Owner: CoE Lead + Procurement. Input: Vendor-embedded AI inventory done. Sub-steps:

1. Add the AI governance questionnaire (framework.md §26) to the standard vendor onboarding / security review.
2. Add a contractual notification clause for material AI updates to all new vendor contracts (and at renewal for existing ones).
3. Establish a quarterly catalog refresh of vendor-embedded AI — a recurring calendar event.
4. Establish an annual recertification of vendor AI in production. Output / gate criteria: Procurement playbook updated; questionnaire in use; quarterly refresh scheduled. Decision branches: none. Skip-this-step risk: New vendors keep introducing new AI features that bypass the framework completely.

Part A — done. You are now ready to onboard the first agent.

The next part is the per-agent workflow. It will be run every single time anyone in the company wants an AI agent — including the accountant in Finance the user asked about.

Part B — Per-agent workflow (repeatable for every agent)

This is the path from "someone wants an AI agent" to "agent is in production and being monitored." Every agent — internal, vendor, citizen-developer-built, exec-pet-project — runs through it.

The example we'll keep in mind: Someone in Finance wants an AI agent to help an accountant reconcile vendor invoices against POs in the ERP. We'll walk this scenario through Part B end-to-end at the end of this section.