AI Toolkit

AI adoption guidance

Educate your team, then govern the practice.

A practical playbook for CEOs, ops leads and governance teams. A phased roadmap, a two-minute readiness self-check, fifteen copy-ready templates you can download and edit, and the governance spine that keeps trust intact as you scale.

01

A six-phase roadmap

Most associations that adopt AI well move through these six phases over roughly six months. You can shorten each phase, but skipping one is where trust breaks.

  1. 01Weeks 1–2

    Assess

    Understand your starting point. Who is already using AI (openly or quietly)? Which teams have the biggest workload pressure? What data are we already sharing with third parties?

    Outputs
    • Readiness self-check completed
    • Named executive sponsor
    • Baseline map of current AI use
  2. 02Weeks 3–4

    Prepare

    Set the guardrails before the first pilot. Publish a short AI use policy. Agree what data can and cannot be shared with AI tools. Choose one or two tools rather than sprawl.

    Outputs
    • AI use policy signed off
    • Approved tool list (start small)
    • Transparency wording for external comms
  3. 03Weeks 5–10

    Pilot

    Pick three high-leverage use cases across different functions (e.g. comms drafting, meeting synthesis, funding case narrative). Time-box the pilot. Measure hours saved and confidence gained.

    Outputs
    • 3 use cases live
    • Pilot leads named
    • Feedback loop scheduled
  4. 04Weeks 8–12

    Govern

    Layer in oversight. Vendor assessment for anything holding association data. A short risk register updated quarterly. Named human reviewers for public-facing outputs.

    Outputs
    • Vendor assessments filed
    • Risk register live
    • Incident process rehearsed once
  5. 05Months 4–6

    Scale

    Move from pilots to embedded practice. Add role-based training packs. Share prompts across teams. Bring youth voice and lived experience into what gets automated (and what never should).

    Outputs
    • Role packs rolled out
    • Prompt library shared internally
    • Youth advisory input logged
  6. 06Ongoing

    Learn

    Adopt a light-touch review rhythm: quarterly retrospective, annual policy refresh, and a public-facing note on how you use AI. Trust compounds through openness.

    Outputs
    • Quarterly retro cadence
    • Annual policy refresh
    • Public transparency note

02

Two-minute readiness self-check

Answer seven questions with your senior team. The score points to where to start — not whether you're allowed to.

  1. 01

    We have a named executive sponsor for AI adoption.

  2. 02

    We have (or are actively drafting) a written AI use policy.

  3. 03

    Colleagues know which data must never be pasted into AI tools.

  4. 04

    Staff have had at least one hands-on session with an approved AI tool.

  5. 05

    Public-facing AI outputs have a named human reviewer before publication.

  6. 06

    Young people and lived-experience voices shape what we do and don't automate.

  7. 07

    We have a route to raise concerns or incidents about AI use.

03

Educating & communicating with your team

Most AI rollouts don't fail on tools — they fail on communication. These five plays cover how to introduce AI, run the first sessions, sustain momentum, and handle the real worries colleagues bring.

CEOs and comms leads

Announcing AI to your association

  1. 1Send the all-staff launch email on the day the policy is published.
  2. 2Attach the one-page policy and the staff FAQ in the same email.
  3. 3Book the 90-minute team session for two weeks later, calendar invites out same day.
  4. 4Reply personally to the first three staff replies — set the tone as open, not corporate.

Team leads · HR / L&D

Running the first team session

  1. 1Use the 90-minute training plan template — don't reinvent it.
  2. 2Have every attendee try a prompt on a real task from their own week.
  3. 3Close with each person naming one prompt they'll use, and who they'll tell.
  4. 4Book the 30-minute follow-up before people leave the room.

Comms · L&D · Team leads

Keeping momentum after training

  1. 1Send a prompt-of-the-week email — same day each week, same slot on the calendar.
  2. 2Hold monthly 30-minute drop-in office hours — no agenda pressure.
  3. 3Refresh the FAQ quarterly with the real questions people asked.
  4. 4Share one "went wrong and here's what we learned" reflection each quarter.

Line managers · HR · CEO

Handling worries: jobs, quality, trust

  1. 1Use the line manager talking points in the next 1:1 — not a special meeting.
  2. 2Name the worry out loud. "Am I going to be replaced?" deserves a real answer.
  3. 3Point to concrete mission commitments — where humans stay in the loop and why.
  4. 4If someone doesn't want to use AI, that's fine. Say so publicly.

CEOs · Ops · HR

Bringing quiet AI use into the open

  1. 1Ask, don't audit. Invite people to share what they already use — no consequences for honesty.
  2. 2Publish the policy and the red-line list before you ask the question.
  3. 3Consolidate to one or two approved tools rather than banning use.
  4. 4Frame the 90-minute session as an amnesty and a level-up — not a compliance sweep.
Grab the templates these plays use

04

Copy-ready templates

Fifteen templates you can adapt in a single sitting — download as Word to edit, or copy to paste straight into an email. Grouped so it's obvious what to reach for.

Education & communication

Bring your team with you

8 templates

Template

All-staff AI launch email

The email to send the day you turn AI use from quiet to sanctioned. Sets tone, names the tools, and points to help.

For: CEO / senior leadership · Comms

Preview

~265 words

Subject: How we're using AI at [YMCA ASSOCIATION NAME] — from today

Dear colleagues,

You've probably noticed that generative AI tools are showing up in more and more of our work — and in more and more of our lives. Some of you are already using them, thoughtfully, to draft messages, summarise meetings or think a problem through. Others are cautious, and that's understandable.

From today, we're bringing this into the open.

What we're doing
- Publishing a one-page AI use policy (attached). It's short. Please read it.
- Approving [tool 1] and [tool 2] as our starting toolset. Requests to use anything else go to [named role].
- Running a 90-minute team session on [date]. Everyone is invited; no prior experience needed.

Three things I want you to know
1. This is about you doing more of the work only humans should do — supporting young people, building community, being present. AI drafts. You decide.
2. There are red lines. We never paste identifying information about children, young people, participants or safeguarding cases into any AI tool. Ever.
3. If something goes wrong, tell your line manager. We'll learn from it openly, together.

Where to get help
- The 90-minute session on [date] — book here: [link]
- Monthly AI office hours on [day/time] — drop in with questions or a task
- Anytime: email [named role]

Thank you for the care you already bring to your work. AI is a tool. What makes it useful — or dangerous — is the judgment of the person using it. I trust yours.

[CEO name]
[Date]

Template

Staff FAQ (one page)

The ten questions colleagues actually ask when AI arrives — with honest, plain-language answers.

For: HR · Comms · Team leads

Preview

~365 words

[YMCA ASSOCIATION NAME] — AI: FAQ FOR COLLEAGUES

1. Am I allowed to use AI at work?
Yes, using the approved tools listed in the policy, and following the red lines. If you're unsure, ask your line manager or [named role] before you paste anything in.

2. Will AI take my job?
No. AI is a fast-drafting colleague, not a replacement for the human work at the heart of our mission. What it changes is the mix of your day — less time on first drafts, more time on the parts that need you.

3. Is using AI cheating?
No, if you're transparent and you review what it produces. AI is a tool, like a search engine or a spellchecker. The judgment stays with you.

4. What can I never paste into AI tools?
Identifiable information about children, young people, participants or staff. Safeguarding, health, disciplinary or immigration details. Confidential board or HR papers. If in doubt, don't paste it.

5. What if AI makes something up?
It will, sometimes. That's why a named human reviewer signs off anything public-facing. Verify statistics, references and policy specifics against a trusted source before publication.

6. Do I have to tell people I used AI?
When AI has meaningfully shaped a public-facing communication, yes — a one-line note is enough. For internal drafting and thinking-out-loud, no.

7. Which tool should I use?
Start with [tool 1] for text tasks and [tool 2] for [use]. Requests for anything else go to [named role].

8. What if I try something and it goes wrong?
Stop, tell your line manager, and if data was exposed, follow the incident process. No blame — we learn openly.

9. Will my prompts and chats be private?
Assume anything you paste into an AI tool leaves our systems. That's why the red lines matter. See the vendor assessment for details on how each tool handles data.

10. What if I don't want to use AI?
That's fine. Nobody is required to use AI tools. If it helps you, use it. If not, don't.

Where to get help
- Line manager (first)
- [Named role] for policy, tools, incidents
- Monthly AI office hours — [day/time]

Template

Line manager talking points

A prompt sheet for managers to open the AI conversation in a 1:1 — without turning it into an audit.

For: Line managers · HR

Preview

~287 words

AI CONVERSATION — LINE MANAGER 1:1 PROMPT SHEET

Aim
Open a supportive conversation about AI, understand what your colleague is already doing, and agree one thing to try next.

Timing
15 minutes at the end of a normal 1:1. Not a separate meeting.

Opening (2 min)
"You'll have seen our new AI use policy. I wanted to check in about what it means for you day to day — not to check up, but because I want us to figure this out together."

Explore (7 min) — pick two or three
- Where in your week do you feel most stretched?
- Are you using any AI tools already? What's working, what feels off?
- What worries you about AI here? (Job, quality, privacy, something else?)
- What's one task you'd love to spend less time on?
- Is there anything you've heard from participants or young people about AI?

Agree (4 min)
- One prompt or tool you'll try in the next two weeks.
- One thing you'll bring back to next month's team meeting.
- One boundary — a task where AI is off the table for you or your work.

Close (2 min)
"You don't have to use it. But if it helps you do more of the work you care about, I want you to feel free to try. Any concerns, come to me first."

Notes for the manager
- Don't audit. Curiosity, not surveillance.
- If someone reveals they've been using AI unofficially, thank them for the honesty. Move to the policy and the approved-tool list — don't punish.
- If a red-line breach comes up, follow the incident process. Escalate to [named role] and the DSL if safeguarding data was involved.

Template

Prompt-of-the-week email

A weekly nudge that keeps AI use visible and normalised after the first training session.

For: Comms · L&D · Team leads

Preview

~160 words

Subject: Prompt of the week — [short descriptive title]

Hi all,

This week's prompt:

[Paste the prompt from the library, or your adapted version]

Why it's useful
[One or two sentences. What tedious task does it collapse? What does it free you up for?]

How to try it
1. Open [approved tool].
2. Paste the prompt above. Replace anything in [brackets] with your real context.
3. Read the output critically. Edit until it sounds like you.
4. Before you send anything public, get a named colleague to review.

Watch out for
[One honest caution — e.g. "It over-uses buzzwords; strip them before sending." Or "It will invent statistics — check any numbers against a source you trust."]

Try it, and tell me what happened
Reply to this email with a one-liner: what worked, what didn't, what you changed. I'll share the best ones next week (attributed if you're happy, anonymous if not).

Office hours: [day/time]
Full library: [link]

[Sender name]

Template

Office-hours invite + agenda

A monthly 30-minute drop-in that turns questions into confidence — with no pressure to attend.

For: Comms · L&D · Team leads

Preview

~145 words

Subject: AI office hours — [day, date] at [time]

Hi all,

Our monthly AI office hours are on [day, date] at [time] — in [room / video link].

Come with:
- A task you'd like to try with AI but aren't sure how
- Something you tried that went sideways
- A worry or a question — anything, no bad questions
- Or just curiosity — feel free to lurk

What we'll do (30 min)
- 5 min — quick round of what people are working on
- 15 min — live problem-solving on one or two tasks people bring
- 5 min — share one prompt that's earning its keep this month
- 5 min — questions, worries, anything else

You don't need to come every month. Drop in when it's useful.

[Facilitator name]

Prompt library: [link]
AI use policy: [link]
Incident process: [link]

Template

Staff education & communication checklist

One page. Every step to educate and communicate with your team about AI — from the week before launch through the first ninety days. Tick as you go.

For: CEO · Comms · HR / L&D · Team leads

Preview

~640 words

STAFF EDUCATION & COMMUNICATION CHECKLIST — [YMCA ASSOCIATION NAME]

Owner: [name]     Start date: [YYYY-MM-DD]     Review date: [YYYY-MM-DD]

Use this as a running checklist. Tick each item as it's done, note the date, and name the person who did it. Nothing here is optional — but the order can flex.

BEFORE YOU ANNOUNCE (Week -1)
[ ] Named executive sponsor confirmed in writing
[ ] AI use policy (v1) drafted and signed off
[ ] Approved-tool list agreed (start with one or two tools)
[ ] Red-line list written in plain language
[ ] Staff FAQ drafted with the ten most likely questions
[ ] Line managers briefed 48 hours before all-staff email
[ ] DSL briefed on where AI sits (and doesn't sit) alongside safeguarding
[ ] Incident route confirmed and documented
[ ] First team session booked in calendars (within two weeks of launch)

LAUNCH WEEK (Week 0)
[ ] All-staff launch email sent by the executive sponsor
[ ] Policy, FAQ and red-line list attached and linked in the intranet
[ ] External transparency notice published on the website
[ ] Line managers add AI to the next 1:1 agenda (talking points sheet in hand)
[ ] Office hours slot published (monthly, same day/time)
[ ] Prompt library link circulated
[ ] Executive sponsor personally replies to first three staff replies

FIRST 30 DAYS
[ ] 90-minute team session run — everyone invited, no one required
[ ] Each attendee leaves with two prompts they'll use next week
[ ] Follow-up 30-minute session booked two weeks after training
[ ] First prompt-of-the-week email sent (same slot each week thereafter)
[ ] First monthly office hours held — attendance and questions logged
[ ] Any early wins captured (attributed if colleague is happy) and shared

FIRST 60 DAYS
[ ] Line managers have completed the AI 1:1 conversation with every direct report
[ ] Concerns and objections logged — the "I don't want to use it" position respected
[ ] Any quiet / shadow AI use surfaced, with no penalty for honesty
[ ] Approved-tool list refreshed if a genuine gap has emerged
[ ] First "I tried it and it went wrong" reflection shared openly with the team
[ ] Prompt library used in at least three different functions

FIRST 90 DAYS
[ ] FAQ refreshed with the real questions people actually asked
[ ] Role-specific prompts identified for at least three teams
[ ] Named human reviewers confirmed for every public-facing channel
[ ] Youth voice consulted on what should and shouldn't be automated
[ ] Retrospective run — what to keep, what to stop, what to change
[ ] First quarterly risk-register review scheduled with senior leadership

ONGOING (repeat cadence)
[ ] Prompt-of-the-week email — weekly
[ ] AI office hours — monthly
[ ] Risk-register review — quarterly
[ ] Policy and FAQ refresh — annually
[ ] Public transparency note — annually
[ ] Board discussion of AI — at least annually, plus any Medium/High incident within 30 days

SIGNS YOU'RE ON TRACK
- Colleagues are asking better questions in office hours, not fewer.
- Prompts are being shared between teams without prompting.
- At least one "went wrong" story has been told openly, without blame.
- Line managers can name a task their team no longer dreads.
- No one has been surprised — young people, staff, board, funders all know what we're doing.

SIGNS TO PAUSE AND REGROUP
- Attendance at office hours is trending to zero.
- Public-facing outputs are going out without a named reviewer.
- Someone has pasted participant data into a tool — even once.
- Line managers say they haven't had time for the AI conversation in 1:1s.
- Trustees are hearing about AI use from somewhere other than you.

Signed off by: [name, role]     Date: [YYYY-MM-DD]

Template

"I tried it and it went wrong" reflection

A simple, blame-free reflection template that turns misfires into shared learning.

For: All colleagues · Team leads

Preview

~169 words

AI REFLECTION — WHEN IT DIDN'T GO TO PLAN

Purpose
Turn a misfire into learning. No blame, no formal process — just a short note you can bring to a 1:1 or team session.

Your name: [optional]
Date: [YYYY-MM-DD]
Tool used: [tool name]

What were you trying to do?
[One sentence. The actual task, in plain language.]

What did you try?
[Which prompt, which approach. Paste it if you're happy to share.]

What happened?
[What the AI produced. What was wrong, weird, or unhelpful about it.]

What did you do about it?
[Did you re-prompt? Give up? Adapt manually? Send it anyway then regret it?]

What would you do differently next time?
[One or two lines.]

Anyone else should hear about this?
[Yes / no. If yes, who — line manager, DSL, ops lead, whole team.]

Reminder
If association data was exposed to a tool it shouldn't have been, this stops being a reflection and becomes an incident. Use the incident log entry template and tell [named role] today.

Template

Staff training plan (90 minutes)

A ready-to-run agenda for the first hands-on AI session with a team.

For: HR / L&D · Team leads

Preview

~199 words

TEAM AI SESSION — 90 MINUTES

Aim: leave with two prompts each person will use next week.

00:00 — Welcome and why (10 min)
- Why we're doing this: our mission, our pressures, and where AI can help.
- What AI is and isn't: a fast-drafting colleague, not an oracle.

00:10 — Ground rules (10 min)
- Walk through the AI use policy.
- Red lines: what we never paste in.
- Human accountability: named reviewers for public-facing outputs.

00:20 — Live demo (15 min)
- Facilitator runs one prompt from the YMCA library end-to-end.
- Show the "adapt for your association" step.

00:35 — Hands-on round 1 (20 min)
- Each person picks one prompt from the library.
- Runs it against a real task from their own week.

00:55 — Debrief (10 min)
- What worked? What felt off?
- Where would a human reviewer have caught something?

01:05 — Hands-on round 2 (15 min)
- Each person adapts a second prompt with local context.

01:20 — Commitments (10 min)
- Each person names one prompt they'll use next week and who they'll tell.
- Book the follow-up: 30 minutes in two weeks to share what happened.

Foundational policy

Write it down

3 templates

Template

AI use policy (one-page)

The minimum viable policy to publish before wider AI use starts.

For: CEO / senior leadership · Governance

Preview

~268 words

[YMCA ASSOCIATION NAME] — AI USE POLICY (v1)

Why this exists
We believe AI can help our people do more of the work only humans should do — supporting young people, building community, and expanding opportunity. This policy sets out how we use it responsibly.

Scope
This policy applies to all staff, volunteers, board members and contractors when using any generative AI tool (e.g. ChatGPT, Claude, Gemini, Copilot) for association work.

Principles
1. Human accountability. AI drafts, humans decide. Every public-facing output has a named reviewer.
2. Privacy by default. We never enter identifying information about children, young people, participants, staff or safeguarding cases into any AI tool.
3. Transparency. When AI has meaningfully shaped a public-facing communication, we say so.
4. Cultural context. Outputs are always adapted to our community, language and priorities before use.
5. Verify, don't trust. Statistics, references, policy specifics and legal claims must be verified against a trusted source before publication.

Approved tools
We currently use: [list]. Requests to use additional tools go to [named role].

Red lines
Do not paste into any AI tool:
- Identifiable information about children, young people or participants
- Safeguarding, health, disciplinary or immigration information about any individual
- Confidential board, HR or partnership material without permission
- Content that could substitute for professional legal, medical or therapeutic advice

Raising concerns
If an AI output causes harm, feels unsafe, or breaches privacy, stop, tell your line manager, and follow our existing incident and safeguarding process.

Review
This policy is reviewed annually by [named role] and refreshed alongside safeguarding policy.

Signed: [CEO name]     Date: [YYYY-MM-DD]     Next review: [YYYY-MM-DD]

Template

External transparency notice

Short paragraph for your website or annual report about how you use AI.

For: Communications · Governance

Preview

~118 words

How we use AI at [YMCA ASSOCIATION NAME]

We use generative AI tools to help our small team do more of the work that only people should do — supporting young people and building community. AI helps us draft communications, summarise meetings, prepare funding cases and adapt materials into accessible language.

Everything that reaches you — whether a newsletter, a policy document, or a reply — is reviewed by a named colleague before it is shared. We never enter identifying information about children, young people, participants or staff into AI tools, and we always adapt outputs to fit our community and voice.

If you have questions or concerns about how we use AI, please contact [named role, email].

Template

Annual public transparency note

The longer-form annual note for supporters, funders and the public. Shows what changed and what you learned.

For: Comms · Governance

Preview

~264 words

HOW WE USED AI AT [YMCA ASSOCIATION NAME] — [YEAR] ANNUAL NOTE

A note from [CEO name] for supporters, funders, staff and the young people we serve.

Why we're writing this
We think trust is built through openness, not silence. This is our annual account of how we used AI this year — what it helped with, what we drew a line at, and what we learned.

Our starting principles
- AI drafts. Humans decide.
- We never enter identifying information about children, young people, participants or staff into AI tools.
- When AI has meaningfully shaped a public-facing communication, we say so.
- We adapt every output to our community, our voice and our safeguarding responsibilities.

Where we used AI this year
[Two or three plain-language paragraphs. Examples: drafting our newsletter, summarising staff surveys, preparing funding cases, adapting materials for accessibility. Name the functions, not the tools.]

Where we didn't
[Two or three examples. E.g. we didn't use AI for any safeguarding decision, any conversation with a young person, or any assessment of an individual staff member.]

What went wrong
[One honest example, told plainly. What happened, what we changed. If nothing went wrong, say what you're watching for.]

What our young people said
[One or two lines from the youth advisory conversation on AI. What they welcomed. What they'd rather we didn't automate.]

What's next
[Two or three sentences. What we're piloting, what we're pausing, and when we'll review again.]

Questions or concerns
Please contact [named role, email]. You can also raise a concern through our normal safeguarding channels.

[CEO name]
[Date]

Governance

Answer 'who owns this?'

5 templates

Template

AI risk register (starter)

Six starter risks with owners, likelihood and mitigations. Extend as you learn.

For: Governance · Operations

Preview

~195 words

AI RISK REGISTER — [YMCA ASSOCIATION NAME]  |  Last reviewed: [YYYY-MM-DD]

# | Risk | Likelihood | Impact | Owner | Mitigation
--|------|------------|--------|-------|-----------
1 | Identifiable participant data pasted into an AI tool | Medium | High | Ops lead | Written policy, staff training, red-line list, quarterly refresher
2 | AI-generated content published with factual error | High | Medium | Comms lead | Named human reviewer on every public output; verify stats and references
3 | Over-reliance on AI erodes staff judgement or skill | Medium | Medium | HR lead | Reviewer role rotates; AI paired with, not replacing, mentoring
4 | Vendor changes terms, prices or data policy | Medium | Medium | Ops lead | Approved-tool list reviewed quarterly; migration plan for top 2 tools
5 | Youth voice absent from what gets automated | Medium | High | Youth work lead | Youth advisory reviews annual AI use note; consent for any user-facing AI
6 | Safeguarding concern surfaced via AI is missed | Low | High | DSL | AI is never a safeguarding channel; existing DSL process unchanged

Review cadence: quarterly at senior leadership; annually at board.

Template

Vendor assessment checklist

Twelve questions to answer before approving any AI tool that touches association data.

For: Ops · IT · Governance

Preview

~159 words

VENDOR ASSESSMENT — [TOOL NAME]  |  Assessed by: [name]  |  Date: [YYYY-MM-DD]

Data
1. What data will we send this tool? (categories, examples)
2. Does it hold any personal data about children or young people? (target: no)
3. Where is data stored geographically? Which laws apply?
4. Is our data used to train the vendor's models? Can we opt out?
5. How long is data retained and how is it deleted on request?

Security
6. Does the vendor publish a SOC 2, ISO 27001 or equivalent?
7. Is data encrypted in transit and at rest?
8. Is single sign-on and multi-factor auth available?

Contract
9. Are terms sustainable at our scale (price, seats, usage limits)?
10. What happens to our data if we terminate?
11. What is the notice period for material changes to terms?

Fit
12. Does this replicate a capability we already have? (avoid tool sprawl)

Decision: [approved / conditional / declined]     Owner: [name]     Next review: [YYYY-MM-DD]

Template

AI incident log entry

Capture what happened, what changed, and what we learned — in ten lines.

For: All colleagues · Ops lead

Preview

~66 words

AI INCIDENT LOG — ENTRY

Date: [YYYY-MM-DD]
Reported by: [name / role]
Tool involved: [tool name]

What happened (2–3 sentences):

What data (if any) was exposed:

Immediate action taken:

Who was informed (line manager / DSL / board / individuals affected):

Root cause (policy gap, training gap, tool behaviour, human error):

Change we're making so this doesn't repeat:

Learning to share with the team (one line):

Template

Board paper: AI at [Association]

A one-page cover with a three-page appendix — the paper you take to your first substantive board discussion on AI.

For: CEO · Board · Governance

Preview

~236 words

BOARD PAPER — AI AT [YMCA ASSOCIATION NAME]
Prepared by: [CEO name]  |  Date: [YYYY-MM-DD]  |  For: [decision / discussion / noting]

1. Purpose
To agree our position on AI use, sign off the AI use policy, and endorse the top three risks and the review cadence.

2. Recommendation
The Board is asked to:
a) Approve the AI use policy (v1, appended).
b) Endorse the top three risks and their owners.
c) Note the annual public transparency note commitment.

3. Context (half a page)
[Where we are today, in plain language. What staff are already doing. What pressures AI helps with. What we've heard from young people. Where the risks concentrate.]

4. What we're doing
[Half a page. Named sponsor, approved tools, training rhythm, review cadence. Reference the roadmap phase we're in.]

5. What we're not doing (yet)
[A short list. E.g. no user-facing AI features. No AI in safeguarding decisions. No use of tools that train on our data.]

APPENDIX A — AI use policy (v1)
[Paste or reference the policy template.]

APPENDIX B — Top three risks
[Paste the top three rows of the risk register with owners and mitigations.]

APPENDIX C — Decision rhythm
- Quarterly: senior leadership review of risk register and pilots.
- Annually: board review of policy and public transparency note.
- Ad hoc: incident log entries reported to the board within 30 days for anything Medium or High impact.

Template

RACI for AI decisions

Who is Responsible, Accountable, Consulted and Informed for each type of AI decision. Kills the "who owns this?" ambiguity.

For: CEO · Senior leadership · Governance

Preview

~293 words

RACI — AI DECISIONS AT [YMCA ASSOCIATION NAME]

Legend: R = Responsible (does the work)  A = Accountable (signs it off — one person)
C = Consulted (input needed)  I = Informed (told after)

Decision | Ops lead | CEO | DSL | Comms | HR/L&D | Youth work lead | Board
---------|----------|-----|-----|-------|--------|-----------------|------
Approve/refresh AI use policy | R | A | C | C | C | C | I
Add a new approved tool | R | A | C | I | I | I | I
Vendor assessment for a tool holding association data | R | A | C | I | I | C | I
Approve a public-facing AI-shaped communication | I | I | I | A/R | I | C | I
Sign off role-based training pack | I | A | I | I | R | C | I
Update risk register (quarterly) | R | A | C | C | C | C | I
Handle an AI incident (Low/Medium) | R | A | C | I | I | I | I
Handle an AI incident (High / safeguarding-adjacent) | R | A | R | I | I | C | I within 30 days
Youth-facing AI feature (any) | C | A | C | C | I | R | I
Annual public transparency note | I | A | I | R | I | C | I

Notes
- One "A" per row. When two roles share accountability, split the decision.
- The DSL always has veto on anything that touches child protection.
- Anything not on this table defaults to: Ops lead R, CEO A.

Review: annually, or when a role changes.

05

Governance, proportionately

Governance at association scale isn't enterprise theatre. It's four named accountabilities, three review moments a year, and a small set of documents that get refreshed rather than rewritten.

Four accountabilities

Executive sponsor (CEO or delegate)

Signs off the AI use policy. Owns the risk register. Named on the annual transparency note. The person a trustee calls first.

Designated safeguarding lead (DSL)

Veto on anything that touches child protection. Existing safeguarding channels stay unchanged — AI is never a safeguarding route.

Comms reviewer

Named human reviewer for every public-facing AI-shaped communication. Verifies statistics, references and voice before publication.

Ops / IT lead

Runs vendor assessments. Maintains the approved-tool list. First point of contact for incidents and new tool requests.

Decision rhythm

WhenWhoWhat
QuarterlySenior leadershipReview the risk register, pilots, tool list and any incidents from the quarter. 45 minutes.
AnnuallyBoardApprove the refreshed AI use policy. Endorse the top three risks. Sign off the annual public transparency note.
Within 30 days of incidentExecutive sponsor → BoardAny Medium or High impact incident goes to the board with the incident log entry and the change being made.

The governance documents

These five templates are the governance spine. The rest of the template library sits underneath them.

06 — Next

Send the launch email this week.

Start with a note to your team, the one-page policy, and a date for the first 90-minute session. Everything else follows.

YMCA AI Adoption Toolkit

A practical library, guided context and safeguards so YMCA staff, volunteers and young leaders can use AI safely, confidently and locally.

Aligned with YMCA Vision 2030. Human review, always.

Toolkit

Your work

Safeguarding

    Never enter identifying information about children, health or safeguarding cases into any AI tool. AI drafts, humans decide.

© 2026 YMCA AI Adoption Toolkit

Adapt every prompt to your local YMCA.