The Governance Gap: Cross-System Agent Governance

The Problem

Enterprise agentic AI is intrinsically multi-system. Agents span Workday, SAP, Oracle, Pega, Snowflake, Databricks, and other platforms. Each maintains its own identity system, permissions model, and governance controls.

This creates a structural governance gap. An agent granted limited authority in one system may escalate that authority when delegating to another, because each system only enforces its own local policies. The original authority ceiling is lost at the system boundary.

Recursive Delegation

The most severe form of the governance gap is recursive delegation: Agent A (Workday) delegates to Agent B (SAP), which delegates to Agent C (Oracle). Each hop amplifies assumption error and context loss.

Assumption Error

Agent B doesn't understand Workday's risk framework. It interprets delegated instructions through SAP's local context, introducing subtle but compounding misalignment with the original governance intent.

Context Loss

The original intent becomes obscured by delegation. Each system boundary strips away metadata, constraints, and rationale — until the executing agent has no visibility into why the action was requested or what limits should apply.

Permission Ceiling Decay

A $5K approval authority becomes $50K through local-only policy checks. Each system applies its own permission model independently, and the original ceiling — set in the delegating system — is simply not visible downstream.

Identity Fragmentation

Each vendor maintains its own identity system. An agent with a verified cryptographic identity in one platform may be entirely anonymous in another. This means:

Audit trails break at system boundaries — actions in SAP cannot be traced back to the Workday agent that initiated them
Governance enforcement is inconsistent — policies enforced in one system are invisible to another
Blast radius is invisible across systems — no single view exists of the cumulative impact an agent chain can produce

Architecture Over Policy

A governance policy might state “agents can approve expenses up to $5K.” But if the architecture allows runtime permission escalation, unconstrained recursion, and no signature verification, then the policy is merely advisory. The architecture permits violations.

Effective cross-system governance requires architectural enforcement:

Immutable COA ceilings enforced cryptographically, not by policy document
Atomic verifiable actions with signature verification at every system boundary
Governance checkpoints at walled garden boundaries that validate authority before permitting cross-system delegation
Permission attenuation on delegation — authority can only decrease, never increase, as it passes between systems

Learn how these principles are operationalised in our methodology and the Cumulative Operational Authority framework.

Federated Governance

The Data & AI Center of Excellence model addresses this via federated hub-and-spoke governance. The hub defines identity federation, enforces COA constraints, and manages audit trail aggregation. Spokes deploy agents within their platforms while respecting hub guardrails.

This model ensures that cross-system agent governance is not an afterthought bolted onto individual platforms, but a first-class architectural capability that spans the enterprise.

Explore how we help organisations build this capability through our Center of Excellence Advisory.

Assess Your Cross-System Governance Exposure

Multi-system agent deployments create governance gaps that policy alone cannot close. We help you identify and remediate them architecturally.

Center of Excellence Advisory Schedule a Briefing

Cumulative Operational Authority Our Methodology