Motion Consulting Group · Kelly
AI Governance Readiness Proposal / Prepared for BCBS of Illinois
Confidential draft for discussion. Please enter the access code.
Invalid code.
AI Governance Readiness Proposal Blue Cross and Blue Shield of Illinois
Prepared for Blue Cross and Blue Shield of Illinois AI Governance Readiness Proposal
Member-first AI governance

Move with confidence while protecting member trust.

As AI use expands across your plan, the question is not whether to govern it. The question is whether your teams can scale it in a way that protects your members, supports your operators, and gives leadership a clear basis for confident decisions.

Fixed-scope baseline assessment NIST AI RMF, NIST CSF 2.0, ISO/IEC 42001 Prepared independently by Motion Consulting Group / Kelly

What this proposal is built to do

Give you a bounded, practical starting point for AI governance readiness so your security, privacy, compliance, data, and delivery leaders can see the same picture and act from the same evidence.

1. The moment you're in

AI is moving into core operations, and governance is what lets you move without losing trust.

For a regulated health plan, AI adoption is never only a technology decision. It touches member service, clinical and operational workflows, privacy, security, compliance, procurement, vendor oversight, and the confidence your leaders need before broader rollout.

Your members do not experience AI as a separate program. They experience it through the quality, clarity, and safety of each interaction. That makes governance more than a control exercise. It is the operating discipline that protects member trust while enabling responsible scale.

The goal is not to slow your teams down. The goal is to give them a clear lane to move in, with risk understood, evidence assembled, and review points that fit the reality of how work gets done.

Member-first Regulated environment Confident scale
2. What we propose

A fixed-scope AI Governance Baseline Assessment.

This engagement is intentionally bounded. It is designed to establish a shared view of your present-state AI governance readiness and give you a practical basis for next decisions without overextending the opening scope.

Three-lens inventory

We assess the current landscape through technology, security, and AI lenses so your teams can see where capabilities, controls, and responsibilities intersect.

AI-BOM and use-case classification

We produce an AI bill of materials and classify AI use cases by risk so the conversation moves from abstract concern to named systems, dependencies, and control needs.

Mapped gap report and cost & efficiency read

We map findings to NIST AI RMF, NIST CSF 2.0, and ISO/IEC 42001, then add a cost & efficiency read to show where governance effort can reduce friction as well as risk.

Scope area What it covers Why it matters to you
Technology lens Applications, platforms, integrations, models, vendors, data flows, and operational touchpoints. Creates a grounded inventory of where AI is present or planned.
Security lens Identity, access, data handling, control evidence, review paths, and dependency exposure. Helps your teams see where risk posture is clear and where proof still needs to be assembled.
AI lens Use-case intent, model behavior, oversight design, HITL points, and risk classification. Connects governance to how AI is actually used by your people and experienced by your members.
3. How the engagement runs

A few focused weeks, structured working sessions, and shared evidence.

The engagement runs as a compact series of working sessions, artifact reviews, and synthesis checkpoints. Your teams remain close to the work throughout so the baseline reflects operational reality rather than a detached paper exercise.

We bring a delivery pod that works alongside your security, privacy, compliance, data, and delivery leaders. Each session is built to move toward a specific output, confirm assumptions early, and keep the effort practical.

Cadence and review pattern

  • Focused working sessions gather the information needed for the inventory, AI-BOM, and use-case classification.
  • Artifact reviews align findings with the standards stack and surface the gaps that matter most.
  • Human-in-the-loop (HITL) review gates create deliberate points for your teams to confirm risk posture, escalation paths, and decision ownership before recommendations are finalized.
  • An executive readout closes the engagement with a clear baseline, the open questions that remain, and the roadmap recommendation.
4. What you receive

Concrete artifacts your leaders can use immediately.

Baseline deliverables

  • AI inventory and AI-BOM covering the in-scope landscape.
  • Risk classification for AI use cases, including where heightened oversight is appropriate.
  • Prioritized gap report mapped to NIST AI RMF, NIST CSF 2.0, and ISO/IEC 42001.

Decision-ready outputs

  • Cost & efficiency read to show where operating friction or duplicate effort can be addressed.
  • Executive readout written for leadership discussion.
  • Sequenced roadmap recommendation for the next phase.

The deliverables are intentionally bounded to the baseline. They are designed to let you decide the next design and implementation scope from evidence, rather than asking your teams to commit to a larger body of work before the baseline is understood.

5. Standards & independence

Built on recognized standards, with clear independence on certification.

The baseline is anchored in NIST AI RMF, NIST CSF 2.0, and ISO/IEC 42001. Where useful, we can also reference the broader stack around AI governance and risk, including the EU AI Act, OWASP LLM Top 10, MITRE ATLAS as the AI-specific threat surface, and healthcare-relevant guidance appropriate to the systems in scope.

Our role is to help you assemble the control story, the operational evidence, and the decisions needed to become audit-ready. We never self-certify. Any formal certification is performed by accredited third-party bodies.

Plain-language independence statement

  • We map the work to recognized frameworks and produce the audit-ready evidence package.
  • We do not present our own delivery as formal certification.
  • Nothing is described as live or monitored until the relevant connections, workflows, and operating motions are actually in place.
Framework How it informs the baseline Evidence focus
NIST AI RMF Shapes the governance, measurement, and oversight view for AI use cases. Use-case classification, oversight design, and risk response rationale.
NIST CSF 2.0 Connects AI governance to broader cybersecurity practice. Security controls, review paths, dependencies, and operating discipline.
ISO/IEC 42001 Provides the management system lens for repeatable AI governance. Roles, policies, evidence structure, and continuous improvement design.
6. Why Motion Consulting Group / Kelly

Build-AND-run support, backed by Kelly's scale and talent bench.

You may need more than a recommendation document. You may need a partner that can design the operating model, implement the workflows and controls, and then operate the motion as a managed service if that is the right path for your teams.

Motion Consulting Group brings that build-AND-run posture, backed by Kelly's broader delivery reach and talent bench. That means the baseline can open into practical implementation and operating support without losing continuity.

We are careful about claims. We do not rely on named case studies or inflated performance language here. Instead, we point to relevant delivery patterns and make references available on request.

anonymized; references available on request

HIPAA-aligned conversational AI with secure EMR integration

For a healthcare provider, our team supported a conversational AI deployment designed around HIPAA-aligned handling, secure EMR integration, and the operational controls needed for a patient-facing experience where trust and data stewardship had to remain central.

anonymized; references available on request

Agentic AI deployment focused on AI cost and observability

For a top-3 US telecommunications company, our team supported an agentic AI deployment with a strong focus on AI cost visibility, observability, and the governance needed to keep broader adoption understandable to both technical and leadership audiences.

7. Commercials

Commercial shape only.

The engagement opens with a fixed-fee AI Governance Baseline Assessment. Once the baseline is complete and the findings are understood, any design and implementation scope can be defined against what your teams actually need.

How scope moves forward

  • The fixed-fee baseline opens the work.
  • Design and implementation are scoped afterward based on what the baseline finds.
  • Pricing is confirmed in a formal proposal after the working session.
8. Next step

Bring the right leaders into one focused working session.

The next step is a focused discussion with your security, privacy, compliance, and data leaders to walk the baseline approach, confirm the in-scope questions, and shape the opening assessment around your operating reality.

If that discussion is useful, we can turn it into the formal baseline launch plan and prepare the follow-on proposal structure from there.

Working session — scheduled through your Motion Consulting Group contact

What the session is built to clarify

  • Which AI use cases and platforms belong in the opening scope.
  • Which leaders should own the HITL review gates.
  • Which existing evidence can be reused and which gaps need fresh work.
Draft for discussion. Prepared independently by Motion Consulting Group, a Kelly Services company. This material is not affiliated with, endorsed by, or originating from Blue Cross and Blue Shield of Illinois or Health Care Service Corporation, and no trademarked marks are reproduced.