hasn't been made yet.

How to choose between them

Four questions get you most of the way there.

  1. Where is the value concentrated? If most of the realistic opportunity sits in operational workflows, typical for distributors, logistics firms, and business services, give it to the COO. If it's scattered evenly across functions, a council fits better.
  2. Is your IT leader a builder or a gatekeeper? Be honest. A builder can carry accountability. A gatekeeper should hold the responsible role and nothing more.
  3. Does anyone internal have both credibility and curiosity? Credibility without curiosity produces a compliance program. Curiosity without credibility produces a lab nobody listens to. If nobody has both, go fractional while you develop someone.
  4. How much unsanctioned usage already exists? If the answer is a lot, and the survey will surprise you, start with a council to bring existing users into the tent, then consolidate accountability after a couple of quarters.

Hybrids are normal and usually correct. A pattern I like at around 200 people is COO accountability, IT responsibility for anything touching data, a fractional advisor for the first two or three quarters, and a lightweight monthly council so department heads stay bought in. Written down that sounds heavy, but in practice it's one accountable name, one recurring meeting, and one page of rules.

A worked example

Say you're a 220-person specialty distributor and quoting is the bottleneck everyone complains about. Sales reps wait a day or more for complex quotes because two estimators check every line against supplier price files.

Under the model above, the VP of Sales proposes the use case with a number attached, maybe 30 estimator hours a week plus faster closes on time-sensitive deals. The CFO knocks the close-rate claim down to something defensible. The AI owner, the COO in this setup, ranks it against two other candidates and picks it, choosing the vendor tool that already integrates with the ERP over a custom build, in line with MIT's buy-over-build finding. IT scopes the pilot to read-only access on price files. Ninety days later the kill-or-scale review happens on schedule, with usage data instead of anecdotes. If it worked, it scales with write access and a second sign-off. If it didn't, it dies cleanly and the estimators hear why.

Nothing in that sequence is technically impressive, which is sort of the point. Every step is an ordinary management decision made by a specific, accountable person.

What to do Monday morning

You can stand up a workable version of this in two weeks without hiring anyone.

  • Run an amnesty inventory. Ask every department what AI tools they use, personal accounts included, with a no-punishment guarantee. You'll find more than you expect, and the list doubles as a map of where the appetite lives.
  • Name an interim owner for 90 days. Imperfect is fine. The interim label lowers the stakes enough for people to accept it, and 90 days of real decisions will tell you which permanent model fits.
  • Adapt the RACI above, put real names in it, and publish it internally on one page. Publishing matters more than polish, because the document's job is to end the "I thought you were handling that" meetings.
  • Pick two pilots at most, each with a named business owner, a number attached, and a kill-or-scale date on the calendar before any work starts.
  • Put a 30-minute monthly review on the CEO's calendar. Ownership that never gets reviewed reverts to nobody within a quarter or two.

Then revisit the arrangement in six months. The right model at 200 employees may be wrong at 320, and written-down ownership is easy to hand to the next person. This quarter the job is smaller. Put one name next to the word AI, give that person the five decision rows above, and let the structure stay boring while the tools keep changing.

Ready to uncover operational inefficiencies and learn how to fix them with AI?
Try FirmAdapt free with 3 analysis credits. No credit card required.
Get Started Free
Who Owns AI in a 200-Person Company? | FirmAdapt | FirmAdapt