The assistant doesn't lie. It just reads the wrong file.
Picture a 90-person consulting firm that buys an AI knowledge assistant. Week one, someone asks it the current PTO accrual policy. It answers instantly, in a clean paragraph, citing a document. The document is from 2022. It was superseded twice. Nobody deleted it, because nobody deletes anything in a shared drive.
This is the whole problem with knowledge management and AI, and it is why "data cleanup" is the right first automation, not the boring prerequisite you skip to get to the fun part. Retrieval-based assistants are confident by design. They do not know that the SOW template in the "Old" folder was replaced, that three "final" versions of the onboarding deck disagree, or that the partner who owned the security FAQ left eighteen months ago. They find the closest match and present it as truth. Garbage in, fluent garbage out, with a citation that makes it look authoritative.
So the first thing to automate is not the answering. It is the grooming of what gets answered from. The RSM middle-market AI survey, the San Francisco Fed analysis of AI and small businesses, and Deloitte State of AI in the Enterprise 2026 all point the same way for firms your size: start with work you can govern, measure, and improve. A messy knowledge base is exactly that work. You already know what good looks like. You just never had the labor to enforce it.
What "cleanup" actually means when AI does the grunt work
Cleanup sounds like a weekend of dragging files into folders. Done as an AI workflow, it is four specific checks that run against your source library before any assistant is allowed to read it — and the point of automating them is that they run continuously, not once.
One: duplicate and version detection. Flag the seven near-identical SOW templates and the three onboarding decks so a human picks the canonical one. Two: staleness scoring. Surface every document untouched past your review window and route it to an owner who confirms "still valid" or "retire." Three: orphan and ownership gaps. Find the high-traffic documents with no accountable owner — the security FAQ nobody maintains — and assign one. Four: permission boundaries. Make sure the assistant cannot surface a partner's compensation memo to a first-year analyst because someone shared a folder too broadly in 2023.
This is where governance stops being a slide and becomes the actual design. The NIST AI Risk Management Framework and CISA AI Data Security Best Practices push the same discipline: approved inputs, enforced permission boundaries, retained outputs, human review on anything sensitive, and a clear escalation path. For a firm of your size, scope the first release brutally narrow — one knowledge domain (say, the proposal and SOW library), one accountable owner, one exception queue. That keeps the cleanup visible and stops the assistant from quietly becoming another ungoverned tool people half-trust. Map it with the 90-day AI implementation plan so cleanup and governance land in the same sequence, not as separate projects you never reconcile.
You'll know it worked when nobody re-checks the answer
The wrong metric is "documents processed." The right one is trust: when a consultant asks the assistant for the current MSA clause, do they accept the answer, or do they still open the drive to verify? If they verify, you haven't saved anyone a minute — you've added a step. Track the things that drive that trust: how many stale or duplicate documents got retired, what share of high-traffic docs now have a named owner, how often the assistant returns a contested answer, and how often a sensitive document surfaces to the wrong audience (target: never).
Be honest about whether this is even your first move. Run a workflow through the manual-work scoring guide before committing — if your library is small and current, cleanup may not be the bottleneck and a different function should go first.
Once the library is clean and the assistant is trusted in one domain, expansion is cheap: the second domain reuses the same staleness scoring, the same ownership rules, the same permission model — not a new tool and a new fight. Before you green-light that expansion, pressure-test the numbers with AI ROI measurement without fake savings, so you're scaling a real result and not a demo that looked good in week one.
