Three numbers that never agree
The warehouse management system says 40 units. The shelf has 12. The order book already promised 8 to a customer who expects delivery Thursday. Every inventory-heavy business runs on a quiet pile of these contradictions, and most of them surface the same way: a picker can't find stock, a salesperson over-promises, or a month-end count blows a hole in the gross-margin number. By the time anyone reconciles it, the disruption already happened.
That gap is exactly why inventory exception reporting is the workflow IT and data teams should automate before anything flashier. The OECD report on AI adoption by small and medium-sized enterprises makes the point that smaller firms get returns from concrete adoption patterns, not from open-ended "AI strategy." Exception reporting qualifies on three tests at once: the inputs have names (WMS counts, open orders, receiving logs, RMA queues), the exceptions are countable, and the output is something a stock controller can read in under a minute and act on.
Here is the discipline that keeps it useful. The AI retrieves the relevant inventory, order, and movement records, then assembles a short exception package: what's mismatched, by how much, why it matters this week, and who owns the decision. It does not write back to the WMS. It does not release an allocation, adjust a count, or tell a customer anything. Say a 60-person distributor with 4,000 active SKUs — the win is that a controller opens a queue of 15 flagged discrepancies each morning with the source rows attached, instead of discovering the worst one when a truck is half-loaded. Score the candidate workflows the same way using the manual-work scoring guide.
The read permissions are the whole project
Inventory exceptions don't live in one table. A single flagged SKU might pull from the WMS count, a customer's contracted allocation, a supplier's pending PO, a serialized asset record, and a return that hasn't been put away. That's the trap: the moment your AI workflow joins those sources, it can hand a warehouse temp a clean summary that quietly contains a key account's pricing tier or a vendor's confidential lead time. CISA AI Data Security Best Practices reads like an operating manual for precisely this situation, because the risk isn't the model — it's the data you let it stitch together.
The rule that prevents most of the damage is simple to state and easy to skip: permissions follow the source system. If a person can't open the contract record in the ERP, the AI exception package they receive must not surface anything derived from that contract. Resolve identity to the same role-based access the underlying systems already enforce, and have the AI redact or omit fields the requester isn't cleared for — not summarize around them, which leaks the fact that something was hidden.
So scope the first release narrow on purpose. Pick one exception type — say, "on-hand below committed quantity" — feed it one reviewer queue, and define one resolution outcome. One exception family, audited end to end, beats a dashboard that joins everything and trusts no one to look at it twice.
Did the discrepancy close faster? Prove it
A workflow that produces tidy exception packages nobody resolves is just a prettier backlog. The question that decides whether this earns a second phase is whether flagged discrepancies actually close faster than they did when a person hunted them down manually. The NIST AI Risk Management Framework gives the control loop to run it like production rather than a pilot: map the context, measure the risk, and manage changes as the data and the model drift.
For inventory specifically, four numbers tell you the truth. Exception age — how long from flag to resolution. Owner response rate — what share of packages a human actually acts on, because a low number means the AI is flagging noise. Correction accuracy — when someone adjusts the count, were they right, checked against the next physical count. And prevented disruption — stockouts or short-ships caught before they hit a customer. Track those for one quarter and you'll know whether to widen the exception types or fix the signal first. The RSM middle-market AI survey is a useful reality check here: AI spend only counts when it moves the operating model, not when it adds another report.
Monday's move: list your top five recurring inventory discrepancies, pick the one that most often reaches a customer, and write down which systems and which roles it touches. That one row is your first build spec — and your guardrail against counting savings that aren't real, which is its own discipline (measuring AI ROI without fake savings).