Agentic Org Chart Operating Framework (AOF)

Use this framework to deploy AI agents with clear ownership, measurable quality, and controlled risk.

1) Inventory (Week 1)
- List every AI/agent workflow in use (official and unofficial). Include: team, tool/vendor, model, purpose.
- Tag each workflow by class: Read-only / Draft-only / Action.
- Record data touched: public, internal, customer, regulated (PII/PHI/PCI).

2) Assign an Agent Owner (Week 1)
- For each agent, name one accountable business owner (not “the AI person”).
- Owner responsibilities: acceptance criteria, permissions sign-off, budget awareness, quarterly KPI targets.

3) Define the Agent Contract (Week 2)
Template fields:
- Name + version (e.g., support-triage-v3)
- Intended outcomes (what “good” looks like)
- Non-goals (what it must never do)
- Escalation triggers (when to hand off to a human)
- Allowed tools/actions

4) Permissions and Least Privilege (Week 2)
- Use scoped tokens; time-bound access where possible.
- Separate “draft” permissions from “send/merge/refund” permissions.
- Require human approval for irreversible actions.

5) Logging and Auditability (Week 2–3)
- Log: inputs, tools invoked, outputs, approvals, and final actions.
- Retain logs for a defined period (e.g., 30–180 days) aligned with security policy.
- Make logs searchable for incident response and customer escalations.

6) Evaluation Harness (Week 3–4)
- Create 30–100 representative tasks from real history.
- Score on 3–5 dimensions: accuracy, policy compliance, tone, completeness, latency/cost.
- Set release gates (e.g., policy violations <2%; factual errors <5%).

7) Rollout Process (Month 2)
- Start with a pilot (1 team, 1 workflow) for 2–4 weeks.
- Ship changes behind flags; compare KPIs pre/post.
- Expand only after passing gates for two consecutive evaluation runs.

8) KPI Dashboard (Month 2)
Track at minimum:
- Human edit rate
- Escalation rate
- Policy violation rate
- Cost per outcome (per ticket/PR/lead)
- Decision latency (signal → approved action)

9) Incident Response + Kill Switch (Month 2)
- Define severity levels for agent failures (customer harm, security, brand, finance).
- Document the kill switch: who can disable, how fast, and where.
- Create rollback procedures for bulk actions.

10) Quarterly Governance Review (Ongoing)
- Re-approve permissions quarterly.
- Retire redundant agents.
- Update eval datasets as products, policies, and customer behavior change.
- Publish a one-page “Agent Governance Report” for leadership: spend, outcomes, incidents, and planned upgrades.

If you can’t answer “who owns this agent, what can it do, and how do we know it’s behaving?” you don’t have an agent strategy—you have unmanaged automation.