The Governance of Autonomy: Developing an Integrated Risk Management Framework for Agentic Ai Systems in Enterprise Operations

This study investigated the operational, ethical, and legal risks posed by agentic AI deployments in South African enterprise environments, employing an exploratory sequential mixed-methods design comprising 24 semi-structured interviews and a structured survey of 187 risk and governance professionals across financial services, healthcare, information technology, telecommunications, and government administration sectors. Quantitative findings confirmed that agentic deployment intensity significantly predicts governance incidents (β = .38, p < .001), while ERM framework adoption alone does not reduce them (β = −.09, p = .29). Human oversight integration (β = −.32, p < .001) and machine identity security maturity (β = −.29, p = .002) emerged as the strongest protective governance factors. Thematic analysis identified four structural mechanisms sustaining the governance gap: the obsolescence of deterministic governance assumptions, inadequate machine identity protocols, the un-operationalised status of human-on-the-loop oversight, and unresolved legal accountability for autonomous AI action.