Last updated: June 23, 2026
AI is moving fast, and the gap between adoption and readiness is widening.
Oracle published a demo this spring showing NetSuite connected to Claude through MCP. Customers asking a finance question and getting live numbers back is genuinely useful. What the walkthrough skipped, and what most mid-market companies are skipping too, is the governance layer that makes any of it safe to run at scale.
This edition is about closing that gap. Bryan's article names the pattern. The masterclass gives you a framework to act on it. The checklist and the prompting guide are what your team needs on the ground. Everything in this edition is free and built for the mid-market finance teams we work with every day.
In this edition
→ Bryan Willman's latest article: Why 71% of leaders overestimate their AI risk posture
→ The AI Without Regret Masterclass: learn our six-phase approach to bringing AI in without the rework
→ AI Policy Checklist: The 12-section checklist your auditors will thank you for
→ AI Prompting Guide: Six prompting techniques for finance, AP, and ops
01 · From Bryan's desk
The Oracle demo that made me sit down and start writing
 |
From Bryan Willman Techfino, CEO/CIO |
When Oracle published its post on NetSuite meeting Claude through MCP, I read it twice. Customers asking Claude a finance question and getting real numbers from a live system is genuinely useful. What I noticed: the walkthrough went from "I have a NetSuite account" to "Claude can read my financial data" without the word security appearing anywhere.
The disclaimers were there, detailed, two clicks from the demo, in a doc titled "Associated Risks, Controls, and Mitigation Strategies." A CFO who picked up IT six years ago skips that doc on a Tuesday afternoon. Sage's 2026 mid-market research tells the story: 71% of leaders feel confident they could handle a cyber incident. 22% actually have the posture to survive one.
This is why we put governance in phase two of our AI adoption framework, ahead of implementation and everything that follows. The rework cost of skipping it is the most expensive we see.
The pattern is not unique to Oracle. Every major ERP vendor is publishing AI integration demos right now. The security documentation is always there, detailed and accurate, but it lives two clicks from the marketing page, in a tab most finance leaders never open before they ask IT to set it up. The article names that gap by name, and explains why the mid-market is particularly exposed to it.
What it argues is practical: governance does not require a dedicated security team or a six-month delay. It requires three decisions made early, what the AI can access, what it can change, and who reviews its output before it runs. Bryan walks through each one in terms a CFO can act on before the next vendor call.
"The trust we built about the cloud is so complete that the questions have stopped being asked. That is a dangerous habit to carry into AI."
Bryan Willman · Techfino, CEO/CIO
02 · The CEO masterclass · Available on your schedule
Bryan's AI playbook, broken into chapters that fit between meetings
The masterclass covers four AI risks and six implementation phases, with real examples from client engagements at the level of detail Bryan brings to a working session.
It runs on-demand so each chapter fits between meetings, with no calendar to clear and no morning lost to a webinar. The chapters are short and built to pause, so you can take notes, share a clip with your team, or run one section before a board conversation.
If you are evaluating where to start with AI governance, or explaining to a board why the timeline matters, this is the session to watch first.
03 · A 12-section checklist · Free PDF download
The 12-section checklist your auditors will thank you for
Most mid-market companies run four to eight AI tools. Almost none are governed.
The checklist covers twelve dimensions, from scope and vendor controls to data protection and incident response, with interactive checkboxes aligned with NIST AI RMF and ISO/IEC 42001. Built for mid-market finance and ops teams who do not have a CISO on speed dial and need a defensible starting point.
Work through it with your leadership team before your next vendor conversation or board update. The questions it raises are the ones your auditors will ask eventually.
04 · Six prompting techniques · Free PDF download
The prompts that actually move work forward
Policy covers the leadership layer. What your team actually types into AI every day needs its own answer.
Six techniques cover real finance and ops examples, including copy-paste prompts for NetSuite shops. GROW for close cycles, STAR for policy violations. Each one is built around a workflow your AP manager, controller, or ops lead already runs, so the lift to start using it is low.
This is the version to share with the team that has been using ChatGPT in a browser and getting inconsistent results. Structure makes AI output predictable.
Real words. Real client.
 |
From the editor Rachel Cogar leads marketing strategy for Techfino and curates TechNotes. She builds each edition from what the Techfino team is hearing inside client work, with each piece written by the person closest to it. |