AUTHOR

Srdjan Dragutinovic
Partner
Data Analytics
Melbourne

Anthropic and OpenAI have both recently moved into professional services, targeting the mid-market as they push to speed up AI adoption.

Backed by billions from investment banks and private equity, these new enterprise AI services arms are designed to drive uptake of their technology and reshape how their clients work, often drawing them more tightly into a single vendor’s ecosystem.

Why is this happening now?

AI agents are no longer experimental and mark a major shift in how organisations operate. They move beyond passive decision support tools, acting as autonomous systems that perceive, reason, plan, act, and learn across enterprise functions.  

This moves AI beyond insight and assistance, and instead into core business functions. For boards and executive leaders, this is no longer a future consideration. It presents a strategic challenge and opportunity that is driving competitiveness, relevance and long‑term viability of traditional organisations.

To date much of the commercial discussions regarding the risks of AI overlook the risk of inaction, which has quickly become a material risk. As AI-native organisations build operating models around autonomy from day one, incumbents face a key question. Will we disrupt our established markets, or be disrupted?

AI agents have changed the game

Image removed.

In understanding AI agents, it is important to distinguish between assistive agents and autonomous agents. Tools such as Microsoft 365 Copilot agents enhance employee productivity but are limited and operate in a controlled user environment. Autonomous agents on the other hand reinvent workflows. They can operate in their own user context, unattended, and execute actions across systems continuously over time. This is where real competitive advantage emerges, but also where governance, accountability and trust become critical.

Unlike traditional chatbots, which respond to individual prompts, autonomous agents work in specialised roles through multi-step processes that can be performed end to end.

AI agents repeatedly perceive, reason, act and learn. This loop is the source of both opportunity and risk. Organisations that harness it can move faster, operate with greater efficiency and respond more effectively, making them more competitive. Organisations that fail to adapt will risk falling behind competitors whose cost structures, speed and decision making are fundamentally advanced.

How agentic AI is reshaping organisations

In financial services, Anthropic’s Claude agents can now be used for:

  • preparing investor pitchbooks
  • screening KYC files
  • building financial models
  • performing end-of-month reconciliations.

Anthropic continues to expand its agentic capabilities for the legal sector, releasing plug-ins for 12 legal practice areas (e.g. Commercial, Employment, Privacy, IP) with increasingly deeper integration with the legal technology stack.

The advantage lies not in incremental efficiency, but in reengineered processes where people remain in control and responsible for judgment and accountability.

In supply chains and operations, the impact is more structural. Traditional operations rely on lagging data and human reaction to control costs and maintain supply, which is no longer sufficient in the current environment with constant disruption. Agentic approaches enable continuous monitoring of suppliers, logistics and risk signals, allowing organisations to anticipate issues and reconfigure faster. This capability is becoming a requirement for resilience rather than a narrow efficiency exercise.

Many organisations are starting internally with research, analysis, compliance monitoring, and operational workflows. These areas offer a practical proving ground: they are repeatable, measurable and closely linked to core data, allowing organisations to build confidence before extending autonomy further.

Opportunity, compounded over time

AI agents compress operational cycle times by coordinating and executing multi step tasks without constant human intervention. They can improve consistency by applying logic the same way every time. They can also enhance decision making by synthesising information faster and more frequently than human teams can manage alone.

A significant consideration is the compounding benefit these improvements can have over time. AI‑native organisations design their processes, roles and economics around autonomy. In time, the gap between these organisations and traditional incumbents widens. At that point, the risk is no longer incremental under‑performance, but the strategic threat of becoming irrelevant.

Governance as an enabler of progress

AI initiatives fail not because of the risks, but because people don’t trust the AI solution that has been built. Governance becomes an enabler that can resolve the trust gap, but it needs to go beyond policies.

Guardrails in the form of controls are design choices. Inputs can be controlled so agents are protected from sensitive data exposure, misuse or off‑topic requests. Outputs can be monitored so incorrect or non compliant actions are intercepted and escalated for human review. Accountability, testing, monitoring and record keeping are important governance design choices to be embedded in the architecture, not retrofitted after deployment.

When governance is designed in, organisations gain confidence to move beyond pilots and scale AI responsibly.

Why autonomy changes the risk profile

As AI becomes more autonomous, the AI risks become central to enterprise governance. A faulty internal chatbot response is inconvenient, whereas a flawed autonomous decision can trigger operational failure, regulatory exposure or reputational damage. Woolworths experienced this when its customer facing AI chatbot Olive went rogue and started talking about its mother. Such incidents are increasingly common.

Executives, audit, risk and governance leaders need to consider several risk areas that consistently require attention:

  • Accountability – most importantly, accountability must be explicit. Boards and executives need to be able to demonstrate who is responsible for AI solutions – understanding what applications of AI exist in the organisation, how they are being used, and ensuring controls are in place.
  • Reliability – AI models and agents can generate incorrect or misleading outputs, particularly when operating beyond their intended scope. In multi‑agent systems, errors can propagate quickly if not detected.
  • Control – autonomous agents can act across systems. Without clear boundaries, errors can propagate quickly which increases their impact. Ensuring there are meaningful human controls such as escalation (i.e. human-in-the-loop) are important.
  • Data governance and security – agents operate at scale drawing context from organisational knowledge which, if ungoverned, results in poor decision making and increased risk. Data privacy and security are key considerations in redesigned workflows with AI.
  • Consistency – most large language models (LLMs) which AI agents are built on are non deterministic. That is, outputs can vary given the same inputs. This makes auditability and transparency a challenge that can undermine confidence in regulated or high stakes processes.

The value of an independent perspective

As AI moves from supporting decisions to making and executing them, risks become harder to see. Internal assurances are unlikely to be sufficient. Independent reviews are a practical safeguard that enable leaders to identify potential blind spots and management biases.

At an organisational level, leaders need to consider fundamental questions:

  • are we using AI in ways that genuinely aligns with our strategy, or are use cases emerging opportunistically? 
  • is accountability for AI outcomes clear and documented? 
  • do we have a consistent view of where AI is being used across the organisation, and why? 
  • do we understand the risks?

Independent reviews provide a disciplined way to test assumptions and give boards confidence that AI adoption is deliberate, aligned and properly governed.

Additionally, individual AI deployments require scrutiny. Whether a solution is vendor‑provided or built in‑house, AI solutions must be examined for reliability, control and behaviour pushing the boundaries of their capabilities and intended use.

Data governance, privacy and security risks need to be assessed in practice, recognising that agents operate continuously and at machine speed. What looks acceptable with limited testing can behave very differently in production.

Without independent reviews, risks remain hidden until something fails – potentially publicly or detrimentally. Independent assurance allows leaders to move faster, not slower, by knowing where AI is adding value, where controls are effective, and where intervention is needed before scale amplifies risk.

The strategic risk of doing nothing

For boards and executives, the most uncomfortable conclusion is also the most important: inaction is itself a significant risk.

As AI‑native organisations redefine speed, cost and decision‑making, organisations that delay face a systemic threat to competitiveness. This is not a question of whether AI will disrupt markets, but a question of who will do the disrupting.

The Australian Government’s AI adoption tracker suggests most organisations agree that AI is moving too fast and it’s difficult to know when to invest. However, those that wait for perfect certainty may find the market has already moved on and they are left behind, unable to regain an advantage.

Taking the first steps

AI agents are not simply a more advanced form of automation. They are changing how work is organised, decisions are made and value is created. For leaders, the challenge is not choosing between speed and safety but recognising that taking responsible action is now safer than standing still.

The strategic question facing every organisation is no longer whether agentic AI will change their industry, but whether they will shape that change – or be shaped by it.

If your organisation would like support to prepare for the next generation of work, RSM can assist with:

  • AI strategy and roadmap development
  • agentic AI use case identification and prioritisation
  • AI use case development and capability building
  • evaluation of alternative AI solutions (buy-vs-build) aligned with your needs
  • probity services in relation to procuring AI services and solutions
  • independent assurance reviews encompassing strategy, policy, governance, data security, privacy
  • controls design and assessment for AI solutions.

 

FOR MORE INFORMATION

For more information, please contact RSM Partner, Srdjan Dragutinovic.

HAVE A QUESTION?

 Get in touch 

Related insights