ICMD Agent-Ready Leadership Checklist (90-Day Rollout) Purpose Deploy AI agents across engineering and operations while keeping accountability, security, and measurable performance. A. Pick the right starting workflows (Week 1) 1) Select exactly 3 workflows with clear SLAs and measurable outcomes. - Engineering: “bug report → triage → PR merged” - Support: “new ticket → first response → resolution” - GRC: “SOC 2 evidence request → artifact delivered” 2) Record baseline metrics for each workflow: - Cycle time (median + p90) - Error/rework signals (reopened tickets, reverted PRs) - Escalation rate (support) / change failure rate (engineering) 3) Assign one DRI per workflow (name + role) and publish it. B. Define accountability & approval rules (Weeks 1–2) 4) Write a one-page policy: “Humans own outcomes; agents produce artifacts.” 5) Create an agent permission model: - Read-only agents - Draft-only agents - Execute agents (require approvals) 6) Define approvals by risk: - Draft-only: human review required before use - Internal writes (PR opens, config changes): human approval required - Customer-facing/money/terms: two-person approval + rollback plan C. Standardize context so agents stop guessing (Weeks 2–4) 7) Establish a single source of truth for: - PRDs, runbooks, incident postmortems, architecture decisions (ADRs) 8) Require structured fields in tickets/cases (owner, severity, acceptance criteria). 9) Add “definition of done” checklists to workflows (tests, monitoring, comms). D. Implement governance minimums (Weeks 4–6) 10) Enforce SSO for approved AI tools; remove anonymous access. 11) Set data boundary rules: - Disallow secrets/API keys/passwords - Define rules for PII and customer contracts 12) Turn on logging: - Retain prompts/tool calls for a defined investigation window - Require linking each agent action to a ticket/PR/case ID E. Add evaluation and monitoring (Weeks 6–8) 13) Create a small eval set per workflow (real examples) with expected outputs. 14) Track three AI quality indicators: - Acceptance rate (how often humans keep the output) - Edit distance (how much humans modify it) - Regression rate (quality drops after changes) 15) Define failure categories and an incident process for agent-caused issues. F. Rollout & change management (Weeks 8–12) 16) Train teams on the policy (short session + written examples). 17) Run a controlled rollout (one team or small cohort) before scaling. 18) Review metrics weekly against baseline; scale only if: - Cycle time improves and quality does not degrade - Security/compliance requirements are met 19) Publish a monthly “Agent Changelog” (what changed, what improved, what broke). G. Sustain and compound (Ongoing) 20) Quarterly review: - Re-approve tools/vendors - Update data policy and retention - Expand to new workflows based on measured ROI Outcome By day 90 you should have: governed agent usage, ROI tied to real SLAs, and a repeatable mechanism to scale agents safely across the company.