10-Step Estimation Process Checklist
View our 10 Step Estimating Process Checklist. This checklist should be tuned to the individual company’s needs and suggestions.
If 77% of employees paste data into generative AI prompts and 82% do it through unmanaged
accounts, the question is not whether it is happening in your estimation shop. The question is
whether you can prove it is not.
A 2026 Netskope study found that 77% of enterprise employees paste organizational data into generative AI tools, with 82% of that activity occurring through personal, unmanaged accounts. A separate Komprise survey reported that 90% of IT leaders are concerned about shadow AI from a data privacy standpoint, and nearly 80% have already experienced negative AI-related data incidents. These numbers describe a pattern that has reached cost estimation shops, bid and proposal teams, and program offices across the defense industrial base.
What shadow AI looks like in estimation
An analyst pastes a draft WBS into ChatGPT to generate element descriptions. A proposal
manager feeds historical cost data into a personal Copilot account to draft pricing narratives. A
cost engineer asks an unmanaged LLM to summarize CER documentation from a prior
program. None of these actions triggers a security alert. None produces an audit trail. None
links the AI-generated output to the source data, the model version, or the prompt that produced
it. The result is estimation content that cannot be traced, validated, or defended when DCAA,
DCMA, or a source selection evaluation board asks how the numbers were derived.
The audit gap
Shadow AI in estimation creates a specific class of risk that general-purpose cybersecurity frameworks do not address. The problem is not data exfiltration alone; it is the absence of provenance in the estimation output. When an AI-assisted estimate enters a proposal or an independent cost assessment, every assumption, data source, and analytical step must be reconstructable. Unmanaged AI tools break that chain. The analyst may have produced a reasonable output, but neither the analyst nor the organization can demonstrate how it was produced, what data informed it, or whether the model introduced errors, hallucinations, or biased assumptions. With only 37% of organizations reporting formal AI governance policies, most estimation teams lack the structural controls to detect this gap before it surfaces in an audit.
What governed AI adoption looks like
The response is not to ban AI from the estimation process. It is to bring it under governed control: role-based access that scopes what data an AI agent can reach, task-specific agent boundaries that prevent cross-program data contamination, immutable logs that record every prompt, response, and human review decision, and deployment within authorized infrastructure rather than public APIs. Organizations that adopt AI for estimation through managed, auditable architectures gain speed without sacrificing the traceability that compliance demands. Those that leave adoption to individual discretion are accumulating audit exposure with every unlogged prompt.
The question is not whether AI belongs in estimation. It is whether your organization can account for the AI that is already there.
Estimating Total Cost of Ownership (TCO)
Find out how you can use Total Cost of Ownership (TCO) model to create an estimate which includes all the costs generated over the useful life of a given application.
Should Cost Analysis
Learn how Should-Cost Analysis can identify savings opportunities and drive cost efficiency in procurement and manufacturing processes.
ROM Estimate: The First Step Towards a Detailed Project Plan
Find out what ROM (rough order of magnitude) estimate is and why is it a crucial element of every project planning cycle.
Software Maintenance Cost
Find out why accurate estimation of software maintenance costs is critical to proper project management, and how it can make up to roughly 75% of the TCO.
