Governance: From the Backseat to the Driver's Seat
We’ve been talking about governance as essential for decades. And treating it as second-class for just as long.
Not because we didn’t believe it mattered. Because we couldn’t keep up. Technical limitations, cognitive limitations, and a business velocity that’s been steadily outpacing our ability to effectively govern. We needed to go faster, but our tools and our bandwidth couldn’t match the pace. Governance trailed the business. Risk management was muddled in bureaucracy and reactive at best. Architecture was documentation nobody read — shelfware.
This isn’t a new problem. But it’s about to get a lot more consequential.
The Aspiration Gap
We have guidance. NIST frameworks. PMP standards. SOC 2. ISO 27001. They prescribe the right things — heavy check-and-balance disciplines that represent sound practice. But for most organizations, they’ve been aspirational. People looked at them and saw what should be, not what could actually be implemented at the speed the business demanded.
Some tried to be prescriptive and failed. The gap between what these frameworks recommend and what organizations could actually execute has been wide for as long as I can remember. Not for lack of intent. For lack of capability.
What’s changing is the tooling and the approach. With agentic systems, we can start to scaffold real governance frameworks — not the shelfware kind, the kind that actually run. We can align these established standards with supporting infrastructure that delivers on the intent of the frameworks. Not rigid compliance theater, but living governance systems that operate at the speed of the business they’re governing.
Why Governance Grows, Not Shrinks
There’s a lot of talk about billion-dollar companies run by a solo entrepreneur with a fleet of agents. Dramatically smaller organizations powered by AI. What doesn’t get said enough is what that means for governance.
When you shift from labor to automation, the governance doesn’t shrink with the headcount. It grows. More agents means more autonomous action, more decisions being made without human hands on the wheel. Every agent is executing at velocity, making choices, taking actions. The surface area for things to go wrong doesn’t decrease when you replace people with agents — it changes shape.
The work shifts. Lower-level tasks that agents handle well get automated. But the higher-level abstraction — cross-cutting concerns, risk evaluation, strategic alignment, quality judgment — that still needs human attention, augmented by AI. You’re not eliminating the need for oversight. You’re concentrating it at a higher level where the decisions matter more and the consequences are larger.
Making It First-Class
For years, governance, risk, and architecture have been the things organizations said mattered and then underfunded, understaffed, and deprioritized when deadlines got tight. They were second-class citizens in practice, regardless of what the org chart said.
The agentic era doesn’t afford that anymore. When systems are operating autonomously at scale, the cost of weak governance isn’t a failed audit or a compliance finding. It’s cascading autonomous actions built on a flawed foundation, amplified at a speed that makes human intervention difficult.
It’s time to put our money where our mouths are. Move governance, risk, and architecture from aspirational to operational. From trailing the business to driving it. From the disciplines we talk about in board presentations to the infrastructure we actually build and maintain.
The tools are here. The frameworks exist. The question is whether we treat governance as first-class — with the investment, the architecture, and the agentic support it needs — or whether we keep it in the backseat while we accelerate into territory where the stakes have never been higher.