McKinsey Calls for Greater Digital Autonomy and AptlyDone Delivers

Boards want digital autonomy and safer AI decisions

Boards are not simply calling for more digital autonomy, they want to avoid the risk associated with increased use of Artificial Intelligence applications, particularly as agentic agents continue to assume real human roles within a company.

That demand raises the bar for governance. Autonomy without clear authority is a liability. The right target is autonomy with accountability, where decision rights, ownership, and evidence are explicit for people and for intelligent systems. The recent McKinsey analysis on digital autonomy makes this plain. Boards want resilience and control while keeping the speed and scale of modern platforms. The task falls to technology and risk leaders to turn that direction into operating reality.

Summarizing this McKinsey article in simple terms

McKinsey reports growing board pressure for technology sovereignty and autonomy. Leaders want to reduce over reliance on single external platforms while still capturing innovation benefits. A survey of technology executives highlights security, control, and cost as top concerns that shape infrastructure choices. The authors outline practical strategies that range from greater use of open source to stronger safeguards with global providers, more use of local vendors, selective private cloud for stable workloads, and portable architectures for critical applications. The goal is not isolation. It is thoughtful interdependence that keeps control where it matters most and still allows speed. 

The governance gap that holds companies back

Many enterprises still run authority and signature rules from aging approval matrices and spreadsheets. That approach cannot support autonomy at scale. It fails during reorganizations, misses temporary delegations, and cannot include digital actors in a consistent way. When auditors ask who approved a contract or who instructed a system to act, the answers are slow, scattered, and often incomplete. Autonomous teams cannot move with confidence if the organization cannot prove who is allowed to say yes.

Why digital autonomy needs a single source of truth for authority

Autonomy means decisions are pushed closer to the edge. That only works when decision rights are crystal clear and always current. A single source of truth for Delegation of Authority and signatory rights gives boards and leadership what they need. It links policy to real people, real systems, and real actions. It provides a point in time recall of who approved what and when. It supports internal control frameworks and shortens audit cycles. Most of all, it allows teams to act quickly because the authority model is known, trusted, and visible.

Bring agentic agents into the HR directory

Agentic workflows are now doing real work. They draft agreements, route purchases, and trigger payments. Treat these agents as first class identities in the same directory that holds employees and service accounts. Give them explicit scopes, value limits, expirations, and escalation rules. Capture their actions in the same audit trail you require from human approvers. Digital autonomy fails without this step because invisible actors create invisible risk.

The Aptly blueprint

AptlyDone is a purpose-built platform that turns board expectations into an operating model.

• Dynamic Delegation of Authority that updates in real time when roles or policies change.
• Automated issuance, revocation, and expiration of authority so temporary and acting roles do not linger.
• Signatory governance across entities, jurisdictions, and currencies with clear thresholds and routing rules.
• Full auditability with point in time recall of every delegation and every approval.
• Governance controls for agentic agents that are treated as entries in the HR directory with explicit scopes, value limits, expirations, and escalation paths.
• Integrations with Microsoft Entra ID and Active Directory, SCIM version two, HR platforms such as Workday and SAP SuccessFactors, and ERP systems including Oracle and SAP.
• Global Azure hosted deployment and availability in the Microsoft Marketplace so procurement moves faster, and enterprise compliance checks are familiar.

How this works in practice

Contract approval
Legal creates a policy that sets value limits and counterparties that require special review. AptlyDone maps those limits to roles, not to names. When roles change, authority updates automatically. Every signature is tied back to a specific delegation record with a time stamp and evidence.

Procurement
A category manager needs to approve a supplier renewal within a set amount. The system confirms authority in real time, routes exceptions based on policy, and records the final decision with full traceability for internal audit.

AI initiated actions
A refund agent is allowed to approve refunds up to a set amount within defined time windows. Every action is logged with the agent identity, the scope used, and any escalation that occurred. If the policy changes, the authority scope updates centrally without code changes in the workflow.

Integration and deployment without friction

AptlyDone connects to the identity fabric through Microsoft Entra ID and Active Directory and synchronizes roles and groups through SCIM version two. HR platforms supply the job and position data that anchor delegations to the real organization. ERP integrations with Oracle, SAP, and others align authority with financial posting and procurement execution. Because AptlyDone is available in the Microsoft Marketplace and runs on Azure, information security reviews, procurement steps, and deployment practices fit existing enterprise patterns.

The next 90 days for boards and CIOs

1. Ask for a current map of decision rights for two sensitive processes such as vendor commitments and cash disbursements. Require point in time evidence for three approvals.

    

2. Direct the CIO and CRO to deliver a plan to bring agentic agents into the HR directory with scoped authority and audit logging.

    

3. Replace spreadsheet-based approval matrices for one major function with a system of record that ties policy to roles and provides real time updates.

    

4. Set a control that no authority survives a role change without explicit reissue and that all temporary authority expires automatically.

    

5. Require that all approvals higher than a set limit include a human accountable owner even when an agent triggers the action.

    

6. Define a playbook for regulatory and audit inquiry that can produce who approved what and when in one business day.

    

These steps will surface gaps, reduce risk, and speed up good decisions. They also create the conditions for autonomy because teams can act within known boundaries.

Closing perspective

Digital autonomy is a sensible goal and a board level mandate. The McKinsey message is to balance sovereignty with innovation and to do so with clear design rather than ad hoc choices. The practical path is to give the enterprise a living authority model that governs both people and intelligent agents. That is how you get faster work with lower risk and cleaner audits. 

Source
McKinsey and Company, Boards are calling for more digital autonomy, how CIOs can deliver, November 2025. By Arnaud Tournesac, Klemens Hjartar, and Matteo Martinelli with Rossana Lo Re.

https://www.mckinsey.com/capabilities/tech-and-ai/our-insights/boards-are-calling-for-more-digital-autonomy-how-cios-can-deliver

*Review Aptly in the Microsoft Marketplace link to be supplied and request a briefing on adding agentic agents to the HR directory for authority and signatory governance.