The 100-person trap: real systems, no one to run the AI
A 100-person company sits in the worst spot for an AI consulting proposal. You're past the scrappy stage — you have SharePoint, a CRM with five years of messy data, finance files with restricted access, and at least three departments that don't share a vocabulary. But you don't have a head of data, an ML team, or a spare engineer to babysit a pilot. So when a consultant quotes "AI implementation," the number is usually pricing a tool you'll buy and a workflow nobody on staff has the time to own.
Here's the reframe: at your size the cost question isn't whether the rate is high. It's whether the first scope ties the spend to a piece of work your leaders can actually measure on a Tuesday. McKinsey's State of AI 2025 is blunt about why this matters — the companies seeing value redesigned a workflow, they didn't just hand people access. IBM's Institute for Business Value says the same thing from the capability side: useful AI rides on data, operating model, adoption, and measurement. A proposal that buries diagnostic work, data cleanup, integration, security review, training, and benefits tracking under one "implementation" line item is hiding the four places a 100-person shop usually loses the money.
Price the permissions problem, because at 100 people you already have one
This is where a 100-person company differs hard from a 20-person one. You have role-based access that mostly works — until you point an AI assistant at it. Microsoft 365 Copilot's data protection architecture exists because these assistants inherit whatever permissions your environment grants. Translation: if a folder of salary spreadsheets or a board deck was over-shared three reorgs ago, the AI will surface it to whoever asks. At 100 people you almost certainly have that landmine, and you almost certainly don't know where it is. A proposal that doesn't price an access audit across SharePoint, Teams, CRM exports, and finance files isn't pricing the actual risk — it's deferring it onto you.
The fix isn't a 40-page policy nobody reads. The NIST AI Risk Management Framework gives a workable sequence even a lean team can run: map where the tool touches sensitive content, measure how it fails, manage the controls, and name an owner for each. The owner part is the one that breaks. PwC's 2025 Responsible AI survey found responsible AI only sticks when it moves from a policy document into the teams making rollout calls. At your scale that's one person — your COO, your head of ops, somebody — with their name on it. Budget for that wiring up front. It is not the review you tack on at the end.
Buy one governed workflow, not a 100-person rollout
Say you're a 100-person tech-services firm and your consultant pitches "company-wide AI enablement." Counter it. Pick the single workflow that bleeds the most hours — proposal drafting, support triage, contract review — and scope the first engagement to prove that one. Bain's 2025 agentic AI transformation research is clear that the broader, agentic stuff only pays off after the foundation work is real. So the deliverable from engagement one isn't a platform — it's a ranked use-case backlog, one workflow running under proper access controls, a baseline you measured before you touched anything, and a stop-or-scale decision date roughly 90 days out. If that first workflow doesn't move a number you care about, you stop, and you've spent the price of a proof instead of a transformation.
What you do Monday: write down the three workflows eating the most staff time, and for each one note who would own the AI version of it. If you can't name an owner, that workflow isn't ready — fix that before you sign anything. Then run the numbers. The free AI Opportunity Score and the AI ROI Calculator turn that shortlist into a case finance, ops, and IT can all inspect, and Human Renaissance AI transformation services can scope the first governed workflow with you.
