AEGIS · Diagnostic
Artifact D.1
Stakeholder Interview Guide
Standardized discovery script for the AEGIS Diagnostic. Produces the primary input dataset for the 6-Layer Gap Assessment and the 90-Day Governance Roadmap.
- Client
- [CLIENT NAME]
- Engagement
- [ENGAGEMENT ID]
- Version
- v1.0
- Issued
- 2026-05-18
Delivered by TechFides under the AEGIS Governance Operating Services engagement. This document is proprietary to the client named above. Redistribution beyond the engagement steering committee requires written consent.
Purpose and Scope
Intent — Orient the interviewer. Establish what this guide does, what it does not do, and how its output feeds the rest of the engagement.
This guide structures 60- to 75-minute executive interviews across the eight stakeholder archetypes whose input is required to produce a defensible AEGIS Diagnostic. The engagement is scoped to complete all interviews within the first ten business days of the Diagnostic.
What this guide produces
- Stakeholder-level transcripts (recorded with consent or consultant notes) that inform the 6-Layer Gap Assessment.
- A decision-rights map showing who currently owns what across AI adoption, risk, and investment.
- A red-flag register of unspoken or under-managed risks surfaced through probing.
- Direct quotes for the Executive Summary deck — used sparingly and always with attribution approval.
What this guide does not do
- Replace the Shadow AI Scan (see Artifact [D.2 link]) — interviews surface self-reported tools; the scan surfaces actual usage.
- Produce the Gap Assessment scores directly — scoring happens in consultant synthesis after all interviews complete.
- Substitute for technical review of identity, logging, or data controls — those belong to the AEGIS Shield module.
Interview Methodology
Intent — Every interview follows the same three-act structure. Deviate only when the stakeholder is time-constrained; in that case, drop Act 3, never Act 2.
Act 1 — Framing (5 minutes)
Open with the engagement framing, not with questions. Confirm recording posture, confidentiality, and that this interview contributes to a steering committee readout — not a public document. Anchor the conversation in business outcomes, never in technology.
"We're here to build a defensible picture of where [client]stands on AI — what's working, what's exposed, and what's next. This isn't a tools audit. We want your view on where AI creates leverage, where it creates risk, and what a governed path forward looks like from your seat."
Act 2 — Structured questions (35 minutes)
Ask every core question from the relevant role block in Section 4. Adapt language, never content. If a stakeholder pivots to a tangent, note it, return to the script.
Act 3 — Probes and quiet space (15 minutes)
Reserve the final third for follow-up probes (Section 5) and deliberate silence. The most important admissions come after the interviewee believes the interview is over — close your notebook on camera, then ask the final probes.
Coverage Matrix
Intent — Confirm that every one of the six AEGIS layers is touched by at least two stakeholder types. Leave no layer underrepresented in the primary interview set.
| Layer | Primary Stakeholder | Secondary Stakeholder |
|---|---|---|
| Governance | CEO | Legal / Compliance |
| Security, Trust & Resilience | CISO | CIO / CTO |
| Intelligence | CIO / CTO | CFO |
| Execution | COO | Business Unit Leader |
| Operations | COO | HR / Workforce Leader |
| Leadership | CEO | CFO |
Role-by-Role Question Sets
Intent — Ask every core question in the relevant role block. Questions are sequenced from strategic to specific; do not reorder.
Chief Executive Officer
Focus — Strategic intent, appetite for AI-driven change, board narrative
- Q1How would you describe the company's AI posture today in one sentence, and how do you want it described in twelve months?
- Q2What board-level questions about AI are you currently unable to answer with confidence?
- Q3What is the worst outcome you are trying to avoid by adopting AI responsibly?
- Q4Which peer or competitor's AI posture concerns you most, and why?
- Q5How much organizational disruption is acceptable to achieve AI leverage in the next two quarters?
Chief Operating Officer
Focus — Operational leverage, workflow redesign, cross-functional orchestration
- Q1Which three workflows, if augmented with AI, would generate the highest operational leverage in the next ninety days?
- Q2Where in the business are AI tools already in use — sanctioned or unsanctioned — and who owns them?
- Q3What decisions today are bottlenecked by data access, approvals, or manual review?
- Q4How do you measure productivity today, and which of those measures would move first if AI adoption succeeded?
- Q5What is the single biggest barrier preventing you from deploying AI across operations right now?
Chief Information Officer / CTO
Focus — Platform inventory, integration posture, technical governance
- Q1What is your current AI tooling inventory, including enterprise licenses, department subscriptions, and individual-paid tools?
- Q2Which AI systems currently touch customer data, employee data, or proprietary code?
- Q3What is your integration posture — are AI tools federated into identity and access management, or standalone?
- Q4Who owns AI tool selection and consolidation today, and what authority do they have?
- Q5What technical debt would a governance operating model expose that you would rather not surface?
Chief Information Security Officer
Focus — Risk posture, data protection, incident response readiness
- Q1How are AI-specific risks currently represented in the enterprise risk register?
- Q2What incident response playbooks exist for AI-driven incidents — data leakage via prompts, hallucinated outputs relied upon, model provider outages?
- Q3Which AI tools are currently permitted to process regulated data categories (PHI, PII, PCI, privileged material)?
- Q4What logging, audit trail, and retention exists across sanctioned AI systems today?
- Q5What would a regulator, insurer, or acquirer most likely flag in an AI controls review today?
Chief Financial Officer
Focus — Spend discipline, ROI measurement, procurement governance
- Q1What is your total committed and discretionary AI spend this fiscal year across the organization?
- Q2Is AI spend tracked at a cost-center level, and can you produce a unit-economics view by workflow or business unit?
- Q3What would you need to see to approve doubling AI investment in the next twelve months?
- Q4How are AI vendors evaluated against procurement and finance controls today?
- Q5What is the ROI threshold a workflow automation needs to clear to justify continued investment?
HR / Workforce Leader
Focus — Adoption, change management, role redesign
- Q1How is AI literacy distributed across your workforce today — who are the early adopters, who is resistant, and why?
- Q2Which roles will change materially in the next twelve months as AI adoption scales?
- Q3What training, enablement, or certification is currently offered for AI-assisted work?
- Q4How does your performance management system handle AI-assisted work product — attribution, quality, accountability?
- Q5What employee relations or cultural risks do you anticipate from expanded AI adoption?
Legal / Compliance
Focus — Regulatory exposure, contractual risk, policy enforcement
- Q1Which regulatory frameworks does your AI adoption intersect — NIST AI RMF, EU AI Act, HIPAA, GLBA, state privacy laws, sector-specific regulation?
- Q2What AI-specific language exists in your customer, vendor, and employment contracts today?
- Q3Who has authority to approve use of generative AI tools on proprietary or client-confidential material?
- Q4What records retention, discovery, and privilege considerations apply to AI-generated work product?
- Q5What is your current position on AI-generated IP, model training on proprietary data, and output ownership?
Business Unit Leader
Focus — Ground-truth usage, unmet need, friction
- Q1Describe a concrete task your team does every week where AI would be obviously useful, but isn't being applied today — and why not.
- Q2What AI tools have your team members asked for that were denied, delayed, or never answered?
- Q3Where are people using personal accounts (ChatGPT, Claude, etc.) to do company work — and what data is flowing through those tools?
- Q4If I could hand you one AI capability that was fully governed and safe to use tomorrow, what would it be?
- Q5What would cause your team to refuse to adopt a new AI tool, even if leadership approved it?
Follow-Up Probes
Intent — Use these when a stakeholder gives a short, evasive, or unusually confident answer. Probes are always open-ended.
- When pressed: "Walk me through the last time that actually happened."
- When confident: "What would prove you wrong?"
- When evasive: "If a board member asked you this tomorrow, how would you answer?"
- When generic: "Who specifically? When specifically? What did it cost?"
- When defensive: "Setting aside how it got here — where are we today?"
Red Flags to Log
Intent — Some statements are signals, not information. Capture them verbatim in the red-flag register.
- "We have a policy, but I'm not sure anyone reads it."
- "That's a great question for legal."
- "I assume IT handles that."
- "We don't use ChatGPT for anything sensitive" — without describing how that's enforced.
- "We'll figure it out when we get there."
- Any mention of an AI-related near-miss, breach, or client complaint that has not been formally documented.
- Unexplained variance between what the CEO says the company does with AI and what a business unit leader says happens in practice.
Synthesis Template
Intent — Convert interview output into structured input for the Gap Assessment. Complete one entry per stakeholder immediately after the interview, before memory decays.
| Field | Content |
|---|---|
| Stakeholder | [Name, role, tenure] |
| Date and format | [Date, in-person / remote, duration] |
| Primary layer | [Which AEGIS layer this stakeholder informs most] |
| Three strongest signals | [Bullet points, verbatim where possible] |
| Red flags logged | [Verbatim quote + layer mapping] |
| Quotable moments | [Quotes cleared for executive summary use] |
| Follow-ups needed | [Data requests, artifacts to collect, second interviews] |
Logistics and Tracking
Intent — Keep the engagement on the 10-business-day clock. Interview slippage is the most common cause of Diagnostic timeline overruns.
Scheduling
- Target all eight stakeholder interviews within the first 10 business days.
- Book CEO and board-facing interviews first; everything else arranges around their availability.
- Prefer 60 minutes with a hard stop at 75. Over-runs compound across the week.
- Back-to-back interviews are fine; interviews across different time zones on the same day are not.
Recording posture
Default to consented recording for transcription. If declined, assign a note-taker separate from the lead interviewer. Never rely on memory alone.
Tracking sheet
Maintain a single tracking sheet in the engagement workspace with stakeholder, scheduled date, completed date, synthesis status, and follow-up status. This sheet is reviewed in the daily engagement stand-up.