Executive Diagnostic
AI Agent Governance Diagnostic
Ten questions. Under five minutes. Your result tells you exactly where your organization sits on the AI Agent Governance Maturity Model — and what the highest-priority gap is. No email required to see your score.
Designed for: CEOs, Board Chairs, and C-Suite Leaders at $100M+ ARR organizations.
Question 1 of 10
Question 1 of 10
Does your board have a current, complete inventory of every AI agent operating in your organization?
ANo. We have not conducted a formal inventory.
BPartial. We know of the major deployments but not all of them.
CYes. We have a documented inventory reviewed by leadership.
DYes. A complete, board-reviewed inventory with authority assignments for every agent.
Question 2 of 10
Has your board formally approved an Agent License Framework — a documented list of what each category of AI agent is and is not authorized to do?
ANo. Agent authority is defined informally by IT or operations teams.
BWe have internal guidelines but the board has not formally approved them.
CYes. Management has documented agent authority, and the board has reviewed it.
DYes. A board-approved License Framework is in place and reviewed annually.
Question 3 of 10
For every material AI agent action in your organization, can you name the specific human role accountable for that action’s outcome?
ANo. Accountability for agent actions is not formally assigned.
BGenerally, a team is accountable — but not a specific named role.
CYes. Named roles are accountable for most major agent categories.
DYes. An Authority Matrix maps every agent action category to one named accountable role, reviewed by the board.
Question 4 of 10
Are all AI agent actions in your organization logged, attributed to a specific agent identity, and stored in a format accessible for regulatory review?
ANo. Agent activity logging is minimal or inconsistent.
BSome agents are logged. Coverage is not complete.
CMost production agents are logged, but regulatory-readiness has not been assessed.
DYes. All production agents are logged, attributed, and the format has been reviewed against NIST and SEC standards.
Question 5 of 10
When did your board last receive a formal report specifically on AI agent governance — performance, incidents, and oversight posture?
ANever. AI agent governance has not been a formal board agenda item.
BOnce or twice, as part of a broader technology update.
CAnnually, as a dedicated agenda item.
DQuarterly. A structured governance report is a standing board agenda item.
Question 6 of 10
Has your organization conducted a D&O insurance stress-test to assess whether your directors and officers coverage addresses autonomous AI agent liability?
ANo. This has not been assessed.
BWe have had general conversations with our insurer, but no formal AI-specific review.
CYes. We reviewed our policy and identified that AI agent coverage needs updating.
DYes. A full stress-test was completed, gaps were identified, and coverage was updated or noted in board minutes.
Question 7 of 10
Does your organization have a defined escalation protocol that routes AI agent incidents to a named board-level authority within a specified time window?
ANo defined escalation protocol exists for AI agent incidents.
BWe rely on general incident response processes — not AI-specific protocols.
CYes. An AI-specific escalation protocol exists, though it has not been tested against a live incident.
DYes. A tested escalation protocol routes to a named board-level authority within a defined time window — and has been exercised.
Question 8 of 10
How would you characterize your board’s current AI governance expertise?
ALimited. The board relies almost entirely on management briefings with no independent AI expertise at the director level.
BModerate. One or two directors have general technology experience relevant to AI oversight.
CDeveloping. The board has identified the expertise gap and is actively addressing it through recruitment or advisory relationships.
DStrong. The board includes directors or advisors with specific AI governance competency, and that expertise is documented in governance disclosures.
Question 9 of 10
Has your organization reviewed its AI-related risk disclosures in SEC filings (or equivalent regulatory filings) in light of current agent deployments?
ANo. AI agent-specific risks have not been reviewed for disclosure adequacy.
BGeneral AI risks are disclosed, but autonomous agent-specific risks have not been separately assessed.
CYes. Legal and compliance teams have reviewed agent-specific risk disclosure requirements.
DYes. Agent-specific risk disclosures are current, peer-benchmarked, and reviewed with outside counsel.
Question 10 of 10
What best describes your organization’s current posture on competitive AI agent deployment?
AWe are evaluating AI agents but have not deployed at scale.
BWe have deployed agents in specific functions, but without an enterprise-wide orchestration strategy.
CWe have a defined AI agent strategy tied to business outcomes, with governance developing in parallel.
DWe have an enterprise orchestration architecture. Governance, deployment, and competitive positioning are integrated at the board level.