Every CHRO I've spoken to in the last eighteen months is operating with the same underlying anxiety: they know AI is reshaping their workforce, they're getting pressure from the board to do something about it, and they don't have a reliable way to measure what's actually happening.
So they do what seems reasonable. They look at which job categories McKinsey or Goldman says are exposed. They run a survey. They hire a consultant who delivers a 90-page deck organized by function. Then they make decisions — headcount reductions, upskilling programs, reorganizations — based on assumptions that were never really tested.
This is how you get it wrong.
The problem with function-level analysis
The standard approach to AI exposure analysis treats job categories as the unit of analysis. "Finance is X% exposed." "Legal is Y% exposed." "Marketing is Z% exposed." This produces numbers that are easy to put in a board presentation and nearly useless for actual decisions.
Why? Because within any given function, the AI exposure of individual roles varies enormously — not based on seniority, but based on the nature of the contribution. A junior analyst who spends 80% of their time synthesizing data into structured summaries is far more AI-exposed than a VP of Finance who spends most of their time building relationships with banking partners and shaping how capital allocation decisions get framed to the board.
"AI exposure is not a function of where you sit in the org chart. It's a function of what fraction of your value comes from deciding what to do versus doing it."
The right unit of analysis is the contribution type — not the job title, not the function, not the seniority level.
A three-dimension framework
We measure AI exposure along three dimensions:
| Dimension | What it measures | High exposure signal |
|---|---|---|
| Direction ratio | What fraction of the role's value comes from originating direction vs. executing against it | Role is primarily execution-oriented — the "what to do" comes from elsewhere |
| Output evaluability | How objectively the quality of the role's output can be assessed | Output can be graded against a known standard (accuracy, completeness, speed) |
| Context dependency | How much the role requires real-world relationship context that can't be encoded | Role relies primarily on codified knowledge rather than trust-based or institutional context |
A role that scores high on all three — execution-heavy, evaluable output, low context dependency — is genuinely AI-exposed. A role that scores low on all three is not. Most roles fall somewhere in between, and the framework helps you see exactly which activities within a role are exposed and which are not.
How to run this in your organization
The measurement process has three steps. First, map contributions by role — not job descriptions, but what the person actually does and where the value actually comes from. This usually requires structured interviews or observation; job descriptions are notoriously misleading.
Second, score each contribution type against the three dimensions. This is a structured judgment call, not a formula — but it becomes highly consistent once teams have a common framework and vocabulary.
Third, aggregate to the role level, then to the team and function level. You'll end up with an exposure map that shows not just which roles are exposed, but which specific activities within each role are most at risk — and where the genuine human advantage lives.
What to do with the results
The output of this exercise is a workforce composition picture you can actually act on. High-exposure activities become candidates for AI augmentation or reduction. High-protection activities — the ones that require human judgment, relationship context, or direction-setting — become the capabilities to invest in and protect.
The organizations doing this work now are making proactive decisions. Everyone else will be making reactive ones.