How AI Agents Are Changing the Premise of Corporate Governance
The phrase “let AI handle the work” is becoming a reality. In April 2025, Cognizant and Rubrik announced an expanded partnership focused on the governance layer for AI agents. As AI begins to make autonomous decisions and take action, the question arises: how should companies redesign their governance structures?
At the same time, Mercari announced its membership in the AI Governance Association. The momentum is accelerating, and it’s no longer just a concern for large corporations—SMEs can’t afford to ignore it either.
What Are AI Agents, and Why Is Governance a Problem?
AI agents are AI systems that independently make decisions and take actions to achieve given goals. Unlike traditional chatbots, they can execute tasks without human instructions.
For example, an AI agent might not only automatically respond to customer inquiries but also check inventory data and make ordering decisions. Such AI is already starting to operate within companies.
The problem is: who manages this autonomous decision-making, and how? A human employee might stop a decision based on “common sense,” but an AI will execute it within the boundaries of the rules it’s been given.
Three Governance Challenges Facing SMEs
The challenges SMEs face when introducing AI agents are qualitatively different from those of large corporations.
1. The Black Box of Decision-Making Criteria
Large companies can assemble specialized teams to verify AI decision logic. However, SMEs often end up relying entirely on the vendor they’ve brought in.
When the decision-making path—like “Why was this supplier chosen?” or “Why was this price quoted?”—becomes a black box, even business owners can lose track of their company’s situation.
2. Ambiguity of Responsibility
If an AI makes a wrong decision, who takes responsibility? The AI vendor? The business owner who introduced it? Or the employee monitoring the AI?
In many SMEs, implementation proceeds without clearly defining where responsibility lies.
3. The Speed of Rule Obsolescence
Traditional business manuals only needed to be reviewed once a year. But AI agents learn and change their behavior patterns daily. Fixed rules simply can’t keep up.
Rethinking the Design Philosophy of AI Governance
The key here is not to design AI governance as a “list of prohibitions.”
Design the Scope of “What’s Allowed”
Many companies tend to create rules that list “what AI must not do.” However, this narrows the scope of AI utilization and cuts its benefits in half.
Instead, a more effective design clearly defines the scope of “what AI is allowed to do” and permits autonomous decisions within that scope.
For example: “AI can handle replenishment orders for standard products priced under $700 (¥100,000). However, orders to new suppliers require approval.”
Evaluate Risk on a Scale of 1 to 99
Instead of thinking of AI decision risk as 0 or 100, evaluate it as a continuous scale from 1 to 99.
Having humans approve every AI decision is unrealistic. A practical design lets AI handle low-risk decisions and involves humans only for high-risk ones.
This approach aligns with the philosophy stated in our editorial policy: “Design risk not as 0 or 100, but as a continuous scale from 1 to 99.”
Concrete Action Plan
Here are three actions SMEs should start preparing for now.
1. Create Rules for Visualizing AI Decisions
Implement a system to record what decisions the AI made and the reasoning behind them.
Specifically, set up a process to regularly review the AI’s decision logs. Ensure that business owners or management teams allocate time each week to check the AI’s action history.
2. Create a Decision Importance Map
Classify business processes into “areas where AI can be trusted” and “areas requiring human judgment.”
For example:
– Low-risk areas (inventory checks, standard customer inquiry replies) → Let AI handle
– Medium-risk areas (quote creation, ordering decisions) → AI proposes, human approves
– High-risk areas (contracts with new suppliers, price changes) → Human decides only
Share this map with management and review it regularly.
3. Review Contracts When Introducing AI
When contracting with an AI vendor, be sure to check the following items:
– Whether you can access the AI’s decision logs
– Responsibility allocation in case of errors
– Scope of use for the AI’s training data
– Whether regular algorithm audits are conducted
SMEs, in particular, often use the vendor’s standard contract as-is, so caution is needed.
Summary: Governance Design in the AI Era Is About Designing “How to Delegate”
Introducing AI agents is a major opportunity for SMEs. The possibilities are vast: solving labor shortages, improving operational efficiency, and creating new services.
However, if governance design is put off, risks can grow unnoticed. The key is not “prohibition” but designing “how to delegate.”
The partnership between Cognizant and Rubrik, and Mercari’s membership in the AI Governance Association, are signs that this trend is gaining momentum. SMEs should start designing AI governance tailored to their own scale, starting now.
Business owners: begin by mapping out your company’s business processes and distinguishing between “areas where AI can be trusted” and “areas where humans should decide.” That is the first step in governance design for the AI era.
Comments