The Dashboard Won’t Save Your Project. Your People Will

Posted on by

We have built an entire industry around the wrong obsession.

Walk into any project or programme environment today and tell me what you see. Dashboards. RAG statuses. KPI scorecards. Burndown charts. Milestone trackers. Automated reports that nobody reads in full but everyone references in meetings as though they tell the complete story.

We have convinced ourselves that if we can measure it, visualise it, and put it on a screen, we are in control.

We are not in control. We are comfortable. And those are not the same thing.

Because the thing that actually determines whether your project succeeds or fails, the thing that has always determined it, is not sitting in any dashboard. It is sitting at a desk, joining a call, navigating a problem at 4pm on a Friday when the system throws an error nobody anticipated and the go-live is Monday morning.

It is your people.

And most leaders have quietly forgotten that.

How We Got Here

The shift happened gradually, and it happened with good intentions.

Technology gave us visibility we never had before. We could track progress in real time, surface risks earlier, and report upward with confidence. That was genuinely valuable. Nobody is arguing for less information.

But somewhere along the way, the tool became the answer. The dashboard became the proxy for understanding. The metric became the substitute for the conversation. And the leader who once walked the floor, read the room, and sensed the real mood of a programme started trusting the green status on a screen instead.

The result is a generation of project environments where the reporting is polished and the delivery is fragile. Where everything looks healthy until it suddenly is not. Where nobody saw it coming, except the people closest to the work, who saw it coming for weeks and had nowhere safe to say so.

That is not a data problem. That is a leadership problem.

 

What the Software Cannot Tell You

Your project management software does not know that your lead developer has been quietly updating her CV for three weeks because she feels invisible on this programme.

Your dashboard does not know that the business analyst who owns the most critical workstream is running on empty and has been covering for a colleague who disengaged two months ago.

Your RAG status does not know that the reason everything is green is because the project manager is too afraid to report amber. Because the last time someone reported amber, the steering committee treated it as a personal failure rather than useful information.

Your metrics do not know that the vendor’s implementation team has internally deprioritised your programme because a larger client demanded more of their attention, and your account manager has been managing that fact rather than disclosing it.

None of this shows up in the data. All of it will show up in the outcome.

Professor Bent Flyvbjerg’s research on major project delivery, one of the most comprehensive analyses of project outcomes conducted, found that 91.5% of major projects experience cost overruns, schedule delays, or both. The primary driver is not technical failure. It is optimism bias: the structural human tendency to underestimate problems, which reporting cultures then amplify. A team that does not feel safe surfacing bad news will report optimistically. And the gap between what is reported and what is real compounds week by week until it cannot be managed.

This is the gap that leaders who have outsourced their judgement to software cannot see. The human information. The signals that travel through relationships, not reporting lines. The early warnings that only surface when people feel safe enough, and trusted enough, to tell you the truth.

People Deliver. Not Platforms

Let me be direct about something that gets lost in every technology conversation.

The software does not write the requirements. A person does. The platform does not manage the stakeholder who keeps changing scope. A person does. The dashboard does not have the difficult conversation with the supplier who is underperforming. A person does. The metric does not hold the team together at the point when the pressure peaks and the temptation to cut corners becomes real.

A person does.

Every single meaningful act in the delivery of a project or programme is a human act. The technology supports it, documents it, and reports on it. But it does not do it.

This sounds obvious. And yet the way most organisations invest their leadership attention, their development budget, and their improvement energy tells a completely different story. They upgrade the tools before they develop the people. They add another dashboard before they ask whether their team leaders have the skills to have honest conversations. They buy new software to solve problems that are fundamentally about trust, capability, and culture.

And they wonder why the new system does not fix the delivery problem.

The People Who Confirm Success

Here is the other half of the equation that rarely gets enough attention.

It is not just the people who deliver the project that matter. It is the people who decide whether it worked.

The clinician who was supposed to use the new system and quietly reverted to the old one because nobody involved her in the design. The frontline manager who was presented with a new process in a one-hour training session and had nowhere to raise the fact that it does not reflect how the work actually happens. The customer who was told the transformation would make their experience better and is still waiting.

These people are the real success criteria. Not the go-live date. Not the project closure report. Not the benefits case that was written eighteen months before anyone understood what was actually being built.

Transformation succeeds when the people it was designed for adopt it, use it, and tell you it made a difference. And they will only do that if they were treated as participants in the process, not recipients of its output.

What Recalibration Actually Looks Like

Leaders who get this right do not look fundamentally different from the outside. They attend the same meetings. They review the same reports. But they do something that most of their peers have quietly stopped doing.

They go to where the work is.

Not to check on it. Not to apply pressure. To understand it. To ask the questions that the dashboard cannot answer. How are you actually finding this? What is slowing you down that is not on the risk register? What do you know that I should know?

Google’s Project Aristotle, an internal study of more than 180 Google teams, found that psychological safety was the single strongest predictor of team effectiveness, above individual talent, structure, and every other measurable factor. Amy Edmondson’s research at Harvard Business School reinforces this from a delivery perspective: teams where people feel safe to raise problems surface them earlier, when they are still recoverable. When people do not feel safe, the information gets filtered. And filtered information is what produces the green dashboard above the failing project.

They treat their team’s energy as a delivery asset, because it is. They notice when someone has gone quiet. They notice when the language in status reports starts becoming defensive rather than informative. They notice when the optimism of the first month has been replaced by the grinding compliance of a team that no longer believes the work matters.

And they act on what they notice. Not with a new metric. With a conversation.

They invest in the human layer of delivery the way that most organisations invest in the technical layer. Deliberately. Consistently. Not as a soft add-on to the real work, but as the foundation of it.

The Investment Gap

The question is not whether your tools are good enough.

For most organisations, the tools are fine. In many cases, the tools are excellent. The dashboards are sophisticated. The reporting is comprehensive. The project management frameworks are mature.

And yet the delivery outcomes have not improved at the rate the technology investment suggested they should. PMI’s research, tracking project performance across thousands of organisations globally, found that communication failure contributes to one in three project failures. The gap between organisations that invest seriously in the human and communication layer of delivery and those that do not is measurable, consistent, and significantly larger than most leaders assume.

The gap is not in the software. It is in the leadership attention.

What would change if you spent the same energy on understanding your people that you currently spend on reviewing your reports? What would surface if your team genuinely believed that telling you the truth was safer than protecting the status? What decisions would you make differently if you had the human information as clearly as you have the data?

Those are not rhetorical questions. They are the questions that separate the programmes that deliver from the ones that drift.

The Skill No Platform Replaces

Every programme failure I have ever been close to had warning signs that the data did not capture. The signs were there in the people. In the energy levels. In the conversations that stopped happening. In the problems that got managed rather than solved.

And in almost every case, the leaders were looking at a screen when they should have been reading a room.

The software is not the problem. The hardware is not the problem. The metrics and the dashboards are not the problem.

The problem is that we have allowed them to replace the most important leadership skill there is.

The ability to understand people. To create the conditions where they do their best work. To recognise when they are struggling before it shows up in a project status. To build the kind of trust that means the real information travels fast enough to matter.

No platform does that. No tool does that.

Only you do that.

And the projects that remember it are the ones worth talking about.

Pre-Mortem: Twenty Million Members, No Published Error Rate

Posted on by

The Pre-Mortem is a weekly series on this blog. Each piece applies five questions to a major technology commitment before the outcome is known.

By the end of this year, twenty million Americans will use an AI companion to check whether their treatment has been approved, understand their benefits, and find out where they stand on a coverage dispute. UnitedHealth Group, the largest health insurer in the United States, calls it Avery. What the company has not published is what happens when Avery gets it wrong, and who carries it.

The Bet

UnitedHealth Group is investing more than $1.5 billion in AI in 2026. Avery is one part of a portfolio of over one thousand AI applications now operating across its insurance, pharmacy, and healthcare delivery businesses. The company expects a two-to-one return, much of it within the next eighteen months.

The scope goes further than the navigation functions Avery handles publicly. UnitedHealth has stated its intention to embed AI across claims decisions, clinical documentation, billing code selection, and fraud detection. The bet is that AI can absorb these regulated, high-stakes workflows faster than the accountability architecture around them can be clarified.

The Assumption

The whole bet turns on this, that an AI companion helping members find their benefits is categorically different from an AI algorithm making coverage decisions.

That distinction matters to UnitedHealth and to the regulatory debate around it. It is also the exact point where the accountability gap lives. Avery’s scope includes claim approval status and benefit explanations. In the sequence of a denied treatment, those interactions are not neutral, they are the moments where a member either understands their rights or does not. The line between navigation and decision sits precisely where the product is deployed.

 

The Sequence

UnitedHealth has been here before. Between 2019 and 2022, its subsidiary naviHealth deployed an AI tool called nH Predict to manage post-acute care decisions for Medicare Advantage members. A Senate investigation found that UnitedHealth’s denial rate for post-acute care claims more than doubled after nH Predict was deployed. A federal class action, Lokken v. UnitedHealth Group, alleges that the algorithm overrode treating physicians’ recommendations and carried a 90 per cent error rate on appeal, nine of every ten denied claims reversed when challenged.

That lawsuit is still advancing. In March 2026, a federal court ordered UnitedHealth to disclose its AI denial algorithm documentation, including internal AI Review Board materials, documents related to government investigations, and business records reaching back to 2017. Avery launched the same month to 6.5 million members, with a target of 20.5 million by year-end.

The sequence matters. The error rate history of the predecessor tool is documented and in litigation. The commitment not to repeat it with Avery has not been published in measurable form.

The Pager

UnitedHealth states that Avery is governed by a responsible use policy with review and approval from its AI Review Board. That board governs model development. No published framework names which specific individual, body, or governance layer is accountable when an Avery interaction contributes to a coverage outcome that causes patient harm.

The regulatory picture does not close that gap. At least twenty-five states have issued guidance under the National Association of Insurance Commissioners (NAIC) model bulletin. Alabama, Indiana, Washington, and others have enacted specific laws requiring human sign-off on AI-assisted denials, most taking effect in 2026. But the Employee Retirement Income Security Act (ERISA) preempts state action against self-insured employer plans, which cover the majority of employer-sponsored insurance. Federal oversight through the Centers for Medicare and Medicaid Services (CMS) and the Department of Health and Human Services (HHS) covers Medicare Advantage but carries no published standard for AI liability in individual claim decisions. The accountability is distributed. No name is on it.

The Proof

The $1.5 billion figure is confirmed. No committed outcome measure has been published for Avery’s error rate, its impact on denial rates, appeal success rates under AI-assisted decisions, or any patient safety incident reporting cadence.

Per CMS disclosures filed March 2026, the first year the agency required public reporting, UnitedHealth’s prior authorisation denial rate was 16.3 per cent in 2025, 4.8 percentage points above the industry average of 11.5 per cent. The company announced in May 2026 that it will eliminate prior authorisation for 30 per cent of services by year-end. Whether that changes the AI-in-the-loop accountability question for the remaining 70 per cent has not been addressed.

The Verdict

If the governance architecture catches up, if AI Review Board accountability is mapped to individual outcomes, if state AI denial laws close the ERISA gap, and if a committed outcome framework for Avery is published and audited, then this is exactly what responsible AI deployment in healthcare should look like, a major operator taking the accountability question seriously under public and regulatory scrutiny.

Without all three, twenty million people are interacting with an AI system whose error rate is undisclosed, whose predecessor carried a 90 per cent reversal rate on appeal, and where no named human is accountable for what it tells them about their care.

The bet is bold. The architecture to carry the loss has not been built yet.

What Regulated Industries Know About Speed That Everyone Else Is Learning the Hard Way

Posted on by

 

There is a common assumption in business that regulation slows you down. That the organisations operating fastest are the ones least constrained by oversight. That compliance is a tax on progress.

The organisations now paying the heaviest price for AI governance failures are the ones that operated for years on exactly that assumption.

IBM’s 2025 Cost of a Data Breach Report found that 63% of organisations experiencing a material breach either had no AI governance policy or were still developing one. Shadow AI alone added an average of $670,000 to individual breach costs. The Stanford HAI AI Index recorded 233 documented harmful AI incidents in 2024, a 56% year-on-year increase. These are not primarily failures in regulated sectors. They are failures concentrated in organisations that never had to build governance infrastructure because, until recently, they never had to.

Financial services, healthcare, and government have something that fast-moving technology companies are now being forced to acquire under duress: the institutional knowledge of how to move at pace while the governance is on.

The Misconception About Constraint

Leaders who have spent most of their careers in lightly regulated environments tend to read compliance as friction. Something that adds time to a decision, introduces review cycles, and requires additional sign-off. In that framing, less compliance means faster execution.

What this framing misses is the distinction between compliance as architecture and compliance as checkpoint. A checkpoint is friction. It exists at the end of a process, adds a review stage, and slows the pipeline. Architecture is different. When governance is built into how a system is designed and how decisions are made, it does not add a stage to the process. It is the process.

The organisations in financial services and healthcare that move fastest on AI deployment are not the ones that find clever ways around their regulatory obligations. They are the ones that have built governance into their operating model, their system design, their approval authorities, and their risk frameworks so thoroughly that compliance is not a separate consideration. It is already done by the time a decision reaches an approval point.

Thirty Years of Governance Muscle

This is not an accident. Regulated industries have had decades of pressure to solve exactly this problem. A bank that cannot move fast cannot compete. A hospital that cannot adopt new clinical technology falls behind in patient outcomes and staff capability. A government department that does not modernise its systems loses efficiency and public confidence.

The answer these sectors arrived at, not by choice but by necessity, is embedded governance. Named senior owners for material deployments. Cross-functional oversight bodies with actual authority to pause or redirect, not just to advise. Pre-approved frameworks that allow decisions to be made quickly within defined boundaries, rather than requiring full escalation every time.

The results are measurable. Healthcare AI adoption in outpatient and ambulatory care doubled in two years, from 4.6% of firms in 2023 to 8.7% in 2025, within one of the most tightly regulated environments in the world, according to research published in PMC drawing on US Census Bureau Business Trends and Outlook Survey data. That pace of change did not happen despite the regulation. It happened because enough organisations in that sector had built the infrastructure to move quickly and safely at the same time. Overall healthcare AI adoption still lags sectors such as information services and professional services, where adoption exceeds 20%. The doubling reflects a strong rate of growth, not yet sector leadership in absolute terms.

What the Unregulated Sector Is Now Facing

The regulatory picture for AI is more complex than it appeared eighteen months ago, and understanding that complexity matters.

The EU AI Act has been materially reshaped. Prohibitions on unacceptable AI practices came into force in February 2025. Obligations for general-purpose AI models followed in August 2025. But an AI Omnibus legislative package, agreed in May 2026, delayed the Act’s most commercially significant provisions, those covering employment, biometrics, critical infrastructure, and education, until December 2027 at the earliest. The timeline has extended. The direction has not changed.

In the United States, the trajectory is different. The current federal administration has moved toward a consolidated national framework, explicitly designed to preempt the patchwork of state-level regulation that was developing. Colorado’s original AI Act, among the most comprehensive state-level frameworks, was replaced in May 2026 by a narrower successor focused on disclosure obligations rather than risk management requirements. The patchwork has changed shape. Any organisation planning its governance around a specific jurisdiction’s requirements may be planning around a moving target.

AuditBoard’s 2025 research found that only one in four organisations has a fully implemented AI governance programme. Among organisations with only partial AI governance guidelines, just 25% feel confident in their AI posture. Among those with mature, embedded governance frameworks, that figure rises to 48%, according to research from the Cloud Security Alliance and Google Cloud. Governance maturity is the strongest predictor of AI readiness, above deployment volume, tool selection, or the pace of regulatory change in any given jurisdiction.

The leaders with an advantage right now are not necessarily the ones tracking the latest regulatory guidance. They are the ones who understand that IBM’s breach cost data is accumulating well ahead of any enforcement regime. The external pressure may have shifted its timeline. The operational risk has not.

Governance as Competitive Advantage

The organisations that will move fastest through the current period of regulatory evolution are not the ones trying to stay ahead of each new requirement as it emerges. They are the ones building governance architecture now that will not need to be retrofitted later, whatever form external pressure eventually takes.

That means a named owner for every material AI deployment, not a committee, a person. It means oversight that has genuine authority to pause a deployment, not just to note concerns. It means pre-approved tooling and decision boundaries that allow teams to move without full escalation while still operating within defined risk tolerances.

This is not new governance theory. It is the operating model that financial services and healthcare organisations were forced to develop, iteration by iteration, under regulatory pressure. The knowledge exists. The question is whether leadership teams outside those sectors are willing to learn from it before the external pressure forces the same hard lessons.

The evidence that governance accelerates rather than inhibits deployment is not theoretical. Databricks’ State of AI Enterprise Adoption report found that financial services leads across industries in moving AI from experimental to production, reducing its ratio of experiments per production deployment from 29:1 to 10:1, the sharpest improvement of any sector measured. That is not a coincidence of timing. It is the measurable output of thirty years of building the infrastructure that makes fast deployment safe.

Speed and compliance are not opposites. In the organisations that have figured this out, they are not even in tension. Governance is the infrastructure that makes speed sustainable.

The industries that built that infrastructure under duress are now, inadvertently, the ones best positioned to show everyone else how it works.

The mechanics of building that architecture, including the five characteristics that separate real governance from the committee-and-checkpoint version most organisations have built, are covered in the companion piece Governance Is Not a Committee. It Is a Decision Architecture.

Healthcare’s Algorithm Is Working. That Is the Problem

Posted on by

Somewhere in American hospital records, there is a pattern that should not exist.

Diagnoses of acute posthemorrhagic anaemia, a serious blood-loss condition that requires transfusion, have risen sharply at facilities that adopted AI billing tools. Blood transfusions have not. A condition is being recorded. The standard treatment for that condition is not being given. According to a Blue Cross Blue Shield Association analysis, the discrepancy is not a rounding error. It is a signature.

This is not a story about a medical error. No patient was misdiagnosed. No physician made a wrong call. What happened is more systemic and more troubling. An AI system trained to identify billable conditions found one. It coded it. The hospital billed for it. Nobody questioned whether the diagnosis reflected care that was actually delivered.

This is what AI looks like when there is no governance around it.

What the Bill Says About the Chart

The Blue Cross Blue Shield analysis examined what happened to hospital billing after AI coding tools arrived at scale. The numbers are not ambiguous. Inpatient spending attributable to AI coding practices reached an estimated $663 million. Outpatient spending tied to the same pattern reached $1.67 billion. One facility’s case complexity rating, the metric that determines how much a hospital can charge, rose 6.7 per cent in the year after adopting an AI billing tool. The average rise at comparable facilities in the same state was 0.9 per cent.

The practice is called upcoding: coding a patient as sicker, or their treatment as more complex, than the clinical record supports. It has existed in healthcare administration for decades. What AI has done is industrialise it. According to a federal data brief from the Office of the National Coordinator for Health Information Technology, 71 per cent of US hospitals were using predictive AI by 2024. AI use for billing specifically rose 25 percentage points in a single year, from 36 per cent of hospitals in 2023 to 61 per cent in 2024. The speed of that adoption has outrun every oversight mechanism that existed to check it.

The tool is not complicated. What was built around it is the problem. AI coding tools scan patient records and flag conditions that could legitimately be billed. In the right environment, with clinical oversight and audit processes, that is a useful capability. In the environment most hospitals actually built, which is one without meaningful governance, they become a revenue maximisation engine. The algorithm does what it was trained to do. Nobody verifies whether the conditions it codes for were actually treated. The bills go out.

The Insurer’s Algorithm Has a Different Objective

At the same time hospitals are using AI to add conditions to bills, health insurers are using AI to remove approvals from treatment requests.

Prior authorisation, the process by which insurers must approve procedures before they happen, has become a primary deployment zone for AI-driven decision-making. The American Medical Association surveyed physicians and found that 61 per cent reported health plan use of AI is increasing prior authorisation denials. A US Senate Permanent Subcommittee on Investigations report found that denial rates at UnitedHealthcare, CVS, and Humana’s Medicare Advantage plans rose as each insurer increased AI deployment in its review process.

The governance picture on the insurer side is no better than on the hospital side. A January 2026 study in Health Affairs by researchers at Stanford Health Care, drawing on a survey of 93 large health insurers, found that more than one-quarter of insurers do not document the accuracy of their AI models or test them for bias, around 40 per cent have no accountability practices in place for AI tools used in prior authorisation and claims decisions, and fewer than one-quarter even tell providers when AI was involved in a determination.

The result is a healthcare system in which AI is simultaneously inflating what hospitals charge and compressing what insurers approve. Patients sit between the two. The treatment they need may be denied before it is given and billed for a complication they were never treated for.

Arizona, Maryland, Nebraska, and Texas all passed legislation in 2025 requiring human oversight before AI can be used to deny a prior authorisation request, prohibiting it as the sole basis for medical necessity determinations. From 2026, the Centers for Medicare and Medicaid Services (CMS) will require payers to provide a specific reason for every AI-assisted denial and to publish aggregate approval data. That regulatory response confirms the scale of what is happening. Legislators do not write laws against things that are not happening.

Nobody Has Had to Answer for This

The question that neither the hospital nor the insurer has been required to answer is a straightforward one: who is responsible for what the algorithm decides?

A 2025 survey of 182 US hospital leaders by Black Book Research found that only 22 per cent are confident they could produce a complete AI audit trail within 30 days if asked. Only 29 per cent have implemented and enforced policies covering AI model inventory and accountability sign-offs. Forty-one per cent identified limited vendor documentation, the model cards and drift reports that explain how a system behaves over time, as their top barrier to audit readiness. The median share of IT and quality budgets allocated to AI governance is 4.2 per cent.

These are not numbers that describe an industry taking AI risk seriously. They describe an industry that deployed the technology and deferred the governance question for later.

The procurement happened fast. The governance never followed. Across billing departments and claims operations, AI has been handed consequential authority over patient finances and care access by organisations that did not build the structures that authority demands. The tools were procured. The governance was not.

The Wrong Diagnosis

Every time this gets written about as an AI problem, the real fix gets deferred.

If the algorithm is the villain, the solution is a better algorithm. A more accurate one. A less biased one. Another procurement cycle, another vendor, another pilot. That framing lets every decision-maker who signed the purchase order, approved the deployment, and chose not to build the oversight infrastructure step back from the frame. The machine did it. The machine was wrong.

In healthcare, the machine is doing exactly what it was built to do. It finds billable codes and it finds reasons to deny claims. It operates at the scale and speed that human reviewers cannot match. And it does all of this inside organisations that did not build the governance structures, the audit processes, the accountability frameworks, or the appeals mechanisms that consequential decisions at that scale require.

The United States is where this data exists. It is not where the problem stops.

That is not an AI failure. It is an organisational one. And unlike a broken algorithm, it cannot be fixed with a software update.

 

Governance Is Not a Committee. It Is a Decision Architecture

Posted on by

A technology programme was delivered on time. The steering committee signed it off. The system went live on schedule and within budget. Twelve months later, usage across the organisation sat at eleven percent. The project had been a success by every measure the governance structure tracked. It had failed by the only measure that mattered.

Nobody was accountable for the eleven percent. The named owner had moved to a different role. The steering committee was dissolved at go-live. The vendor had fulfilled its contract. The organisation had built something that worked perfectly and was used by almost nobody, and no single person in the building could explain why.

That is not a delivery failure. It is a governance failure. And it is far more common than any organisation publicly admits.

 

What Governance Actually Is

Governance is one of those words that everyone uses and nobody defines. In most organisations, it has come to mean a structure: a committee, a framework document, an approval process, a risk register. Something you have rather than something you do. You have a governance framework. The governance is in place. The committee meets quarterly.

This version of governance is useless.

Governance is not a structure. It is a decision architecture. It is the infrastructure that determines how decisions are made, who makes them, what they are accountable for, and how fast the organisation can act when circumstances change.

Every organisation has a governance architecture, whether it has designed one or not. The informal version is still a governance architecture: decisions made by whoever is most senior in the room, accountability absorbed by whoever is most junior when something goes wrong, escalation triggered whenever someone is uncomfortable. It is simply a poor one. The difference between organisations that move well and organisations that stall is rarely capability. It is usually the quality of the decision infrastructure underneath the capability.

 

Governance Theatre

The most dangerous governance is the kind that looks correct from the outside.

Most large organisations have built governance that performs the appearance of oversight without the function. The risk register is meticulously maintained and never acted upon. The steering committee meets monthly and has not once paused a programme. The policy required six weeks of approval and is read by nobody after signing. The assurance review always concludes the project is on track.

This is more harmful than no governance, for one reason: it generates confidence without protection. The board believes the oversight is in place. The programme team believes the risks are managed. The organisation proceeds as if the architecture exists, while operating without it. When the failure arrives, it arrives at scale, having been invisible to every structure designed to catch it.

The question is not whether your organisation has governance. The question is whether your governance is real.

 

What Good Governance Looks Like

Good governance has five characteristics that distinguish it from the committee-and-checkpoint version most organisations have built.

The first is named ownership. Every material decision, every significant deployment, every consequential process has a single individual accountable for the outcome. Not a committee. Not a function. A person. The committee can advise. The function can review. One name sits against each thing that matters, and that person knows it and accepts it.

The second is authority that matches accountability. The most common governance failure is asking someone to be accountable for an outcome they cannot influence. If the named owner cannot pause a deployment, redirect a budget, or override a recommendation, their accountability is nominal. If you cannot identify what the accountable person can stop, you have not given them accountability. You have given them exposure.

The third is pre-agreed frameworks. Good governance does not require full escalation for every decision. It requires that boundaries are agreed in advance, so decisions within those boundaries can be made quickly, and decisions outside them trigger a defined path. The approval gate model creates queues. The framework model reserves escalation for the decisions that genuinely need it. Speed and governance are not a trade-off. They are a design choice.

The fourth is transparency of reasoning. Material decisions need a record. Not for audit purposes, but because the organisations that navigate change well are the ones where future leaders can understand not just what was decided, but why, what alternatives were considered, and what conditions would prompt a different outcome. This is not bureaucracy. It is institutional memory, and its absence is one of the most expensive losses any organisation experiences.

The fifth is a culture that supports use. The best governance architecture fails if the organisation punishes the people who use it correctly. The programme manager who escalates a risk that delays a milestone. The engineer who flags a model limitation that complicates a launch. The analyst who says the data is not fit for purpose. If those people are sidelined or not listened to, the framework is decorative. Governance is architecture and behaviour. Building the architecture without addressing the behaviour is half the work.

 

Governance Debt

There is a cost to governance failure that does not appear on any balance sheet until it is too late to address cheaply.

Every decision made without proper governance accumulates what might be called governance debt. The decision is made, the programme moves forward, the system is deployed. The cost is not visible immediately. It appears two years later, when the person who made the original choice has moved on, when nobody can explain why the architecture was designed the way it was, when the organisation needs to change a system it no longer fully understands and cannot safely modify.

Like financial debt, governance debt compounds. Small omissions early in a programme create disproportionately large costs at the point of change. The organisations that experience the most expensive transformations are rarely those that started with the hardest problems. They are those that accumulated governance debt in the early stages and discovered the interest charge when conditions changed.

 

The Speed Paradox

The dominant assumption about governance is that it slows things down. The evidence says otherwise.

Financial services is among the most heavily governed sectors in the world. It is also, by measurable data, among the fastest at moving AI from experimentation to production. Databricks’ analysis of enterprise AI adoption found that financial services improved its experimental-to-production ratio from 29:1 to 10:1 in under eighteen months, the sharpest improvement of any sector measured. The governance culture that financial services built under regulatory compulsion became, in practice, a deployment accelerant.

The reason is straightforward. When governance is architecture rather than checkpoint, when boundaries are pre-agreed and ownership is named, decisions within the framework do not require escalation. The work that in a poorly governed organisation requires a committee review happens at team level, within agreed parameters, without delay. The governance does not add a stage to the process. It is the process.

The organisations that move slowly under governance are the ones with checkpoints. The ones that move fast under governance are the ones with architecture.

 

Why AI Makes This Urgent

AI does not create governance problems. It amplifies the ones that already exist.

Every organisation deploying AI is making decisions at scale and at speed in ways that are not always visible to the people accountable for outcomes. When a model influences hiring, lending, clinical treatment, or procurement, the decision architecture governing that model matters as much as the architecture governing any senior leader. In some respects more.

Three risks are specific to AI. The first is accountability diffusion. When a decision is made by a model, who is accountable is rarely defined in practice. The model carries no accountability. The vendor carries it within narrow contractual limits. The organisation must deliberately assign it or it defaults to nobody, which is where most organisations currently sit.

The second is scale of error. A human decision-maker with a blind spot makes that error incrementally. A model with the same blind spot can make it thousands of times before the pattern is identified. The governance that catches a human error at ten instances must catch a model error at ten thousand. Most governance frameworks were not designed for that volume.

The third is the deployment and use gap. AI systems are deployed for a defined purpose in a defined context. They are then used in contexts their designers did not anticipate, by people not trained on their limitations, for decisions the governance framework never considered. Governance must follow the system into use, not stop at the deployment gate.

One additional risk is specific to the current moment. In most organisations, AI governance covers the official deployments. It has no visibility of, and no authority over, the AI already in use through personal accounts, consumer tools, and unapproved models. The governance gap that will produce the first visible failures is not in the formal AI programme. It is in the tools already running beneath the governance architecture’s line of sight.

For boards, this is a specific accountability question. Most are receiving AI updates without the frameworks to evaluate them. The question is not whether the organisation has an AI strategy. It is whether the board can answer four things: who is accountable for each material AI deployment, what authority they hold, what the escalation path looks like when something goes wrong, and whether the governance covers the AI that is actually in use rather than only the AI that was formally approved.

 

Three Questions That Will Tell You More Than Any Framework Audit

Name the person accountable for your most significant AI deployment. Not the team. Not the function. One person. If you cannot name them in under ten seconds, you do not have governance. You have the appearance of it.

When did your governance last stop something? Not delay it, not document a risk against it. Stop it. If the answer is never, your governance is not functioning as risk infrastructure. It is functioning as a record-keeping exercise.

If the three people who made your most significant programme decisions in the last two years left tomorrow, what would the organisation know about why those decisions were made? If the answer is not much, you are accumulating governance debt at a rate your future leaders will pay.

Governance is not a committee. It is not a document. It is the infrastructure through which an organisation makes consequential decisions, learns from them, and remains able to change course when it needs to.

Most organisations have not built that infrastructure. AI has not created that problem. It has simply made the cost of not solving it impossible to ignore.

Pre-Mortem: KPMG’s AI-Powered Audit

Posted on by

The audit opinion is the most consequential document most public companies produce. Not the annual report. Not the investor deck. The audit opinion, because it carries a named partner’s signature, and because that signature means something in law. On 9 June 2026, KPMG and Microsoft announced the deployment of Microsoft Agent 365 and Copilot across 276,000 KPMG professionals in 138 countries, including inside KPMG Clara, the firm’s global smart audit platform. Scott Flynn, KPMG’s Global Head of Audit, called it “a pivotal milestone in our AI-powered, human assured audit transformation.” The word “assured” is doing a great deal of work in that sentence.

A pre-mortem asks the same five questions, every time, applied before failure is possible rather than after. This is the fifth in the series. The first looked at vendor accountability in regulated finance. The second at clinical safety in healthcare. The third at execution accountability in defence procurement. The fourth at clinical AI infrastructure. This one looks at professional services, the sector that has built its entire business model on the premise that human expertise is the product.

 

The Bet

KPMG is betting that efficiency and accountability can coexist at this scale. That 276,000 professionals deploying AI agents, with a governance layer running underneath, will not dilute the professional accountability the audit opinion rests on. It is a reasonable bet. It is also an untested one. The commercial logic is clear: 276,000 professionals, 138 countries, and an AI-powered workflow running through KPMG Clara creates the kind of structural productivity gain that redefines the firm’s cost base, and potentially its fee model. Analysis of recent audit fee movements suggests clients are already pressing the case that AI efficiency should flow through to lower fees. The deeper bet, the one sitting beneath the headline deployment, is that “AI-powered, human-assured” constitutes a defensible operating model before any regulatory body has defined what “human-assured” actually requires in practice.

 

The Assumption

The single assumption carrying all the weight: that governing agents is the same thing as being accountable for them. Microsoft Agent 365 provides what its own documentation describes as a control plane, a centralised registry of agents with lifecycle rules, identity controls, and audit logging. That is a meaningful capability. It answers the question: how many agents do you have, and what can they touch? It does not, on its own, answer the question a claims lawyer or a regulator will eventually ask: who is accountable when the agent was visible, governed, and still wrong? KPMG’s Trusted AI framework lists ten ethical pillars, including one labelled Accountability, which calls for human oversight and responsibility to be embedded across the AI lifecycle. That is a principle-level commitment. None of the publicly available documentation specifies what happens to the partner’s signature when an AI-assisted conclusion is signed off and later found to be materially incorrect.

 

The Sequence

KPMG has deployed agents at scale before any authoritative regulatory framework specifies what AI-assisted audit evidence must look like, or how human review of AI-generated conclusions must be documented to meet existing standards. The IAASB approved a project proposal in March 2026 to revise ISA 500, Audit Evidence, to address technology use in audit, but the project is still in early research and information gathering, with no exposure draft issued and no effective date. The PCAOB has stated publicly that it is considering developing risk management guidance for audit firms using AI. Considering, not publishing. The capability is deployed. The standard that surrounds it is still being drafted.

 

The Pager

Lisa Heneghan, KPMG’s Global Chief Digital Officer, was specific about what this deployment requires: “strong foundations in governance, visibility and accountability.” That framing is responsible, and Agent 365 provides the visibility that most enterprises currently lack. The harder question is structural and specific. The audit opinion is signed by a named partner. Professional indemnity is priced around that signature. When an agent embedded in KPMG Clara surfaces a conclusion, the partner reviews it, signs the opinion, and the work later contains a material error, the liability has historically sat with the partner and the firm. What KPMG, Microsoft, and the client have not yet published is a clear allocation of responsibility for the agent’s contribution to that error. Is it a tool failure, an oversight failure, or something existing frameworks do not yet classify? The governance layer provides the audit trail. It does not specify who reads it, or what reading it is worth, when a claim is filed.

 

The Proof

The announcement commits 276,000 professionals and earns KPMG the designation of Microsoft “Frontier Firm.” Neither is a performance measure. No published metric connects this deployment to audit accuracy improvement, reduction in deficiencies, or quality outcomes. What the deployment actually demonstrates is that KPMG can deploy Agent 365 at scale and maintain visibility over its agent estate. That is a meaningful operational achievement. It is not the same as demonstrating that AI-assisted audit conclusions are more reliable than human-only ones, which is what regulators, courts, and insurers will eventually need to see. KPMG Clara’s existing framing covers adoption and workflow integration. No published figure connects it to audit opinion accuracy or deficiency rates. The proof that matters most is still outstanding.

 

Verdict

If KPMG publishes a clear framework specifying how AI-assisted audit evidence is reviewed, validated, and documented, paired with a liability position that survives regulatory scrutiny, this becomes the reference model for professional services AI at scale. The governance commitment is genuine. The scale of deployment is unmatched in the sector. Scott Flynn’s “AI-powered, human-assured” is the right aspiration. The question is whether “human-assured” describes a documented, auditable review process that a regulator will accept and an insurer will cover, or whether it is a positioning statement waiting for a definition. At 276,000 professionals across 138 countries, the audit opinion at the centre of this deployment is too consequential to leave that question open. The answer should come before the first material claim, not after.

The Problem With Your AI Strategy Is Not the AI

Posted on by

The boardroom conversation has shifted. Not to whether AI matters. That debate is over.

The new question is what to actually do with it. And the 2025 data suggests most organisations are answering it badly.

BCG’s research found that 60% of companies globally are generating no material value from AI despite significant investment. McKinsey’s 2025 State of AI survey found that nearly 80% of organisations are regularly using generative AI in at least one function, yet only around 5% are seeing substantial financial returns. The gap between AI as a boardroom announcement and AI as a functioning operational capability is the defining management challenge.

 

The pressure is real. The direction is not.

Executives are asking about AI. Vendors are selling it. Competitors are announcing it. Boards are expecting it.

And in the middle of all that noise, organisations are launching AI initiatives without defining what success looks like. That is not ambition. It is drift with a budget.

The fear of being left behind is understandable. But speed without clarity produces activity, not results. And activity without outcomes is expensive.

RAND Corporation’s 2025 research into AI project failure found that 80.3% of initiatives failed to deliver their intended business value. A third were abandoned before reaching production. A further 28% reached completion and still failed to deliver. The problem is not a lack of investment or effort. It is a lack of clarity about what the investment is actually for.

 

Most organisations are starting in the wrong place

The most common mistake in AI adoption is starting with the tool rather than the problem.

The conversation usually begins with: “What AI platform should we procure?” It should begin with: “What is broken and where?”

AI is not a business objective. It is a capability. And capabilities only create value when they are pointed at something real.

BCG’s research found something that cuts against the instinct of most organisations. The organisations generating real value from AI average 3.5 use cases. Those generating no value average 6.1. More is producing less.

The organisations getting results are not asking which platform to buy. They are asking where their people are losing time to work that should not exist. Where good decisions are being slowed down by fragmented information. Where a process that should take hours takes weeks because nobody has questioned whether it needed to be that way.

That is the right starting point. Not a procurement conversation. A diagnostic one.

 

AI exposes what you were already avoiding

Many leaders believe AI will fix their inefficiency problem. It will not. It will make it harder to ignore.

Unclear processes do not get fixed by AI. They get amplified by it. Poor data quality does not improve because a model has been deployed on top of it. Weak governance does not disappear. Siloed departments do not start collaborating because there is an AI tool in the mix.

The evidence on data readiness is striking. Cloudera and Harvard Business Review Analytic Services, surveying enterprise organisations in early 2026, found that only 7% said their data was completely ready for AI. More than a quarter said it was not ready at all. Gartner estimates that 60% of AI projects unsupported by AI-ready data will be abandoned through 2026.

The obstacle in most AI projects is not the technology. It is the organisation the technology is being asked to work inside. Not the model. Not the platform. Not the vendor. The organisation itself.

 

Fewer tools. More focus. Better results.

Buying advanced technology does not automatically create change. It creates the expectation of it.

Many organisations are deploying AI on top of environments defined by disconnected systems, inconsistent processes and poor data. They are not implementing AI. They are automating the same dysfunction at scale, with a larger budget attached to it.

The organisations getting real value are not the ones running the most pilots. They have chosen a small number of problems that matter, built the right foundations to address them, and stayed focused long enough to see results. They do not announce it. They build it.

They also understand something most organisations have not yet accepted. AI should work in service of a clear business direction. If that direction is unclear, AI will not provide it.

 

Stop performing AI and start implementing it

A significant portion of what organisations call an AI strategy is AI theatre. Presentations. Innovation labs. Pilot programmes. Strategy papers. Announcements. And very little operational change.

IDC’s 2025 research found that for every 33 AI proofs of concept an enterprise starts, only four reach production. A March 2026 survey of 650 enterprise technology leaders found that 78% of enterprises have AI agent pilots running but fewer than 15% have reached production deployment. The pilots do not fail because the technology is immature. They fail because the hard work of creating the conditions for success was never done.

That hard work is not glamorous. It is redesigning how work flows. Making difficult calls about what to stop doing. Getting data into a state a model can actually use. Bringing people along rather than announcing change at them. None of it photographs well for a board update.

But that is what transformation actually looks like. The rest is performance.

If your AI strategy looks like a series of well-designed slides with no corresponding change in how work gets done, you do not have an AI strategy. You have a communication exercise.

 

The question every organisation eventually has to answer

Every organisation reaches the same moment. The excitement fades. The pressure increases. The questions get harder. And someone in that room finally asks: “What exactly is this improving?”

The organisations with a clear answer will accelerate. The ones without one will keep funding a future they never properly defined.

The question is not whether your organisation is using AI. Most are. The question is whether you can name, in a single sentence, the operational problem your AI investment is solving, and how you will know when it is solved.

If you cannot, the technology is not the problem.

Why Programmes Fail in the First 30 Days, Before Anyone Admits It

Posted on by

By the time a programme is declared in trouble, the failure is usually months old.

The governance review that triggers the intervention, the escalation that finally reaches the executive team, the moment someone says out loud what everyone has privately known for weeks. None of that is when the failure started. It is when the failure became undeniable.

The real decisions that determined the outcome were made in the first thirty days. In rooms that were not minuted. In conversations that were not followed up. In the silence where challenge should have been.

I have stepped into enough programmes to know this pattern. And the reality is that by the time you are called in to fix something, you are not dealing with a delivery problem. You are dealing with the compounded consequences of a foundation that was never properly laid.

Bain & Company’s 2024 survey of more than 400 executives found that 88% of business transformations fail to achieve their original ambitions. Most of those failures were not caused by what happened in month six. They were caused by what was decided, or not decided, in month one.

 

The Thirty-Day Window Nobody Takes Seriously Enough

Every programme has a formation period. A window, roughly the first month, where the critical decisions that will shape everything downstream are being made, often informally, often without the weight they deserve.

This is when scope is being interpreted, not just defined. When the people who will actually do the work are forming their first impressions of the leadership, the culture, and whether honesty will be safe here. When the relationships between workstreams are either being built deliberately or left to chance. When assumptions are being made that nobody has written down because everyone assumes everyone else shares them.

Most organisations treat this period as setup. As administration. As the unglamorous precursor to the real work.

It is the real work. Everything that follows is either built on what was established here or fighting against what was not.

The thirty-day window is where programmes are won or lost. We just do not find out until much later.

 

The Scope That Nobody Challenged

Here is where it starts, almost every time.

The scope arrives with the programme. It comes from somewhere, a business case, a procurement process, a senior stakeholder’s vision, a consultancy’s recommendation. It has been approved. It has a budget attached to it. It has a go-live date.

And in the first thirty days, the people now responsible for delivering it read it, sense the problems, and say nothing.

Not because they are incompetent. Because the environment has not established that challenge is welcome. Because the approval process gives scope a kind of authority that makes questioning it feel like insubordination. Because there is pressure, spoken or unspoken, to project confidence rather than raise doubt.

So the assumptions embedded in the scope go unexamined. The dependencies that are not owned by anyone get noted and moved past. The timeline that was built on optimism rather than evidence gets accepted as a constraint rather than interrogated as a risk.

PMI’s 2025 Project Success research found that a clear vision of success at the outset gives projects a Net Project Success Score of +41. The absence of that clarity produces a score of -18. A 59-point swing, determined before the plan is even baselined.

And the programme sets off carrying weight it was never designed to carry. The team knows it. The experienced ones, anyway. But the conversation that would surface it has not happened. So the weight gets managed quietly, worked around, absorbed, until the point when it cannot be anymore.

That point arrives later, visibly, dramatically, in a way that looks sudden.

It was not sudden. It was decided in week two when nobody pushed back on the plan.

 

The Relationships That Were Never Built

Programmes are delivered by people who depend on each other across workstreams, across organisations, across cultural and institutional boundaries that no project plan captures.

Those dependencies only work if the relationships underneath them work. And relationships, real ones, the kind where someone will tell you the truth at 6pm on a Thursday when the news is bad, are not built in kick-off presentations and introductory calls.

They are built in the unglamorous, unscheduled moments of the first thirty days. The informal conversations. The one-on-ones that were not on the plan. The deliberate investment in understanding who the key people are, what they actually care about, what they are worried about, and what they need from you to show up fully.

Most programmes do not make this investment. Leaders are too focused on getting the governance structures right, the plans baselined, the first steering pack prepared. The relational architecture gets left to develop on its own.

It does not develop on its own. It either gets built or it does not. And when it does not, you find out in month four when a critical dependency stalls because two workstream leads have never actually talked, when a key stakeholder disengages because nobody made them feel like a genuine part of the programme, when the supplier relationship that looked functional on paper turns out to have no real trust underneath it.

The fix at that point takes weeks. The investment in week one would have taken an afternoon.

 

The Conversations Nobody Documented

This one is quieter. Harder to see. But just as damaging.

In the first thirty days of any programme, hundreds of micro-decisions get made in conversations that never make it into the formal record. Someone interprets a requirement and moves on. Two people informally agree on a boundary between workstreams that later becomes a gap nobody owns. A risk gets raised in a corridor and managed privately rather than surfaced. An assumption gets made about what the business actually wants that nobody validates because everyone is too busy moving.

These conversations create the real operating model of the programme. Not the governance framework. Not the RACI. The informal, undocumented, human architecture of how this programme will actually function.

When that architecture is sound, when the right conversations happened and the right things got clarified, programmes have a resilience that is hard to explain on paper. They absorb setbacks. They surface problems early. They self-correct.

When it is not sound, the gaps compound. Every week, the distance between the documented reality and the lived reality grows. The risk register reflects what people were willing to write down, not what is actually keeping them up at night. The plan reflects what was agreed in the room, not what the people closest to the work know is actually achievable.

And somewhere around month three or four, the gap becomes too large to manage quietly.

 

The Culture That Set Before Anyone Noticed

The most underestimated consequence of the first thirty days is cultural.

Within a month, every person on a programme has formed a working theory of how this environment operates. Is honesty safe here? Does leadership want the truth or does it want reassurance? What happens to the person who raises a problem? Do they get support or do they get blame? Is this a place where people cover for each other or compete with each other?

These conclusions get drawn from small evidence. The way the programme director responded to the first piece of bad news. Whether the first difficult conversation was handled with directness or avoided. Whether the team lead who flagged a risk was thanked for it or made to feel like they were creating problems.

People are extraordinarily good at reading these signals. They adapt fast. And once the culture has set, once the team has learned what is rewarded and what is penalised, changing it is one of the hardest things in programme leadership.

Research by Milliken, Morrison and Hewlin, published in the Journal of Management Studies, found that 85% of employees had felt unable to raise an important issue or concern with their boss, even when they believed it mattered. That figure will not surprise anyone who has led a programme in distress. The information existed. The team knew. Nobody said it.

I have been in programmes where the psychological safety was so low by month two that meaningful escalation had effectively stopped. Not because the problems had stopped. Because the team had learned that surfacing problems did not help them. That information would travel upward selectively, defensively, shaped to protect the messenger rather than inform the leader.

That culture was established in the first thirty days. Nobody designed it. Nobody intended it. But every small signal, every early interaction, every moment where tone was set rather than thought about, built it brick by brick.

And it was almost impossible to dismantle in month five.

 

What the First Thirty Days Actually Requires

It requires a leader who understands that the work of the first month is not administrative. It is foundational.

It requires the courage to challenge scope before the plan is baselined, even when the pressure is to move quickly. Because the conversation you avoid in week one becomes the crisis you manage in month six.

It requires the deliberate investment in relationships that will not show any return for weeks. The conversations that feel like a luxury when the governance structure needs building and the steering pack is due. They are not a luxury. They are the infrastructure.

It requires the explicit establishment of culture, not through a values statement or a team charter, but through behaviour. Through how you respond to the first piece of bad news. Through whether you ask for honesty or perform as though you want it while rewarding those who tell you what you want to hear.

It requires the discipline to document the undocumentable. To make explicit the assumptions, interpretations, and informal agreements that will otherwise compound silently until they cannot be managed.

And it requires humility. The humility to know that what you do not understand about this organisation, this culture, and these people in the first thirty days will cost you more than anything on the risk register.

 

The Post-Mortem Nobody Gets Right

Most post-mortems on failed programmes look at the wrong timeline.

They analyse month seven, when the slippage became undeniable. Month five, when the critical path was already broken. Month four, when the relationships between key workstreams had deteriorated beyond functional.

The real analysis belongs in month one. In the decisions that were made without enough information. The challenges that were not raised. The relationships that were not prioritised. The culture that was allowed to form without intent.

By the time a programme looks like it is failing, it has been failing for a long time.

The window where it could have been different closed thirty days in.

Most organisations do not realise that. So they keep investing in better governance frameworks, more sophisticated reporting tools, and more rigorous steering processes, applied at the stage of the programme where the outcome is already largely determined.

The intervention that would actually change the failure rate happens at the beginning. In the unglamorous, under-valued, insufficiently serious first thirty days.

That is where programmes are won.

That is where most of them are lost.

Already Building: Epic Agent Factory and the Governance Gap

Posted on by

The pre-mortem on Epic Agent Factory asked who would answer when a health-system-built agent made a clinically significant error. It published on 9 June. I have since learned of a Becker’s Hospital Review report from 30 March confirming that one of America’s largest health systems had already been building those agents for weeks before the question was published.

It confirms the pre-mortem’s central argument. Neither the research nor the article surfaced how quickly the sequence had already begun.

 

The Deployment That Was Already In Motion

Advocate Health had already tapped Epic’s Agent Factory, becoming one of the first health systems to build and deploy agents through the platform. Andy Crowder, Advocate Health’s SVP and Chief Digital and AI Officer, described the direction in a LinkedIn post on 26 March: “By combining Epic’s Agent Factory Platform capabilities with Advocate Health’s scale, clinical insight, and commitment to innovation, we’re translating AI from promise into practice.” He pointed to a three-day Epic immersion at The Pearl innovation district in Charlotte, focused on speeding up pharmacy verification for complex medications and cutting infusion chart preparation time for pharmacists and nurses. Four working prototypes emerged, scheduled to go live in July 2026.

Crowder added: “Together, we’re advancing responsible, practical AI that fits naturally into clinical workflows, reduces friction, and gives clinicians back time to focus on what matters most.” It is a considered statement, and the commitment is genuine. But it is not a governance document. And Advocate Health is not unusual here. They are representative. They moved first because the platform enabled it, the commercial pressure to reduce administrative burden was real, and nothing in the regulatory landscape said stop.

This is the sequence the pre-mortem described. Capability arrived. Deployment followed. The governance architecture to surround it had not been ratified.

 

The Workflows That Come Next

Pharmacy verification and infusion chart preparation are not, in themselves, clinical decision-making. They reduce documentation burden and carry genuine operational value. But they are the entry point, not the ceiling.

Epic’s own Penny agent already handles prior authorisation for thousands of health systems. Agent Factory is the platform through which health systems build their own versions of exactly those capabilities. Prior authorisation sits at the intersection of clinical judgment and payer approval. An AI-generated argument that misrepresents a contraindication, omits a relevant diagnosis, or positions a clinical case in a way that leads a payer to deny appropriate care causes harm that is downstream and deniable. The agent did not make the clinical decision. But the agent shaped the argument that influenced it.

The pre-mortem’s central question, who owns the error, was always pointed at this trajectory. The agent is built by the health system, on Epic’s platform, using Curiosity’s foundation models, in a regulatory environment where no one has yet specified how liability is allocated between vendor and deployer. Advocate Health’s prototypes are the first step of a sequence that leads directly to that question.

 

Colorado Tried to Build the Rails

While health systems were building, legislators in Colorado were attempting to create the governance scaffolding that the platform lacks at a federal level. Three separate AI-related healthcare laws had been passed by June 2026, each addressing a different dimension of the problem, and each confirming the same underlying gap.

Colorado’s original AI Act, SB 24-205, was scrapped before it ever took effect. A legal challenge from X.AI in April 2026, supported by federal intervention from the DOJ, led to enforcement being suspended and the legislature repealing the law entirely. Its replacement, SB 26-189, was signed on 14 May. It is a narrower law, retaining consumer notice requirements and the right to meaningful human review following adverse outcomes, but dropping the duty-of-care standard and mandatory impact assessments that had made the original controversial. It takes effect January 1, 2027.

HB 26-1139, signed on 2 June, constrains how payers use AI in coverage determinations. It requires that AI-driven decisions be based on the patient’s individual medical and clinical history rather than group data, and that any denial or delay of coverage based on medical necessity receive review by a licensed clinician. It too takes effect January 1, 2027.

Together, SB 26-189 and HB 26-1139 create obligations on both sides of the prior authorisation workflow. Neither specifies who bears the cost when an agent-generated output leads to the wrong clinical outcome. Three laws confirming the gap exists is not the same as closing it.

 

The Sequence Is Not a Prediction. It Is a Pattern.

On 1 June 2026, eight days before the pre-mortem was published, the Joint Commission launched its first voluntary AI certification programme for healthcare organisations. Built on the initial guidance published with the Coalition for Health AI in September 2025, the certification covers governance, data management, risk and bias reduction, and monitoring. It is a meaningful step forward. But the certification recognises organisations, not individual tools. It does not validate or certify individual AI products. It contains no discussion of liability allocation. It is a framework for responsible intent, not a mechanism for accountability when something goes wrong.

Epic has not published a liability framework specifying what a health system owns when a self-built Agent Factory agent produces a clinical error. No Epic contract language or public terms of service document does so. No federal regulatory body has published guidance specifically addressing liability allocation for agentic AI operating within EHR environments. The FDA has authorised more than 1,400 AI-enabled devices and issued no specific enforcement guidance for agentic AI in EHR environments.

The pre-mortem’s conclusion was that if Epic published a clear liability framework and paired it with a safety review mechanism, Agent Factory could become the defining infrastructure layer of hospital AI over the next decade. That conclusion stands. What the evidence now confirms is that the clock is not running from some future launch date.

It was already running.

Tokens Don’t Run Transformation Programmes

Posted on by

Somewhere right now, a CFO is presenting a slide that frames it as: tokens or headcount. Allocate to AI infrastructure, reduce salary costs, reinvest in capability. The maths is clean. The logic looks compelling. The slide is wrong.

The phrase “tokens or humans” has entered the corporate vocabulary fast. CNBC ran it as a headline in May 2026 and they were right to, because it captures something real: organisations are now making explicit choices between paying for people and paying for AI. But the framing treats it as a resource allocation problem. It isn’t. It’s a transformation governance problem, and most organisations are making the call before they understand what they are trading away.

 

The Numbers Look Better Than They Are

More than 142,000 tech jobs have been cut in 2026 already. Amazon, Meta, Salesforce, Block, Cloudflare. Executives are public about the logic: AI agents handle what humans used to, smaller teams move faster, capital gets redirected to infrastructure. The numbers are real.

So are these: over 80% of companies using AI showed no productivity benefit in a February 2026 study. Uber burned through its entire annual AI coding budget in four months. Microsoft cancelled a large tranche of Claude Code licences after six months. Productivity gains in controlled studies can be significant. In most real-world settings, the gains are a fraction of what those studies suggest, if they materialise at all.

Token prices are falling, yes. Gartner projects a 90% reduction by 2030. But Goldman Sachs projects a 24-fold increase in enterprise token consumption over the same period. The unit cost goes down; the total bill goes up. Companies reporting their AI budgets exhausted in one or two months are not outliers. They are the pattern.

The trade-off that looks like a saving is, in many cases, a substitution of one cost for a more volatile, harder-to-govern one.

 

You’re Cutting the Wrong People

Here is the part executives are not discussing on those slides.

When organisations reduce headcount to fund AI infrastructure, they do not cut at random. They cut operational staff, programme delivery roles, change management functions, middle management layers. These are the roles that look like friction. In a spreadsheet, they are the easiest cost to justify removing.

In a transformation, they are the load-bearing walls.

The tacit knowledge that keeps a complex programme on track does not live in a document or a prompt. It lives in the people who have navigated the politics three times before, who know which stakeholders will quietly block a decision, who understand why the last attempt failed. AI does not have that context. More importantly, it cannot build it. It can only work with what you give it.

When transformation programmes stall, which they do with regularity, the most common cause is not a lack of technology. It is a lack of people who know how to move organisations through change. Cutting those people to fund AI tools that have not yet delivered consistent productivity returns is not a strategy. It is a bet. And it is a bet being made with institutional knowledge that cannot be easily rebuilt.

 

The Governance Question Nobody Is Asking

Most boardroom conversations about tokens versus humans are efficiency conversations. They should be risk conversations.

Specifically: what is the reversibility of this decision? Hiring back experienced programme delivery professionals, change managers, and technology integrators in a tighter labour market is slow and expensive. The talent you let go walks straight into competitor organisations or into consulting. You do not get it back on demand.

Meanwhile, the AI infrastructure you are funding with those savings is subject to vendor pricing changes, model deprecation cycles, and adoption curves that are far less predictable than a salary line. The White House’s own March 2026 AI governance framework acknowledged the workforce transition risk. State lawmakers introduced hundreds of AI-related bills in 2025. Political and regulatory pressure is accelerating.

Boards approving headcount reductions to fund AI should be asking: what is our recovery plan if the productivity gains do not arrive on the timeline assumed? Few are.

 

What Good Decision-Making Looks Like Here

The organisations getting this right are not choosing between tokens and humans. They are sequencing the decisions differently.

They are deploying AI where the productivity case is proven and measurable: customer-facing automation, code assistance, data analysis, routine administrative work. And they are preserving the human capability needed to execute the transformation that makes AI integration actually work.

They are building governance frameworks around AI spend with the same discipline applied to capital programmes: defined outcomes, stage gates, budget controls, and exit criteria if results do not materialise. They are not treating AI infrastructure as a guaranteed return.

They are also being honest internally about what is driving the headcount decisions. If cost pressure is the real driver and AI adoption is the justification, that is worth naming clearly. Obscuring the actual motivation behind a technology narrative creates cultural damage that outlasts the short-term saving.

 

The Slide Does Not Run the Programme

The “tokens or humans” framing will stick around because it captures something real about the economics of 2026. But it is a simplification that is costing organisations more than they realise.

The numbers are not the decision. The decision is how you get from where you are to where you need to be. That still requires people who know what they are doing.