Skill Risk Intelligence Hub

Skill · autonomy risk, simulation, and production safety
Risk control plane Authority · Evidence · Simulation · Replay Autonomy increases only when risk decreases

Skill Risk Intelligence Hub governs enterprise-scale agent autonomy.

Sphere should not ask BP to trust autonomous finance decisions on day one. It should progressively earn trust through authority ceilings, deterministic policy gates, mandatory evidence, simulation, replay, learning governance, kill switches, and runtime risk monitoring.

High-risk skills
18 write-capable skills gated
Evidence rule
No evidence = no recommendation
Promotion rule
Draft → simulation → approval → production
Emergency posture
Skill / domain / write / runtime kill switch

Current-state risk assessment

The risk is not whether agents can make decisions. The enterprise question is whether BP can let agents operate at scale without creating financial, operational, compliance, cybersecurity, or reputational risk.

RiskFailure modeControl enhancement
Skill explosionDuplicate Agent V1 / APAC / Europe / Retail variants proliferateSkill Governance Layer with domain, process, subprocess, owner, version, supersedes.
Hallucinated decisionLLM says likely duplicate without proofMandatory Evidence Runtime; no evidence means no recommendation.
Learning corruptionBad supervisor approval becomes institutionalizedLearning candidates must pass validation, simulation, approval, and promotion.
Hidden prompt driftBehavior changes because a prompt changed manuallySkill Compiler stores compiled prompt packages with source versions and prompt hashes.
Tool invocation chaosAgents repeatedly call SAP for simple contextContext Aggregation Layer routes FIM/UDP/Databricks first, SOR confirmation only when required.
Agent cost explosionLarge models used for deterministic workReasoning hierarchy: rules/Python first, small model second, large model only when needed.
Ontology driftInvoice object changes and past decisions become unreplayableOntology Version Runtime on every decision and replay record.
Uncontrolled agent creationPayment Release Agent appears with write accessAgent Authority Framework with READ, RECOMMEND, PREPARE, EXECUTE, WRITE/RESTRICTED ceilings.
Explainability gapExecutive asks why and cannot inspect evidenceDecision Replay Runtime: input, context, memory, policy, tools, reasoning, decision, outcome.
Enterprise change managementPolicy/control threshold changes bypass governanceGoverned Promotion Pipeline with testing, simulation, UAT, approval, and production.

10-layer risk management architecture

LayerControlWhy BP needs it
1. Authority-Based ExecutionObserve, Recommend, Prepare, Controlled Execute, Autonomous Execute, RestrictedPrevents unrestricted finance execution.
2. Policy GuardrailsDofA, SoD, payment, credit, tax, close, evidence, and approval policiesPolicy decides; prompts cannot override.
3. Evidence RequirementDecision, source, confidence, reasoning, policy referenceNo evidence = no recommendation.
4. Confidence-Based Escalation>95% only if authority allows; 80-95% review; <80% escalation; <60% request evidenceKeeps ambiguity human-controlled.
5. Simulation Before ProductionHistorical replay, edge cases, audit samples, known failuresValidates skill behavior before deployment.
6. Promotion PipelineDraft → testing → simulation → business review → controls review → productionTreats skills as deployable enterprise assets.
7. Learning GovernanceObservation → candidate pattern → validation → simulation → approval → promotionStops bad learning from entering production.
8. Decision Replayskill_version, policy_version, ontology_version, memory_snapshot, prompt_snapshot, tools, evidence, decision, outcomeMakes audit reconstruction possible.
9. Enterprise Kill SwitchDisable skill, disable domain, read-only mode, emergency runtime stopAllows immediate containment.
10. Runtime Risk MonitoringOverride rate, evidence gaps, drift, token anomalies, SAP consumption, failed tool callsMonitors whether autonomy remains safe.
Authority levelModeAllowed behavior
Level 0ObserveCan only read and explain KPI, close, forecast, or risk context.
Level 1RecommendCan suggest duplicate hold, collections priority, journal risk, or escalation.
Level 2PrepareCan draft supplier email, credit memo, journal, ticket, or remediation package.
Level 3Controlled ExecuteCan send reminders, create tickets, or update case status within policy.
Level 4Autonomous ExecuteOnly for highly validated low-risk actions such as low-risk cash matching.
Level 5RestrictedNever autonomous: payment release, journal posting, vendor creation, master-data changes.

Skill Simulation and Promotion Pipeline

The highest-priority enhancement is the Skill Simulation Environment. No learning or new finance behavior should enter production without historical replay, edge-case testing, audit samples, and deployment recommendation.

MetricExamplesGovernance value
Precision / recallDuplicate, collection, journal, close, and control outcomesProves accuracy before production.
False positives / false negativesKnown failures, SOX-sensitive cases, edge casesQuantifies business and control risk.
Business impactCash protected, leakage avoided, manual effort removed, close risk reducedConnects validation to BP value.
Cost and latencyToken cost, tool calls, SAP calls, runtime latencyPrevents cost and API consumption surprises.
Deployment recommendationPromote, defer, restrict autonomy, or require more evidenceTurns testing into governance action.
Promotion path: Draft Skill → Unit Testing → Simulation → Peer Review → Business Approval → Controls Approval → Production.

Learning governance

1
Agent observes
Supervisor actions, overrides, outcomes, process mining, control failures, collections success, payment recovery.
2
Candidate pattern
System proposes a new pattern, threshold, evidence rule, or skill improvement.
3
Validation
Owner reviews whether the pattern is real, safe, explainable, and policy-compatible.
4
Simulation
Run against historical and synthetic cases before changing behavior.
5
Approval
Business/process/control owner approves or rejects the promotion.
6
Production
Only approved changes are versioned into skill, memory, policy, or tool configuration.

Runtime risk monitoring

Operational risk

Agent failures, tool errors, SLA misses, escalation spikes, and unresolved cases.

Financial risk

Write-capable skills, payment exposure, journal impact, credit exposure, and leakage risk.

Compliance risk

Policy violations, SoD conflicts, evidence gaps, control exceptions, and approval bypass attempts.

Model risk

Drift, hallucination indicators, low-confidence recommendations, and prompt/package changes.

Learning risk

Unapproved learning candidates, rejected patterns, supervisor override clusters, and promotion backlog.

Cyber risk

Unauthorized access attempts, prompt-injection indicators, source permission mismatches, and identity delegation gaps.

Cost risk

Token spikes, large-model overuse, repeated SAP reads, and expensive tool-call paths.

Kill-switch readiness

Skill disable, domain disable, read-only mode, and emergency stop status.

BP-facing message: Sphere is designed to progressively earn trust through evidence, simulation, replayability, governance, and measurable performance. Autonomy increases only when risk decreases.

BP-specific risk mitigations

BP riskWhy it mattersMitigation
SAP API cost explosionAgents call SAP directly too oftenFIM/UDP/Databricks context first; SAP only for confirmation or governed write-back.
Continuous Close misstatementAgent autonomously creates accrual or postingRecommend and prepare only until simulation, controls, and controller approval prove safety.
Collections customer impactBad communication harms customer relationshipDraft → review → send until customer-contact controls are approved.
Skill proliferationOverlapping skills across towersSkill Governance Board, owner, process, supersedes, reuse score, and deprecation workflow.
Prompt injectionUser asks agent to ignore policies or release paymentPolicies execute outside the LLM and cannot be overridden by prompt text.