Explore
Navigate the transformation map
Select a persona to review the relevant Level 3 activities.
Persona entry points
CRO Level 3 activities
27 matching Level 3 activities
| Level 3 name | Change required - short description | Recommended C-suite owner | Recommended operational owner | Parent Level 2 | Parent Level 1 | T-shirt size |
|---|---|---|---|---|---|---|
| Decision rights and approvals | Define approvals for autonomy and exceptions | CRO | Head of AI Governance (Decisioning and Forums) | Accountability | Governance | XS |
| Agentic control library and automated control selection | Automate control selection for agent risk tiers | CRO | Control Library Product Owner (AI Governance) | Controls | Governance | M |
| Automated validation and testing | Expand testing to multi-step agent behaviour | CRO (with CIO) | Head of AI Assurance / Testing and Validation | Controls | Governance | M |
| Human-in-the-loop control points | Define approval points for autonomous actions | CRO | AI Governance Controls Lead (Approvals and Escalations) | Controls | Governance | S |
| Committee mapping (Risk, IT, Data, Responsible AI, etc) | Clarify committee approvals for autonomous actions | CRO | Governance Office / Company Secretariat (with Risk) | Operating model and committees | Governance | XS |
| Expand AI committee remit to include oversight of agentic AI | Extend committee remit to agent oversight | CRO | AI Governance Secretariat / Committee Manager | Operating model and committees | Governance | XS |
| RACI and decision pathways for agent go-live | Define go-live and escalation decision pathways | CRO | AI Governance Operating Model Lead | Operating model and committees | Governance | S |
| Accountability policy and ownership model | Define owners across agent bundles | CRO | Head of AI Governance Operating Model | Policies | Governance | S |
| AI risk appetite statements and autonomy bounds | Set autonomy limits in risk appetite | CRO | Head of Risk Appetite and Governance | Policies | Governance | S |
| Policy suite uplift across risk taxonomy | Align policy suite for agent operations | CRO | Head of Enterprise Risk Policy / Risk Frameworks | Policies | Governance | M |
| Responsible agent rules | Create scenario-based rules for agent choices | CRO (with CCO) | Responsible AI Lead / AI Ethics Office | Policies | Governance | S |
| Exception handling processes | Govern exception requests, approvals and revocation | CRO | Risk Exceptions Owner (AI) | Policy enforcement | Governance | S |
| Agent risk assessment framework | Expand risk assessment for autonomous actions | CRO | Head of AI Risk Management (2nd line) | Risk management | Governance | M |
| Continuous monitoring standards | Define agent monitoring standards and thresholds | CRO | AI Risk Monitoring Lead (KRIs/KPIs) | Risk management | Governance | S |
| Fairness audits | Monitor fairness in autonomous decisions | CRO (with CCO) | Responsible AI Assurance Lead (Fairness) | Risk management | Governance | M |
| Responsible AI ceremonies | Run responsible AI ceremonies for agent actions | CRO (with CCO) | Responsible AI Lead (Governance Rituals) | Risk management | Governance | S |
| Risk, controls, and compliance literacy | Upskill teams on autonomy risk and evidencing | CRO | Risk Training Lead (2nd line enablement) | Skills and capability building | People | S |
| Go-live readiness checklist and gates | Add autonomy gates to go-live readiness | CRO | AI Go-live Controls Owner (1st/2nd line) | Inventory and discovery | Process & tooling | S |
| Metadata schema and classification taxonomy | Classify agents by autonomy, risk and access | CRO (with CDO) | AI Governance Taxonomy Owner | Inventory and discovery | Process & tooling | M |
| Pre-deployment evaluation (capability and safety) | Operationalise pre-deployment evaluation and acceptance thresholds | CRO | AI Assurance Lead (Evaluations) | Lifecycle management | Process & tooling | M |
| Behaviour monitoring (actions, tool use) | Track tool calls, overrides and failures | CRO (with COO) | AI/Agent Monitoring Product Owner | Monitoring and observability | Process & tooling | M |
| Risk signal monitoring (incidents, drift alerts) | Operate KRI alerts for agent fleets | CRO | AI Risk Monitoring Lead | Monitoring and observability | Process & tooling | M |
| Control gating and approvals in CI/CD | Gate releases by risk tier and evidence | CRO (with CISO) | Secure Release Governance Lead | SDLC and pipelines | Process & tooling | M |
| Model governance and versioning | Govern versions across complete agent bundles | CRO (with CIO) | Head of AI Governance (Agent Bundle Release Management) | Foundation models | Technology | M |
| Enhanced agent observability requirements (incl drift triggers) | Monitor autonomy patterns, overrides and drift | COO (with CRO) | AI/Agent Observability Lead (Ops) | Controls | Governance | M |
| Scenario stress-testing | Stress-test end-to-end autonomous workflows | COO (with CRO) | AI Resilience Testing Lead / Red Team Lead | Risk management | Governance | M |
| Oversight training and certification (approvers/owners) | Certify approvers on autonomy risks and controls | CHRO (with CRO) | L&D Lead + AI Governance Lead | Skills and capability building | People | S |