top of page

LATEST INSIGHTS

Oracle insight built around clarity, performance, and control

Expert perspectives and practical guidance across Oracle Fusion Cloud, licensing, governance, automation, and operational performance.

Search

Enterprise AI Governance: Moving from Policy to Production

  • Writer: Michael Hulbert
    Michael Hulbert
  • May 18
  • 9 min read

Date: 7 May 2026

Type: Paper

For: Enterprise AI Leaders, CISOs, GRC Teams, Oracle Cloud Architects

Level: Intermediate to Advanced

Author: Michael Hulbert, SaaSiQ.ai

Word count: 2250 words

Reading time: 9 min


Most enterprises now have an AI policy. Few have governance that actually runs in production. Boards and compliance teams wrote acceptable use policies in 2024 and early 2025, often modelled on data governance frameworks or adapted from information security controls. Those policies addressed the right concerns: bias, transparency, accountability, data protection. But they were designed for a world where AI was a tool that humans directed, not a system that acts on its own.


That world ended roughly six months ago. Gartner predicts that 40% of enterprise applications will feature task-specific AI agents by the end of 2026, up from less than 5% in 2025. Oracle shipped over 50 role-based AI agents embedded in Fusion Cloud Applications across the 26A release cycle. The EU AI Act's high-risk system obligations take legal effect on 2 August 2026. Enterprises are deploying autonomous agents into ERP, HCM, and supply chain workflows faster than their governance structures can absorb.


This paper provides a framework for closing the governance-execution gap: taking existing AI policies and embedding them in production systems where agents actually operate. The goal is not to replace what you have built. It is to make it enforceable.


Overview


The core problem is structural. AI governance policies typically live in SharePoint, Confluence, or GRC platforms. AI agents live in runtime environments that call tools, invoke APIs, and write to transactional systems. There is no bridge between the two.

A policy that states "AI-generated hiring recommendations must be reviewed by a human before action" is sound. But if the HCM agent can submit a shortlist directly to a hiring manager's inbox without interception, the policy is decorative.


Production governance requires three capabilities that most policy frameworks lack. First, machine-readable policy encoding: rules that systems can evaluate in real time, not documents that humans interpret. Second, enforcement at the execution layer: policy checks at the point where the agent acts. Third, continuous evidence generation: audit trails that demonstrate policy was applied to every action, not merely that it existed.


The frameworks exist. NIST AI RMF provides the risk management structure. ISO 42001 provides the management system certification path. OWASP's LLM Top 10 and Agentic Top 10 provide the threat taxonomy. MITRE ATLAS provides the adversarial attack library. The EU AI Act provides the regulatory mandate. What is missing is the operational layer that connects these frameworks to the systems where agents run.


Prerequisites


This framework assumes:


  • You have an existing AI governance policy, however incomplete

  • You operate or plan to operate AI agents in production environments (not just chat assistants or prototypes)

  • You have a GRC function, or at minimum a named owner for AI risk

  • Your enterprise applications support API-level policy enforcement (Oracle Fusion, SAP S/4HANA, Workday, or similar)

  • You can map your AI use cases to risk categories (the EU AI Act's Annex III classification is a practical starting point, regardless of jurisdiction)


If you are still in experimentation mode with no production AI, this framework is premature. Focus first on establishing the policy baseline and use-case inventory.


The Framework: Phases of Governance


Phase One: Governance Inventory and Gap Analysis


Goal: Map what you have, identify what is missing, and quantify the gap between policy and enforcement.


Approach: Start by cataloguing your current governance artefacts across three dimensions: policy coverage, technical enforcement, and evidence capability.

For policy coverage, audit every AI use case against your existing policy. Most enterprises discover that their acceptable use policy covers general-purpose AI tools (ChatGPT, Copilot) but says nothing about embedded agents operating within business applications. Oracle's 26A agents, for instance, execute within Fusion workflows using the same role-based access controls as human users. If your policy assumes AI is a separate system that humans interact with, it will not account for agents that act within existing approval hierarchies.


For technical enforcement, assess whether each policy statement has a corresponding control in production. A segregation of duties policy means nothing if the agent can bypass SoD matrices. Oracle's Risk Management Cloud now provides application-layer monitoring, privileged access certification, and automated SoD controls specifically for agentic workflows, but the controls must be configured, not assumed.

For evidence capability, determine whether you can prove, to an auditor or regulator, that governance was applied to each AI action. This is not about logging that the agent ran. It is about logging what policy was evaluated, what the outcome was, and what the agent did in response.


Key Considerations:


  • Most gap analyses reveal that 60-80% of policy statements have no technical enforcement mechanism. This is normal. The purpose is to quantify the gap, not to panic about it.

  • Prioritise by risk, not by volume. A single uncontrolled agent with write access to financial transactions is a higher priority than twenty chat assistants with read-only data access.

  • Include shadow AI in the inventory. Teams deploying agents through low-code platforms or API integrations often bypass central governance entirely.


Phase Two: Framework Alignment and Regulatory Mapping


Goal: Align your governance structure with established frameworks and regulatory requirements, creating a single compliance architecture rather than parallel structures.

Approach: The instinct in many organisations is to build AI governance as a separate programme with its own risk register, its own controls, and its own reporting lines. This approach fails at scale. It creates duplication, competing priorities, and governance fatigue.

Instead, embed AI governance within your existing compliance architecture. Map AI risks to existing control frameworks:


  • NIST AI RMF provides the four-function lifecycle (Govern, Map, Measure, Manage). Align these to your existing risk management cadence rather than creating a parallel process.

  • ISO 42001 provides the certifiable management system. If you already hold ISO 27001, extend your ISMS to incorporate AI management system requirements. The overlap is substantial: risk assessment, internal audit, management review, and continual improvement processes are structurally identical.

  • EU AI Act requires risk classification, conformity assessment, and ongoing monitoring for high-risk systems. Map your AI inventory against the eight Annex III categories: biometrics, critical infrastructure, education, employment, essential services, law enforcement, migration, and administration of justice. Even outside the EU, this classification provides a practical risk tiering model.

  • OWASP Agentic Top 10 identifies critical attack vectors for autonomous AI systems, from agent goal hijacking (ASI01) through to rogue agents (ASI10). Map these to your existing application security controls.

  • MITRE ATLAS provides the adversarial threat intelligence taxonomy, now covering 16 tactics and 84 techniques with agentic AI entries added in early 2026. Integrate with your existing threat modelling process.


The output of this phase is a consolidated control matrix: one document that maps AI governance requirements from all applicable frameworks and regulations to existing controls, identifies gaps, and assigns remediation owners.


Key Considerations:

  • Regulatory timelines are shifting. The European Commission's Digital Omnibus proposal would defer high-risk obligations to December 2027, but the original August 2026 deadline remains legally binding until formal amendment. Plan for August, adjust if the deferral is confirmed.

  • ISO 42001 is appearing in approximately 40% of enterprise AI vendor RFPs in the EU and 25% in North America. Even if certification is not your immediate goal, alignment positions you for procurement requirements.

  • Do not treat framework alignment as a one-time exercise. NIST is developing additional guidance for agentic AI specifically. MITRE ATLAS updates quarterly. Your control matrix needs a named owner and a review cycle.


Phase Three: Production Enforcement Architecture


Goal: Implement technical controls that enforce governance at the point where agents act.


Approach: This is where policy becomes production. The architecture has three layers.


Layer 1: Identity and access governance. AI agents must operate within the same identity and access management framework as human users, with additional constraints. In Oracle Fusion, this means configuring agents with specific duty roles, applying least-privilege principles, and certifying agent access through the same privileged access management process used for administrative accounts.


Layer 2: Runtime policy enforcement. Policy evaluation must occur synchronously at the point of action. When an agent attempts to create a purchase order, modify an employee record, or approve a transaction, the runtime must check: does this agent have permission for this action, in this context, at this time? This is execution-layer control, implemented through API gateways, workflow interceptors, or application-native policy engines.


Layer 3: Continuous monitoring and anomaly detection. Post-action monitoring catches what pre-action controls miss. Application-layer monitoring must track agent behaviour patterns, flag anomalies, and trigger alerts when agents deviate from expected execution paths. Oracle's approach through the Risk Management Cloud security graph provides one model: connecting agent actions to SoD policies, approval hierarchies, and transaction limits in a unified monitoring layer.


Key Considerations:

  • Latency matters. Synchronous policy evaluation adds 100-500ms per action. For batch processes, this is negligible. For real-time transactional workflows, it requires capacity planning.

  • Agent-to-agent communication introduces cascading risk. OWASP's Agentic Top 10 identifies insecure inter-agent communication as a critical vector. If Agent A delegates to Agent B, ensure that Agent B inherits the policy constraints of the originating context, not just its own permissions.

  • Pre-grant access reviews are preferable to post-hoc remediation. Review and approve agent access before it is granted, not after an incident reveals that it was excessive.


Phase Four: Evidence, Audit, and Continuous Improvement


Goal: Generate audit-grade evidence that governance is operational, and establish the feedback loop that improves it.


Approach: Regulators, auditors, and boards do not accept governance by assertion. They require evidence. The evidence architecture must answer four questions for every AI action: what was the policy, was it evaluated, what was the outcome, and what did the agent do in response?


Build immutable audit trails that capture policy evaluation results alongside agent actions. In Oracle environments, this means extending existing audit configurations to cover agent-initiated transactions with the same rigour applied to human-initiated ones.

Establish a governance review cadence that treats AI agent behaviour as a standing agenda item. Monthly reviews should cover: policy violations, near-misses, access certifications completed, and control effectiveness metrics.


Feed production evidence back into the governance framework. If monitoring reveals that agents routinely trigger SoD violations in a specific workflow, the response is not just remediation. It is policy refinement, control adjustment, and architecture change.


Key Considerations


Start with enforcement, not perfection. The most common failure mode is governance programmes that spend months refining policy documents while agents run uncontrolled in production. A basic policy with enforcement is more valuable than a comprehensive policy without it.


Governance is a product, not a project. It needs an owner, a backlog, a release cycle, and production support. Treat your governance framework as a system that evolves with your AI deployment, not as a deliverable that is completed and filed.


The threat landscape is evolving faster than policy cycles. MITRE ATLAS expanded to 84 techniques in early 2026. AI-enabled adversary attacks have surged 89% year-on-year. Quarterly framework reviews are the minimum viable cadence.


Cost control and governance are not in tension. Well-governed agents are cheaper to operate because they fail predictably, generate fewer incidents, and produce audit evidence that reduces compliance costs. The overhead pays for itself in reduced remediation and regulatory exposure.


Real-World Application


A mid-market professional services firm deployed Oracle Fusion 26A with procurement and HCM agents. Initial deployment used default role-based access controls with no additional governance layer.


Within three weeks, the procurement agent had created purchase orders that violated the firm's SoD policy: the same agent role that raised requisitions was also approving them, because the agent's duty role configuration had not been reviewed against the SoD matrix.

Remediation involved four steps: conducting a gap analysis against the firm's existing SoD policy (Phase One), mapping the control requirement to both the firm's ISO 27001 ISMS and the OWASP Agentic Top 10 tool misuse category (Phase Two), configuring Oracle Risk Management Cloud to enforce SoD controls on agent-initiated transactions with pre-grant access reviews (Phase Three), and establishing monthly agent access certification and transaction monitoring dashboards (Phase Four).


Total elapsed time from incident to enforced governance: eleven working days. The firm now runs the same governance review for every new agent deployment before go-live.


What We Didn't Cover


  • Model-layer governance (alignment, fine-tuning, prompt safety): important, but not the production enforcement gap that most enterprises face today.

  • Sector-specific regulation (FDA AI guidance for life sciences, FCA/PRA expectations for financial services): these add requirements on top of the general framework outlined here.

  • Multi-cloud and hybrid governance: extending enforcement across multiple AI platforms and on-premises systems introduces architectural complexity that warrants separate treatment.

  • Vendor contract governance: ensuring third-party AI providers meet your governance requirements through contractual and technical controls.


Next Steps


  • Run the Phase One gap analysis against your top five AI use cases this month. Quantify the distance between policy and enforcement.


  • Download the OWASP Agentic Top 10 and map each risk category to your existing application security controls.


  • If you operate Oracle Fusion 26A, review the five-step cybersecurity hardening guidance for agentic ERP and HCM and assess your current configuration against it.


  • Nominate a governance product owner. This is not a committee role. It is an operational role with authority to block agent deployments that fail governance checks.

    Contact SaaSiQ for a governance readiness assessment.



Contact SaaSiQ for a governance readiness assessment. We help enterprises bridge the gap between AI policy and production enforcement across Oracle Cloud environments.


Copyright 2026 SaaSiQ Ltd. All rights reserved.

Optimise your Oracle licences with expert support

bottom of page