GrytLabs Dynamics Inc.
Technical Report · Architecture Series
The Authority Architecture
Three Traditions, One Structural Requirement
Cameisha Smith, CIA
ORCID 0009-0002-8178-8380
TR-A-003  v1.0  ·  Published 2026-07-06  ·  CC-BY 4.0
DOI 10.5281/zenodo.20327174  ·  WMI Thesis
Abstract
Evidence from three independent traditions — accountability theory, organizational cybernetics, and multi-agent systems research — converges on a single structural finding: the authority problem is domain-independent. Agency theory identified information asymmetry as the foundational constraint on delegated authority (Jensen & Meckling, 1976). Beer's Viable System Model derived five necessary authority subsystems from cybernetic first principles (Beer, 1972, 1979). Multi-agent systems research independently derived nine delegation components that map structurally to organizational governance elements (Tomašev, Franklin, & Osindero, 2026). The convergence across traditions, rather than evidence from any single tradition, establishes that authority architecture — who decides, by what delegation, under what constraints, accountable to whom — is a structural requirement for any governed system, whether human, organizational, or computational. The persistent 50-year gap between cybernetic diagnosis and operational governance infrastructure is structural: the missing layer sits below where frameworks operate and above where protocols run. This report demonstrates the three-tradition convergence, identifies the authority architecture as the specific structural requirement the governance infrastructure gap demands, and asserts positions strengthening three WMI thesis commitments on organizational agency, actor-type governance categories, and knowledge asymmetry. Source evidence is documented in the companion Research Reports (RR-004, RR-009, RR-012) with supporting evidence from RR-002 and RR-005.

"Only variety can destroy variety."

— W. Ross Ashby (1956)

Contents
§1Introduction
§2Synopsis
§3Literature Review
§4Scope + Limitations
§5Position Statements
§6Sources
Cite As & Publication Notice

§1Introduction

The structural gap identified in TR-A-001 — the absence of infrastructure that makes governance context a structural by-product of organizational operation — has a specific structural shape. The evidence examined in this report shows that the gap is an authority-architecture problem: the missing infrastructure must resolve who holds authority, how authority delegates, what constraints bind delegation, and how accountability traces back through delegation chains. Three independent traditions diagnosed this problem, each with different vocabularies and methods, and each reached structurally equivalent conclusions about what the authority architecture requires.

Agency theory formalized the foundational constraint: when principals delegate to agents, information asymmetry creates space for divergent interests, producing monitoring costs, bonding costs, and irreducible residual loss. Enterprise governance frameworks — COSO, COBIT, the IIA's Three Lines Model, TOGAF, SOX — built mature prescriptive apparatus around this constraint, specifying governance requirements without providing the infrastructure to implement them. Organizational cybernetics derived the same authority structure from first principles: Ashby's Law of Requisite Variety establishes the information-theoretic constraint on any regulatory system, and Beer's five necessary subsystems specify the minimum viable authority architecture for organizational viability. Multi-agent systems research rediscovered governance requirements independently: Tomašev, Franklin, and Osindero (2026) identified nine delegation components from the MAS literature that map one-to-one to organizational governance elements, while five major MAS frameworks each formalize governance subsets without any single framework achieving full coverage.

The question this report engages: are these three traditions describing three different problems, or three views of the same structural problem? The thesis is that they describe the same authority architecture from different vantage points, and that the convergence constitutes evidence of a domain-independent requirement.

The thesis would be disproven if: (1) an existing framework, protocol, or infrastructure resolves the delegation problem across organizational, cybernetic, and multi-agent governance — meaning the three-tradition authority gap does not exist; (2) the COSO/COBIT enterprise governance tradition already operationalizes Beer's five systems — meaning the cross-tradition gap is an artifact of disciplinary isolation rather than structural absence; or (3) any single MAS framework achieves full governance coverage as defined by enterprise governance standards — meaning the fragmentation is incidental rather than structural.

§2Synopsis

Three independent traditions — each using different methods, vocabularies, and addressing different institutional domains — diagnosed the same authority-structure problem and converged on structurally equivalent requirements.

The accountability tradition formalized the problem as information asymmetry between principals and agents: Jensen and Meckling (1976) demonstrated that delegated authority creates monitoring costs, bonding costs, and irreducible residual loss; Bovens (2007) specified the three-phase accountability mechanism (information → debate → consequences) that authority structures must enable; Weill and Ross (2004) found empirically that governance clarity — knowing WHO decides — outperforms governance design in 250 enterprises. The cybernetic tradition derived the authority architecture from information theory: Ashby's Law of Requisite Variety establishes that any regulatory system must match the variety of what it governs; Beer's five necessary subsystems provide the structural theorem for organizational viability; the recursive system theorem establishes that the same five-system authority architecture applies at every organizational level. The multi-agent systems tradition rediscovered these requirements independently: Tomašev et al. (2026) identified nine delegation components from the MAS literature that map one-to-one to governance elements from organizational theory, while the FIPA standard that should have provided MAS governance infrastructure instead eliminated governance semantics from the protocol.

The convergence is the evidence. When three traditions sharing no common methodology independently reach the same structural requirements — authority traceability, constraint propagation, delegation composition, accountability reconstruction — the requirements are real properties of governed systems, not artifacts of any single tradition's perspective. No existing framework, protocol, or infrastructure resolves the authority problem across all three domains. Enterprise governance frameworks prescribe authority requirements without operationalizing them. The VSM diagnoses authority pathologies without providing the operational mechanism to remediate them. Multi-agent protocols provide capability without governance. The authority architecture sits at the layer below where frameworks prescribe and above where protocols operate — the layer that governance infrastructure must occupy.

This report is the third paper in the WMI thesis volume. TR-A-001 established that a structural gap exists between governance requirements and governance infrastructure. TR-A-002 established that the resolution must be architectural — governance invariances require structural imposition, not learned compliance. This report identifies the specific architectural requirement: an authority architecture that resolves delegation across organizational, cybernetic, and computational governance through a shared structural substrate.

§3Literature Review

§3.1Architectural Contribution
The Authority Architecture Defined

The authority architecture is the structural specification for how authority delegates, constrains, and accounts across any governed system. The evidence examined in this report establishes three structural properties that any authority architecture must satisfy:

Property 1: Authority traceability. Every action in a governed system must trace to a source of authority. Agency theory establishes this requirement through the principal-agent relationship: when principals delegate to agents, information asymmetry creates space for divergent interests — moral hazard (hidden action after the delegation) and adverse selection (hidden information before the delegation) — producing three categories of cost: monitoring costs (the principal's investment in observing agent behavior), bonding costs (the agent's investment in signaling alignment), and irreducible residual loss (the divergence no mechanism eliminates). These costs are manageable only when the delegation chain is reconstructable — the principal must be able to trace what authority was delegated, how it was exercised, and what information the agent possessed at the point of decision (RA-004 §F2). Gailmard (2014) synthesized the implication: no single accountability mechanism eliminates agency loss; effective governance requires combining ex-ante mechanisms (selection, contracting, structural design) with ex-post mechanisms (monitoring, evaluation, enforcement) — all of which require reconstructable authority chains.

Cybernetics establishes authority traceability through the Conant-Ashby theorem: every good regulator of a system must be a model of that system (Conant & Ashby, 1970). This is not a design recommendation but a mathematical result: the regulator's variety must include a representation of the system's state sufficient to determine the correct regulatory action. Applied to governance: the governance infrastructure must contain a model of authority relationships sufficient to regulate them — which requires those authority relationships to be traceable (RA-009 §F7). Without authority traceability, the governance system lacks the model that the theorem proves necessary.

Multi-agent systems research establishes authority traceability through the meaningful-human-control requirements. Santoni de Sio and van den Hoven (2018) proposed two conditions: the tracking condition (the system responds to all relevant human moral reasons) and the tracing condition (any outcome traces back to at least one human agent with proper moral understanding). Neither MCP, A2A, nor Agent Protocol satisfies these conditions — tracking requires that delegation preserves human-defined purpose and boundaries across hops; tracing requires that every action in the chain traces to human authorization (RA-012 §F5). Without authority lineage infrastructure, the conditions are structurally unsatisfiable in multi-hop delegation. Elish's (2019) moral crumple zone documents the consequence: responsibility collapses onto the nearest human regardless of whether that human had meaningful control — a direct result of missing authority traceability.

The three traditions derive the same requirement from different starting assumptions: information asymmetry requires traceability (economics), regulatory adequacy requires traceability (cybernetics), and moral responsibility requires traceability (ethics). The convergence establishes that authority traceability is a structural requirement, not a design preference.

Property 2: Constraint attenuation. Authority delegation must narrow scope but never widen it. Each hop in a delegation chain may impose additional constraints but cannot relax constraints imposed by prior hops. This is not a governance best practice — it is a structural requirement derivable from each tradition's foundational commitments.

Agency theory establishes constraint attenuation implicitly through the structure of agency costs. Monitoring costs exist precisely because the principal cannot assume the agent will self-constrain — the agent's informational advantage creates structural opportunity to relax the principal's intended boundaries (RA-004 §F2). Eisenhardt's (1989) extension clarifies the mechanism: organizations choose between behavior-based governance (directly constraining what agents do) and outcome-based governance (constraining what agents achieve) depending on what is observable. Both modes assume that the constraints imposed by the principal bind the agent; neither mode provides for the agent to relax those constraints. The Three Lines Model operationalizes this: first-line management operates within risk appetite set by the governing body; second-line oversight verifies conformity with that appetite; third-line audit independently confirms that first-line and second-line functions are actually performing as designed. Authority flows downward through this structure; constraints accumulate at each level (RA-004 §F9).

Cybernetics establishes constraint attenuation formally. Beer's five systems include S3 (Control) to verify that operational reality matches management expectations, and S3 (Audit) as a direct monitoring channel bypassing normal reporting — Beer added S3 specifically because "reporting channels can be gamed — either by accident or by design, pulling the wool over their eyes" (RA-009 §F3). The S3/S3 pair exists because authority delegation creates structural opportunity for constraint relaxation; the audit function is the organizational mechanism for detecting when constraints imposed at higher recursive levels have been attenuated by lower levels. The recursive system theorem (RA-009 §F5) extends this: the same constraint-verification structure (S3/S3) applies at every recursive level, meaning constraint attenuation must be detectable at every level of the organizational hierarchy.

Multi-agent systems research establishes constraint attenuation operationally. Mayer, Davis, and Schoorman's (1995) organizational trust model identifies three dimensions — ability (competence), benevolence (intention alignment), and integrity (rule adherence) — but computational trust models struggle with integrity because trust based on learned behavior is vulnerable to optimization pressure: agents trained to maximize task completion may learn to circumvent constraints that reduce completion rates (RA-012 §F7). Trust boundaries must therefore be imposed (structurally enforced constraints on scope), not learned (computed from behavioral history). Graduation from lower to higher delegation authority should be evidence-based, with regression possible when deviations are detected. The delegation-as-composition finding (RA-012 §F9) formalizes constraint attenuation: each delegation hop creates a new composition of authority, scope, and constraints, where the constraints bind cumulatively — a structural analog to Beer's recursive constraint-verification architecture.

Property 3: Recursive viability. The authority architecture applies at every organizational level with identical structural description. This property distinguishes the authority architecture from governance frameworks that prescribe different structures at different organizational levels.

Beer's recursive system theorem is the formal statement: every viable system contains and is contained in viable systems, all modeled with the same five-subsystem architecture (RA-009 §F5). The theorem is structural, not metaphorical — a department has S1–S5, the corporation containing it has S1–S5, the industry ecology containing the corporation has S1–S5. The Law of Cohesion (Beer, 1979) formalizes the interface between recursive levels: "The System One variety accessible to System Three of recursion x equals the variety disposed by the sum of the metasystem of recursion y, for every recursive pair." This ensures variety balance across the recursive hierarchy — the constraint from Ashby's law (Property 1's information-theoretic foundation) applies not just at a single level but at every interface between levels.

The recursive property has a direct and consequential analog in delegation chains. Tomašev et al.'s nine delegation components — task specification, authority transfer, accountability structure, trust mechanisms, intent preservation, role boundaries, monitoring/verification, delegation contract, and context transfer — must be satisfied at every delegation hop, not just at the first hop where a human initiates the chain (RA-012 §F1, §F2). A three-hop delegation (human → agent A → agent B → action) requires authority traceability, constraint attenuation, and accountability reconstruction at each hop boundary — the same structural requirements recursively instantiated. The accountability literature confirms this recursive requirement through the delegation-chain liability analysis: each hop attenuates accountability because each hop introduces a knowledge gap between the delegator's intent and the delegatee's execution. Nissenbaum's (1996) four barriers — the many-hands problem, the bug defense, blaming the computer, and ownership without liability — are all exacerbated by recursive delegation; Matthias's (2004) responsibility gap for learning systems, when applied to recursive delegation chains, implies that the gap widens with each additional hop because predictability decreases multiplicatively across the chain (RA-012 §F4).

The fragmentation of MAS frameworks (RA-012 §F8) is explained by the failure to recognize this recursive property. Each of the five major frameworks — BDI, MOISE+, Contract Net, OperA, and Categorical Cybernetics — formalizes governance for interactions at one level of the delegation hierarchy without providing the recursive compositional infrastructure that would allow the same governance structure to apply at every level. The delegation-as-composition finding (RA-012 §F9) resolves the fragmentation architecturally: delegation composes over existing governance elements at each hop, and the composition is recursive — the same structural template applied at every delegation boundary, just as Beer's five systems apply at every organizational boundary.

The Cross-Tradition Structural Equivalence

The architectural contribution of this report is the demonstration that the authority-structure problem diagnosed by agency theory, organizational cybernetics, and multi-agent systems research is structurally equivalent — not merely analogous. The equivalence claim rests on three structural correspondences:

Correspondence 1: Information asymmetry is requisite variety. Jensen and Meckling's (1976) principal-agent information asymmetry and Ashby's (1956) Law of Requisite Variety describe the same structural constraint from different traditions — and the structural equivalence can be stated precisely in information-theoretic terms because both traditions derive from information theory.

The principal-agent problem arises because the agent possesses information the principal lacks — the agent's behavioral variety exceeds what the principal's monitoring apparatus can absorb. Jensen and Meckling formalize this as agency costs: the principal invests in monitoring to reduce the information gap (monitoring costs), the agent invests in signaling alignment to reduce the trust gap (bonding costs), and the irreducible divergence between the principal's interests and the agent's behavior represents the residual loss that no mechanism eliminates. The critical insight is that agency costs are structurally determined by the information gap, not by the moral character of the agent — even stewards operating with perfect alignment still generate monitoring costs because the principal cannot verify alignment without information.

Ashby's Law of Requisite Variety states the same constraint formally: V(R) ≥ V(D) — the variety of the regulator must be at least equal to the variety of the disturbances if essential variables are to be maintained within acceptable limits. Ashby derived this from Shannon's Theorem 10 — the amount of noise that can be removed by a correction channel is limited to the amount of information that channel can carry (RA-009 §F1). Variety is measured in bits as the logarithm of the state count, making it directly equivalent to Shannon entropy. The regulatory problem is formally identical to the noise-suppression problem in communication theory.

The mapping is precise: the principal's monitoring apparatus is a regulator in Ashby's sense; the agent's behavioral variety is the disturbance space; monitoring costs (Jensen & Meckling) are the economic expression of the variety deficit (Ashby); and residual loss is the irreducible regulatory failure when V(R) < V(D). The convergence is not metaphorical — both are information-theoretic statements about the relationship between a controller and what it controls. Agency theory derived the constraint from economic observation of organizational contracts; cybernetics derived it from mathematical analysis of regulatory systems. That they converge on the same structural relationship — the controller must have informational capacity matching what it controls — is evidence that the relationship is a property of the governance problem, not an artifact of either tradition's assumptions.

Correspondence 2: The five systems are the five functions. Beer's five necessary subsystems for organizational viability and COSO's five components of internal control describe structurally compatible authority architectures derived from independent traditions — one from neurophysiology and cybernetic axioms (Beer, 1972, 1979), the other from enterprise governance practice and fraud investigation (COSO, 1992, revised 2013). Neither tradition cites the other. The two frameworks evolved in complete isolation — Beer working from Ashby's cybernetics and neuroanatomical analogy, COSO working from the Treadway Commission's mandate to address fraudulent financial reporting — yet they converge on five-function authority architectures with striking structural alignment.

The correspondence, element by element: COSO's Control Environment (the organizational culture and governance tone set by leadership) maps to Beer's S5 Policy (identity, purpose, and ultimate authority — the system that defines what the organization IS). COSO's Risk Assessment (identification and analysis of threats to objective achievement) maps to S4 Intelligence (environmental scanning, future modeling, and adaptation planning — "outside and then"). COSO's Control Activities (the policies and procedures that enforce management directives) map to S3 Control (internal regulation, resource allocation, and operational accountability — "inside and now"). COSO's Information & Communication (the infrastructure for capturing and distributing relevant information) maps to S2 Coordination (anti-oscillatory dampening between operational units — preventing uncoordinated action through information flow). COSO's Monitoring Activities (ongoing evaluations and separate assessments of internal control effectiveness) map to S3* Audit (the direct monitoring channel Beer added because "reporting channels can be gamed"). The five-to-five mapping also accounts for Beer's additional channels: the algedonic channel (emergency bypass from operations to policy) has no COSO equivalent, suggesting a governance gap that the COSO framework does not address — organizations implementing COSO without an emergency escalation path outside normal reporting structures are missing a viability requirement that cybernetics identifies as necessary.

Figure 1COSO→VSM structural correspondence — five functions from two independent traditions
Figure 1. COSO→VSM structural correspondence — five functions from two independent traditions.

No published work has formally mapped this correspondence (RA-009 §F12). That two independent traditions derived five-function authority architectures with this degree of structural alignment is convergent evidence for the necessity of the five-function structure. The convergence is not coincidental similarity — both frameworks respond to the same environmental constraint: organizations must simultaneously maintain operational stability (requiring S3/Control Activities), adapt to environmental change (requiring S4/Risk Assessment), preserve identity (requiring S5/Control Environment), coordinate distributed operations (requiring S2/Information & Communication), and independently verify that the first four functions are actually performing as designed (requiring S3*/Monitoring Activities). The five functions are structurally necessary because they address five independent organizational viability requirements.

Correspondence 3: Delegation is composition, not protocol. The multi-agent systems tradition has historically treated delegation as a protocol problem — how agents communicate task assignments, negotiate contracts, and verify completion. Smith's (1980) Contract Net Protocol established the paradigm: a manager announces a task, potential contractors submit bids, the manager evaluates and awards a contract, the contractor executes and reports. This protocol captures the transactional dimension of delegation — commitment formation and fulfillment — but assumes the governance context (authority, constraints, accountability, intent) is handled elsewhere.

The evidence from RA-012 shows that delegation is not a protocol but a governance composition: purpose (why delegate) + authorization (who may act) + agreement (commitment to perform) + scope limits (constraints on action) + task specification (what to do) + contextual understanding (with what knowledge), instantiated at each hop and linked through state transformation lineage (RA-012 §F9). Each hop in a delegation chain creates a new instance of this composition. Authority attenuation — each hop may narrow scope but never widen it — is enforced through constraint binding within the composition. The full chain is reconstructable because each hop's composition is structurally linked to the prior hop's.

This compositional view explains the MAS framework fragmentation documented in RA-012 §F8. Five major frameworks each formalize a different dimension of the delegation composition: BDI (Rao & Georgeff, 1991, 1995) formalizes the cognitive dimension — beliefs, desires, and intentions provide the mental-state architecture for individual agents, strong on intent and commitment but absent on authority and evidence. MOISE+ (Hübner, Sichman, & Boissier, 2002, 2007) formalizes the structural dimension — roles, goals, and deontic rules provide the organizational architecture for agent groups, strong on authority and constraints but partial on evidence and capacity. Contract Net Protocol (Smith, 1980) formalizes the transactional dimension — market-like task allocation through announcement, bidding, and awarding, strong on commitment and evidence but weak on authority and intent. OperA (Dignum, 2004) formalizes the relational dimension — negotiated social contracts between authority and autonomy, strong on commitment, authority, and constraints but partial on evidence. Categorical Cybernetics (Capucci et al., 2021–2022) formalizes the mathematical dimension — composition and feedback through category theory, strong on constraints and formal properties but absent on intent and authority.

No single framework achieves strong coverage of more than three governance dimensions. The fragmentation is not a coordination failure among framework designers — it is a structural consequence of each framework starting from a different problem (cognition, organization, transaction, relation, mathematics) and discovering governance fragments along the way. None started from governance as the organizing principle. The compositional view resolves the fragmentation: a governance composition over existing elements provides the infrastructure that each framework partially instantiates but none provides completely. This is structurally analogous to Beer's S2 (Coordination) function: just as S2 dampens oscillations between S1 operational units, the governance composition dampens the fragmentation between delegation frameworks by providing the shared compositional infrastructure they each lack.

Figure 2MAS framework governance coverage — structural fragmentation across five frameworks
Figure 2. MAS framework governance coverage — structural fragmentation across five frameworks.
The Falsifiable Claim

The authority architecture is domain-independent: the same structural requirements (authority traceability, constraint attenuation, recursive viability) apply to organizational governance, cybernetic systems, and multi-agent delegation. This claim is falsifiable. If any existing framework, protocol, or infrastructure provides a unified authority architecture that resolves delegation across all three domains, the domain-independence claim is disproven. If the COSO→VSM correspondence is shown to be superficial analogy rather than structural alignment, the cross-tradition equivalence is weakened. If any single MAS framework achieves full governance coverage as defined by enterprise governance standards, the fragmentation is incidental rather than structural and the compositional argument does not hold.

Figure 3Three independent traditions converge on three structural requirements for authority architecture
Figure 3. Three independent traditions converge on three structural requirements for authority architecture.
§3.2Convergence Evidence

The authority architecture claim rests on convergent evidence from six identifiable traditions. Per the Architecture Report compression standard, each tradition receives a focused paragraph establishing its core finding, its contribution to the authority architecture, and its convergence with other traditions.

Agency Theory

Jensen and Meckling's (1976) formalization of the principal-agent relationship in the Journal of Financial Economics established information asymmetry as the foundational authority constraint: when principals delegate to agents, the agent's informational advantage creates space for moral hazard (hidden action) and adverse selection (hidden information), producing monitoring costs, bonding costs, and irreducible residual loss. Eisenhardt (1989) extended the framework: information is a purchasable commodity, and organizations choose between behavior-based and outcome-based governance depending on what is observable. Davis, Schoorman, and Donaldson (1997) introduced stewardship theory as the counterposition: under conditions of professional identity, mission alignment, and strong organizational culture, agents function as stewards whose interests naturally align with organizational objectives. The critical architectural implication is that governance infrastructure must accommodate both modes simultaneously — providing accountability evidence for agency contexts and knowledge preservation for stewardship contexts through the same structural mechanisms (RA-004 §F2, §F3). This dual requirement converges with the cybernetic tradition's S3/S3* distinction (operational control plus independent audit) and with the MAS tradition's trust-boundary imposition (structurally constraining scope while permitting graduated autonomy).

Institutional Theory

Meyer and Rowan (1977) documented that organizations adopt formal governance structures as "rational myths" conferring legitimacy regardless of operational effectiveness — a phenomenon they termed "ceremonial conformity." DiMaggio and Powell (1983) explained how ceremonial adoption spreads through three isomorphic mechanisms: coercive (regulatory pressure), mimetic (uncertainty-driven imitation), and normative (professional standards). Weill and Ross (2004) provided the empirical complement: studying 250 enterprises, they found that governance clarity — knowing who decides — outperforms governance design in organizational performance outcomes (RA-004 §F6, §F7). The architectural implication is that the authority problem is not about better frameworks but about operational coupling: when governance documentation is embedded in the governance activity itself rather than maintained as a parallel compliance process, the decoupling that enables ceremonial conformity becomes structurally difficult. This converges with the cybernetic tradition's S3/S4 homeostat (the balance between operational control and environmental intelligence prevents both calcification and perpetual reorganization) and with the MAS tradition's FIPA regression finding (governance semantics were recognized, formalized, then abandoned for implementation simplicity — a form of protocol-level ceremonial conformity).

Accountability Theory

Bovens (2007) defined accountability as a three-phase mechanism: the actor provides factual information about conduct, the forum examines and debates the reasoning, and the forum evaluates and determines consequences. Schedler (1999) identified two dimensions — answerability (obligation to inform and justify) and enforcement (capacity to impose consequences) — establishing that answerability without enforcement is merely transparency. The IIA's Three Lines Model (2020) operationalized accountability through role differentiation: first-line (operations and risk management), second-line (oversight and expertise), and third-line (independent assurance), with the governing body defining risk appetite and delegating authority (RA-004 §F4, §F5, §F9). The architectural implication is that authority architecture must make Bovens' three phases structurally satisfiable at each delegation level: decision records provide the factual information (Phase 1), documented intent and authority provide the basis for explanation (Phase 2), and documented expected outcomes provide the evaluation standard (Phase 3). This converges with the cybernetic tradition's recursive system theorem (the same authority structure at every level) and with the MAS tradition's delegation-chain accountability requirement (every hop must be independently auditable or the chain produces liability diffusion).

Organizational Cybernetics

Ashby's (1956) Law of Requisite Variety — derived from Shannon's Theorem 10, not from organizational observation — establishes that any regulatory system must have variety matching the variety of what it regulates: V(R) ≥ V(D), where variety is measured in bits as the logarithm of the state count (RA-009 §F1). Beer (1972, 1979) applied this constraint to organizations, deriving five necessary and sufficient subsystems for viability from neurophysiological analogy: S1 Operations (autonomous value-producing units), S2 Coordination (anti-oscillatory dampening), S3 Control (internal regulation and resource allocation), S4 Intelligence (environmental scanning and future modeling), and S5 Policy (identity, purpose, and the S3/S4 balance). Beer added S3* (Audit) as a direct monitoring channel bypassing normal reporting — "because reporting channels can be gamed" — and the algedonic channel as an emergency bypass from operations to policy when viability is threatened (RA-009 §F3). The S3/S4 homeostat is the central structural insight: organizational viability depends on the dynamic balance between operational control (S3, "inside and now") and environmental intelligence (S4, "outside and then"); S5 exists to govern this balance, producing two predictable pathologies when it fails — calcification (S3 overwhelming S4) and perpetual reorganization (S4 overwhelming S3) (RA-009 §F4). The recursive system theorem establishes that viability at every organizational level requires the same five-system architecture, creating nested authority delegation that is structural, not metaphorical (RA-009 §F5). This converges with the accountability tradition (the Three Lines Model is a three-function subset of the five-system architecture) and with the MAS tradition (recursive delegation in multi-agent chains requires the same structural properties at every hop).

Multi-Agent Systems

Tomašev, Franklin, and Osindero (2026) defined intelligent AI delegation as "a sequence of decisions involving task allocation, that also incorporates transfer of authority, responsibility, accountability, clear specifications regarding roles and boundaries, clarity of intent, and mechanisms for establishing trust" — a definition derived from the multi-agent systems literature, not from organizational governance theory, yet independently identifying every structural element that organizational governance frameworks have prescribed for decades (RA-012 §F1). Nine delegation components identified from the MAS literature — task specification, authority transfer, accountability structure, trust mechanisms, intent preservation, role boundaries, monitoring/verification, delegation contract, and context transfer — map one-to-one to governance elements from organizational theory; the mapping is structural, not superficial (RA-012 §F2). Five major MAS frameworks — BDI (cognitive dimension), MOISE+ (structural dimension), Contract Net Protocol (transactional dimension), OperA (relational dimension), and Categorical Cybernetics (formal/mathematical dimension) — each formalize governance subsets, but none achieves coverage across more than three governance dimensions; the fragmentation is structural because each framework started from a different problem and discovered governance fragments along the way (RA-012 §F8). The delegation-as-composition finding (RA-012 §F9) resolves the fragmentation: delegation is not a new primitive requiring new infrastructure but a composition pattern over existing governance elements, instantiated at each hop and linked through state transformation lineage. This converges with the cybernetic tradition (recursive composition mirrors recursive viability) and with the accountability tradition (the composition's components — purpose, authorization, agreement, constraints, specification, context — map to Bovens' three-phase accountability requirements).

AI Governance

The AI governance tradition provides the bridge between classical organizational authority and computational delegation. Six major jurisdictions — EU AI Act, NIST AI RMF, ISO/IEC 42001, OECD Principles, IEEE P7000, and Singapore's Model AI Governance Framework — converge on the same regulatory requirements (transparency, accountability, fairness, human oversight) while sharing the same infrastructure gap: they specify WHAT organizations must do without providing the structural substrate for HOW (RA-002 §F4). Busuioc (2021) documented that AI functions as a "moral buffer" in public administration, creating automation bias where humans relinquish authority to algorithms — the authority relationship between humans and AI becomes unanswerable without structural lineage (RA-002 §F8). Rakova et al. (2021) confirmed through practitioner interviews that responsible AI fails because organizational structures are missing, not because values are missing: responsible AI practitioners lack organizational authority, responsible AI is disconnected across ethics, engineering, and product teams, and responsible AI metrics are absent because infrastructure to capture governance activities does not exist (RA-002 §F5). The AI governance findings converge with organizational governance theory on the core structural claim: the authority problem is the same whether authority delegates from human to human, from organization to AI agent, or from agent to agent. The moral-buffer finding (Busuioc) is the computational analog of ceremonial conformity (Meyer & Rowan) — governance adoption without operational coupling, enabled by the absence of authority-tracing infrastructure.

Representation Infrastructure

The semantic web tradition establishes that the technical infrastructure for representing authority relationships exists — OWL 2, RDF, PROV-O, SKOS, foundational ontologies — but the governance-specific ontological commitment does not. PROV-O's actedOnBehalfOf property directly models authority delegation chains, yet PROV-O provides tracking without governing: it answers "where did this come from?" but not "was this properly authorized, adequately evidenced, and consistent with constraints?" (RA-005 §F3). Foundational ontologies (BFO, SUMO) demonstrate that upper-category integration works at scale — BFO anchors over 400 biomedical ontologies through the OBO Foundry — but no comparable instantiation addresses organizational decision governance (RA-005 §F7). Gruber's (1993) ontological commitment principle transforms governance infrastructure adoption from software installation into social contract: organizations agree to represent governance concepts using shared vocabulary and axioms (RA-005 §F5). Enterprise knowledge graphs are passive — they represent what IS — while the transition to active governance substrate (constraining and validating authority actions rather than merely documenting them) remains the novel application gap (RA-005 §F13). The representation findings establish that the authority architecture's infrastructure layer is technically feasible; the gap is the governance-specific ontological commitment, not the underlying representational machinery.

§3.3Field Evidence Origin

The governance-infrastructure assessment presented in this report draws on the documented record of three professional and academic traditions, examined through the Institute's research program under the author's Certified Internal Auditor (CIA) credential. The assessment methodology follows IIA Standard 2310 (Identifying Information): evidence is evaluated for sufficiency (enough to support the conclusion), appropriateness (relevance and reliability), and documentation (re-performability by an independent reviewer). The documented audit-profession record — codified in IIA Standard 2330, GAGAS §6.50–6.59, and AU-C 230 — establishes the evidentiary standard against which governance infrastructure is evaluated.

The field evidence for the authority architecture extends beyond academic literature to documented governance practice. The IIA's Three Lines Model (2020) operationalizes authority delegation through role differentiation, but the model's effectiveness depends on decision evidence that the current documentation paradigm cannot reliably produce — approximately one in four engagements under enhanced regulatory oversight produces documentation that does not meet the profession's own standards (RA-006 §F1, cited in TR-A-001). Project Cybersyn (Chile, 1971–73) demonstrated that cybernetic governance infrastructure changes organizational capacity at national scale: during the 1973 economic blockade, Beer's system enabled real-time coordination of transportation and logistics through a telex network, statistical anomaly detection, an economic simulator, and an operations room — but was limited by 1970s technology and terminated by the September 1973 military coup (RA-009 §F14). The external accountability audit evidence (Raji & Buolamwini, 2019) demonstrates that governance infrastructure gaps have measurable consequences: the Gender Shades audit drove three audited companies to reduce facial recognition error rates by 17.7–30.4% for darker-skinned females within seven months — evidence that authority-tracing infrastructure (in this case, external audit as a proxy) produces governance improvements that internal processes without such infrastructure do not (RA-002 §F9).

The convergent evolution finding from RA-009 §F15 provides additional field evidence: cybernetics, compliance, ML/AI, and governance practice arrived at structurally compatible conclusions about organizational viability requirements independently — same environmental requirements (organizational complexity, adaptation-while-maintaining-identity, information asymmetry between levels), same structural solutions, different traditions. The AI governance community is currently rediscovering cybernetic structures without acknowledging the intellectual lineage: Perez Rios (2025) applies VSM and the Taxonomy of Organizational Pathologies to AI-era organizational failure modes; Gorelkin (2025) proposes VSM as architectural foundation for multi-agent AI coordination; the Governance-as-a-Service framework (Pervez et al., 2025) proposes coercive, normative, and adaptive enforcement for AI agents with Trust Factor scoring — structurally mirroring Beer's S3/S5 functions without citing Beer (RA-009 §F7). This contemporary rediscovery pattern is real-time field evidence for the structural necessity of the authority architecture.

§3.4Domain Application

The authority architecture's three structural properties — authority traceability, constraint attenuation, and recursive viability — produce testable predictions about governance failures in specific domains.

Enterprise governance. The COSO→VSM correspondence (RA-009 §F12) predicts that organizations adopting COSO controls without the five-function authority architecture will exhibit the same governance pathologies Beer diagnosed: calcification (monitoring without intelligence), ceremonial conformity (framework adoption without operational coupling), and accountability collapse (role differentiation without decision evidence). The IIA's Three Lines Model formalizes three of the five functions (S1/S3/S3* roughly map to first/second/third line) but omits the S4 (Intelligence) and S5 (Policy) functions that govern the balance between operational control and environmental adaptation. This structural omission predicts that organizations implementing the Three Lines Model without strategic governance infrastructure will tend toward S3-dominant calcification — a prediction consistent with the documented compliance-over-strategy bias in governance practice.

The 50-year gap between cybernetic diagnosis and operational infrastructure (RA-009 §F13) has a specific implication for enterprise governance. Beer's diagnostic methodology (1985) tells organizations what is wrong — "your organization lacks a functioning S4; you need environmental intelligence" — but provides no operational mechanism for implementing S4 as a continuous function. For 50 years, VSM practitioners diagnosed organizations and recommended structural changes, but the changes were implemented through traditional management interventions (reorganization, new committees, revised reporting lines) rather than through governance infrastructure. Project Cybersyn (Chile, 1971–73) demonstrated that infrastructure-level implementation changes organizational capacity — the system enabled real-time coordination during the 1973 economic blockade through a national telex network, statistical anomaly detection, and an operations room — but was limited by 1970s technology: single mainframe, paper printouts, telex bandwidth (RA-009 §F14). The technology that would make continuous cybernetic governance operational — structured data, real-time processing, AI agents operating within delegated authority — now exists. The 50-year gap is closing not because the diagnostic insight was wrong but because the infrastructure prerequisite was absent.

Multi-agent delegation. The delegation-as-composition finding (RA-012 §F9) predicts that multi-agent systems treating delegation as a protocol (task assignment + completion verification) rather than as a governance composition (authority + constraints + context + accountability) will produce three specific failure modes: liability diffusion (Elish's moral crumple zones — responsibility collapses onto the nearest human), intent degradation (purpose erosion across delegation hops — each hop translates intent into its own operational terms, losing the delegator's moral reasons), and accountability gaps (no participant in the chain bears reconstructable responsibility because the chain is not reconstructable). Delegation chains create these failures multiplicatively: a four-hop chain with 90% fidelity at each hop preserves only 66% of the original intent.

Figure 4Delegation as governance composition — constraint attenuation and intent degradation across hops
Figure 4. Delegation as governance composition — constraint attenuation and intent degradation across hops.

The FIPA governance regression (RA-012 §F3) provides historical evidence of what happens when governance is treated as a protocol feature rather than an architectural layer. FIPA ACL in the 1990s included performatives, conversation threading, social commitment semantics, and BDI mental state semantics — genuine governance infrastructure at the protocol layer. Modern protocols (MCP, A2A, Agent Protocol) abandoned this complexity for HTTP simplicity, gaining scalability while losing intent encoding, conversation lineage, commitment verification, and performative semantics. The same pattern documented across the research corpus is repeating in real time: governance semantics are recognized, formalized in frameworks, then lost in implementation because no architectural layer exists to operationalize them independently of any particular protocol.

AI governance regulation. The six-jurisdiction convergence finding (RA-002 §F4) predicts that regulatory approaches specifying governance requirements (transparency, accountability, fairness, human oversight) without specifying the authority infrastructure to implement them will produce ceremonial compliance — organizations that satisfy regulatory requirements on paper without the operational coupling that would make compliance substantive. The EU AI Act (2024), NIST AI RMF (2023), ISO/IEC 42001 (2023), OECD Principles (2019/2024), IEEE P7000, and Singapore's Model AI Governance Framework (2026) all converge on the same regulatory requirements while sharing the same infrastructure gap: they tell organizations WHAT to do but provide no structural substrate for HOW. Busuioc's (2021) moral-buffer finding predicts that AI systems operating without authority-tracing infrastructure will collapse human accountability: when AI recommends and humans approve without decision evidence, automation bias drives humans to relinquish authority to algorithms, and the "twin foundations of bureaucratic legitimacy — expertise and accountability — are simultaneously diminished" (RA-002 §F8). The moral-buffer effect is the AI governance analog of Meyer and Rowan's ceremonial conformity: governance is formally present (a human approved the recommendation) but operationally decoupled (the human had neither the information nor the incentive to exercise genuine authority).

§4Scope + Limitations

§4.1Argument Form

The authority architecture claim rests on convergence evidence — three primary traditions (accountability theory, organizational cybernetics, multi-agent systems) reaching structurally equivalent conclusions about authority requirements — supplemented by two supporting traditions (AI governance, representation infrastructure) and cross-tradition structural correspondences (COSO→VSM five-function mapping, cybernetics→MAS continuity). The convergence argument establishes the domain-independence of the authority architecture with high confidence: independent traditions producing the same structural requirements from different methods and vocabularies is evidence that the requirements reflect the structure of governed systems, not any single tradition's perspective. The evidence supports four assertions: (1) the authority-structure problem is structurally equivalent across traditions; (2) the convergence constitutes evidence of domain-independence; (3) the 50-year cybernetic diagnosis-to-infrastructure gap is structural; and (4) delegation is a composition pattern, not a new primitive. The evidence does not support assertions about specific infrastructure implementations, empirical performance of authority architectures, or the formal mathematical properties of the COSO→VSM correspondence (these remain open questions).

§4.2Tradition Coverage

Six traditions are engaged: accountability theory (agency, stewardship, institutional theory), organizational cybernetics (Beer's VSM, Ashby's requisite variety), multi-agent systems (delegation governance, MAS frameworks), AI governance (regulatory convergence, responsible AI practice), representation infrastructure (semantic web, ontological commitment), and the audit profession's documented practice record (IIA, COSO, Three Lines Model). The selection is not exhaustive. Other traditions that may bear on authority architecture — operations research, legal informatics, healthcare governance, public administration theory, distributed systems consensus — are not examined. The three primary traditions were chosen because each provides a formally independent diagnosis of the authority-structure problem; the convergence would be weakened if the traditions shared formal foundations. The convergence claim is bounded by the traditions examined; additional traditions could strengthen or qualify it.

§4.3Validation Status

The authority architecture argument has not been validated through implementation. The claim is that authority traceability, constraint attenuation, and recursive viability are structural requirements for any governed system — it does not claim that any specific architecture adequately provides them. Validation would require demonstrating that an implemented authority architecture achieves the governance properties the three traditions identify as necessary, and that removing the architectural properties degrades governance quality in the predicted ways. This is the role of the forthcoming TR-E series.

§4.4Practitioner Domain

The field evidence (§3.3) draws on the internal audit profession's documented record (IIA, COSO, Three Lines Model), enterprise governance frameworks (COBIT, TOGAF, SOX), and organizational cybernetics case evidence (Project Cybersyn). The argument is offered as domain-general, but the field-evidence base is concentrated in enterprise governance and organizational cybernetics. Other governance domains (legal compliance, healthcare governance, financial regulation, public administration) would provide additional field evidence; their absence does not weaken the formal convergence arguments (which are domain-independent) but does narrow the field-evidence grounding.

§4.5Alternative Explanations
Alternative explanations and their falsification conditions
ALT-1
Tradition selection boundary. This report examines three primary traditions (accountability theory, organizational cybernetics, multi-agent systems) with two supporting traditions (AI governance, semantic web). Other traditions that may bear on authority architecture — operations research, legal informatics, healthcare governance, public administration theory — are not examined. The convergence claim is bounded by the traditions examined; additional traditions could strengthen or qualify it.
ALT-2
Temporal boundary of source evidence. The source research artifacts (RA-002, RA-004, RA-005, RA-009, RA-012) were completed between March and May 2026. Post-completion publications in organizational cybernetics, MAS governance, or AI governance may have advanced the field beyond the evidence base examined here. The open questions in rwp-wr-oq track specific temporal gaps.
ALT-3
Structural correspondence vs. formal isomorphism. The COSO→VSM structural correspondence (RA-009 §F12) is documented as structural alignment — five functions from two traditions mapping to each other. Whether this constitutes formal isomorphism (a mathematically provable structural equivalence) or strong analogy (a heuristically useful but formally non-rigorous correspondence) remains an open question. The convergence argument does not depend on formal isomorphism — structural alignment from independent traditions is sufficient evidence — but formal characterization would strengthen the claim.

§5Position Statements

WMI-P05: Organization as Verb (strengthens-refines)

The evidence reviewed in §3 strengthens the WMI thesis position that organization is a verb — a continuous process of organizing — rather than a static noun describing a fixed entity. Beer's five necessary subsystems are derived from the requirements of viable organization: ongoing coordination, ongoing control, ongoing intelligence, ongoing policy (RA-009 §F3). The recursive system theorem establishes that viable organizing requires the same structural properties at every level (RA-009 §F5). Institutional theory's ceremonial conformity finding (RA-004 §F6) demonstrates what happens when organization is treated as noun: governance structures are adopted formally but decoupled from the ongoing activity of organizing. The delegation-as-composition finding (RA-012 §F9) extends this to multi-agent contexts: delegation is an ongoing governance composition, not a one-time protocol invocation. The authority architecture requires that organizational governance be a continuous structural property of operation, not a periodic compliance activity — directly strengthening the "organization as verb" commitment.

Disposition: strengthens-refines | Evidence base: RA-009 §F3, §F5; RA-004 §F6; RA-012 §F9 | Provenance: plan

WMI-P08: Four Actor Types as Governance Categories (strengthens-refines)

The convergence evidence reviewed in §3 strengthens the WMI thesis position that governance requires structural differentiation of actor types. Agency theory identifies three actor categories — principal, agent, and steward — each with distinct governance requirements: principals require monitoring, agents require constraint, stewards require empowerment (RA-004 §F2, §F3). Beer's five subsystems differentiate authority functions: S1 (operations), S3 (control), S4 (intelligence), S5 (policy) are categorically different authority roles, not different instances of the same role (RA-009 §F3). The Tomašev et al. nine-for-nine convergence finding (RA-012 §F1, §F2) demonstrates that multi-agent delegation requires the same structural differentiation: task specification, authority transfer, accountability structure, trust mechanisms, intent preservation, role boundaries, monitoring, delegation contracts, and context transfer are governance functions that must be distributed across differentiated actor types. The Three Lines Model's role differentiation (RA-004 §F9) provides the accountability-tradition confirmation: first-line, second-line, and third-line roles are governance categories, not interchangeable positions. The convergence across agency theory, cybernetics, and MAS on the necessity of structural actor-type differentiation strengthens the WMI commitment to four governance actor types.

Disposition: strengthens-refines | Evidence base: RA-012 §F1, §F2; RA-004 §F2, §F3, §F9; RA-009 §F3 | Provenance: plan

WMI-P10: Knowledge Asymmetry → Authority Asymmetry (strengthens-refines)

The evidence reviewed in §3 strengthens the WMI thesis position that knowledge asymmetry produces authority asymmetry — that the structural distribution of knowledge in an organization determines the effective distribution of authority, regardless of the formal distribution documented in governance frameworks. Jensen and Meckling's (1976) principal-agent formalization demonstrates this directly: the agent's informational advantage over the principal is the structural source of agency costs — monitoring, bonding, and residual loss are all consequences of knowledge asymmetry creating authority asymmetry (RA-004 §F2). Ashby's Law of Requisite Variety formalizes the constraint: the regulator's variety (knowledge capacity) must match the regulated system's variety, or the regulation fails — when the regulated system has more variety than the regulator can absorb, the knowledge deficit produces an authority deficit (RA-009 §F1). The delegation-chain accountability finding (RA-012 §F4) extends this to multi-agent contexts: each hop in a delegation chain attenuates accountability precisely because each hop introduces a knowledge gap between the delegator's intent and the delegatee's execution — Elish's (2019) moral crumple zone is a knowledge-asymmetry artifact, and Nissenbaum's (1996) four barriers to accountability are all knowledge-asymmetry barriers. The three-tradition convergence on knowledge asymmetry as the structural driver of authority problems strengthens the WMI commitment.

Disposition: strengthens-refines | Evidence base: RA-004 §F2; RA-009 §F1; RA-012 §F4 | Provenance: plan

WMI-P09: Socket Not Plug (strengthens-refines)

The evidence reviewed in §3 provides supporting strength for the WMI thesis position that governance infrastructure must be a socket (accepting multiple implementations) rather than a plug (hard-coded to one). The MAS framework fragmentation finding (RA-012 §F8) establishes that five major frameworks — BDI, MOISE+, Contract Net, OperA, and Categorical Cybernetics — each formalize governance subsets without any single framework achieving full coverage. The fragmentation is not a coordination failure but a structural consequence of each framework's design assumptions. The FIPA governance regression (RA-012 §F3) demonstrates what happens when governance semantics are hard-coded into a protocol: when the protocol's complexity proved unworkable, the governance semantics were abandoned along with the protocol machinery — because governance was a plug (embedded in FIPA) rather than a socket (separable from any particular protocol). An authority architecture that is protocol-agnostic — providing the governance composition layer that delegation protocols plug into — avoids the FIPA regression pattern.

Disposition: strengthens-refines | Evidence base: RA-012 §F8, §F3 | Provenance: plan

§6Sources

Internal Sources
Smith, C. (2026). Accountability & Enterprise Governance — Framework-Infrastructure Gap. GrytLabs Report RR-004 v1.0. https://doi.org/10.5281/zenodo.20185174
Smith, C. (2026). Organizational Cybernetics & the Viable System Model. GrytLabs Report RR-009 v1.0. https://doi.org/10.5281/zenodo.20185433
Smith, C. (2026). Agentic Delegation, Multi-Agent Governance & the Protocol Gap. GrytLabs Report RR-012 v1.0. https://doi.org/10.5281/zenodo.20222874
Smith, C. (2026). AI Governance & Responsible AI — Principles-Practice Gap as Infrastructure Deficit. GrytLabs Report RR-002 v1.0. https://doi.org/10.5281/zenodo.20025334
Smith, C. (2026). Semantic Web & Knowledge Representation — Mature Infrastructure, Underserved Domain. GrytLabs Report RR-005 v1.0. https://doi.org/10.5281/zenodo.20185059
Smith, C. (2026). The Structural Gap (Technical Report TR-A-001, WMI Thesis). GrytLabs Research Institute. https://doi.org/10.5281/zenodo.19666752
Smith, C. (2026). The Architectural Necessity (Technical Report TR-A-002, WMI Thesis). GrytLabs Research Institute. https://doi.org/10.5281/zenodo.20310728
External Sources
Ashby, W. R. (1956). An Introduction to Cybernetics. Chapman & Hall.
Barocas, S., & Selbst, A. D. (2016). Big data's disparate impact. California Law Review, 104(3), 671–732.
Beer, S. (1972). Brain of the Firm. Allen Lane. 2nd ed. (1981). Wiley.
Beer, S. (1979). The Heart of Enterprise. Wiley.
Beer, S. (1985). Diagnosing the System for Organizations. Wiley.
Bovens, M. (2007). Analysing and assessing accountability: A conceptual framework. European Law Journal, 13(4), 447–468.
Bovens, M. (2010). Two concepts of accountability: Accountability as a virtue and as a mechanism. West European Politics, 33(5), 946–967.
Busuioc, M. (2021). Accountable artificial intelligence: Holding algorithms to account. Public Administration Review, 81(5), 825–836.
Capucci, M., Gavranović, B., Hedges, J., & Rischel, E. F. (2021–2022). Towards Foundations of Categorical Cybernetics. Proceedings of the 4th Applied Category Theory Conference (ACT 2021).
Castelfranchi, C., & Falcone, R. (1998). Towards a theory of delegation for agent-based systems. Robotics and Autonomous Systems, 24(3–4), 141–157.
Conant, R. C., & Ashby, W. R. (1970). Every good regulator of a system must be a model of that system. International Journal of Systems Science, 1(2), 89–97.
COSO. (2013). Internal Control — Integrated Framework. Committee of Sponsoring Organizations of the Treadway Commission.
COSO. (2017). Enterprise Risk Management — Integrating with Strategy and Performance. Committee of Sponsoring Organizations of the Treadway Commission.
Davis, J. H., Schoorman, F. D., & Donaldson, L. (1997). Toward a stewardship theory of management. Academy of Management Review, 22(1), 20–47.
Dignum, V. (2004). A Model for Organizational Interaction. SIKS Dissertation Series, Utrecht University.
DiMaggio, P. J., & Powell, W. W. (1983). The iron cage revisited: Institutional isomorphism and collective rationality in organizational fields. American Sociological Review, 48(2), 147–160.
Eisenhardt, K. M. (1989). Agency theory: An assessment and review. Academy of Management Review, 14(1), 57–74.
Elish, M. C. (2019). Moral crumple zones: Cautionary tales in human-robot interaction. Engaging Science, Technology, and Society, 5, 40–60.
Espejo, R., & Reyes, A. (2011). Organizational Systems: Managing Complexity with the Viable System Model. Springer.
Gailmard, S. (2014). Accountability and principal-agent theory. In M. Bovens, R. E. Goodin, & T. Schillemans (Eds.), The Oxford Handbook of Public Accountability (pp. 90–105). Oxford University Press.
Gorelkin, M. (2025). Stafford Beer's Viable System Model for Building Cost-Effective Enterprise Agentic Systems. Medium.
Gruber, T. R. (1993). A translation approach to portable ontology specifications. Knowledge Acquisition, 5(2), 199–220.
Hübner, J. F., Sichman, J. S., & Boissier, O. (2002). A model for the structural, functional, and deontic specification of organizations in multiagent systems. In Proceedings of AAMAS 2002 (pp. 432–439).
Hübner, J. F., Sichman, J. S., & Boissier, O. (2007). Developing organised multiagent systems using the MOISE+ model. International Journal of Agent-Oriented Software Engineering, 1(3/4), 370–395.
IIA. (2020). The IIA's Three Lines Model: An Update of the Three Lines of Defense. Institute of Internal Auditors.
Ilcic, A., Fuentes, M., & Lawler, D. (2025). AI, complexity, and systemic resilience in global governance. Frontiers in AI, 8.
Jackson, M. C. (2003). Systems Thinking: Creative Holism for Managers. Wiley.
Jensen, M. C., & Meckling, W. H. (1976). Theory of the firm: Managerial behavior, agency costs and ownership structure. Journal of Financial Economics, 3(4), 305–360.
Jobin, A., Ienca, M., & Vayena, E. (2019). The global landscape of AI ethics guidelines. Nature Machine Intelligence, 1(9), 389–399.
Malone, T. W., & Crowston, K. (1994). The interdisciplinary study of coordination. ACM Computing Surveys, 26(1), 87–119.
Matthias, A. (2004). The responsibility gap: Ascribing responsibility for the actions of learning automata. Ethics and Information Technology, 6, 175–183.
Mayer, R. C., Davis, J. H., & Schoorman, F. D. (1995). An integrative model of organizational trust. Academy of Management Review, 20(3), 709–734.
Medina, E. (2011). Cybernetic Revolutionaries: Technology and Politics in Allende's Chile. MIT Press.
Meyer, J. W., & Rowan, B. (1977). Institutionalized organizations: Formal structure as myth and ceremony. American Journal of Sociology, 83(2), 340–363.
Mittelstadt, B. (2019). Principles alone cannot guarantee ethical AI. Nature Machine Intelligence, 1(11), 501–507.
Nissenbaum, H. (1996). Accountability in a computerized society. Science and Engineering Ethics, 2(1), 25–42.
Perez Rios, J. (2025). VSM and taxonomy of organizational pathologies in the age of AI. Systems (MDPI), 13(9), 749.
Pervez, H., Gaurav, S., Heikkonen, J., & Chaudhary, J. (2025). Governance-as-a-Service: A Multi-Agent Framework for AI System Compliance. arXiv:2508.18765.
Raji, I. D., & Buolamwini, J. (2019). Actionable auditing: Investigating the impact of publicly naming biased performance results of commercial AI systems. AAAI/ACM Conference on AI, Ethics, and Society (AIES), 429–435.
Rakova, B., Yang, J., Cramer, H., & Doshi-Velez, F. (2021). Where responsible AI meets reality: Practitioner perspectives on enablers for shifting organizational practices. Proceedings of the ACM on Human-Computer Interaction, 5(CSCW1), 1–23.
Rao, A. S., & Georgeff, M. P. (1991). Modeling rational agents within a BDI-architecture. In Proceedings of KR-91 (pp. 473–484). Morgan Kaufmann.
Rao, A. S., & Georgeff, M. P. (1995). BDI agents: From theory to practice. Proceedings of the First International Conference on Multi-Agent Systems (ICMAS), 312–319.
Santoni de Sio, F., & van den Hoven, J. (2018). Meaningful human control over autonomous systems: A philosophical account. Frontiers in Robotics and AI, 5, 15.
Schedler, A. (1999). Conceptualizing accountability. In A. Schedler, L. Diamond, & M. F. Plattner (Eds.), The Self-Restraining State: Power and Accountability in New Democracies (pp. 13–28). Lynne Rienner.
Schwaninger, M. (2009). Intelligent Organizations: Powerful Models for Systemic Management. 2nd ed. Springer.
Shleifer, A., & Vishny, R. W. (1997). A survey of corporate governance. Journal of Finance, 52(2), 737–783.
Smith, R. G. (1980). The contract net protocol: High-level communication and control in a distributed problem solver. IEEE Transactions on Computers, C-29(12), 1104–1113.
Tomašev, N., Franklin, M., & Osindero, S. (2026). Intelligent AI delegation. arXiv:2602.11865.
Weill, P., & Ross, J. W. (2004). IT Governance: How Top Performers Manage IT Decision Rights for Superior Results. Harvard Business School Press.
Cite As

Smith, C. (2026). The Authority Architecture (Technical Report TR-A-003, WMI Thesis). GrytLabs Dynamics Inc. https://doi.org/10.5281/zenodo.20327174

© 2026 GrytLabs Dynamics Inc. Licensed under CC-BY 4.0.

Research Ethics Statement

This research is conducted under the GrytLabs Research Code of Ethics, derived from the IIA Code of Ethics and the GAO Yellow Book ethical framework, adapted for a research-institute context.

Four principles govern all research activity:

Integrity — findings are reported as found, not as convenient. Unfavorable results are published with the same rigor as favorable ones.

Objectivity — research questions are framed to be falsifiable. Conflicts of interest (including the founder's dual role as researcher and patent holder) are disclosed, not resolved by assertion.

Confidentiality — disclosure levels (L0–L3) govern what appears in public research. Embargoed findings, IP-critical details, and pre-publication material are withheld per the Disclosure Discipline (GOV-PS-006), not suppressed.

Competency — claims are bounded by the evidence that supports them. Architectural claims cite spec sections. Empirical claims cite research artifacts. Claims that exceed available evidence are flagged as open questions, not presented as conclusions.

The Executive Director is a Certified Internal Auditor (CIA), Institute of Internal Auditors, personally bound by the IIA Code of Ethics as a condition of that credential. This is a personal attestation, not an institutional conformance claim — GrytLabs has not undergone an IIA Quality Assessment Review and does not claim IPPF conformance.

The governing traditions (IIA, GAO, AICPA, COSO) are formally mapped to the operating model in GOV-PS-001. This research applies the principles those traditions codify; it does not claim endorsement, review, or certification by any standards body.

Publication Notice

Disclaimer

This publication is provided for research and informational purposes. GrytLabs makes reasonable efforts to ensure accuracy but does not warrant that this publication is free of errors or omissions.

If you believe this publication contains errors, omissions, or misattributions, please contact the lab at research@grytlabs.ai. Corrections will be acknowledged in subsequent versions.

AI-Assisted Research Statement

This work was produced through AI-assistive collaboration under GrytLabs' AI-assistive collaboration disclosure protocol. Claude (Anthropic) participated in literature synthesis, cross-domain pattern identification, and argumentation structuring. OpenAI Codex participated in citation and accuracy verification. AI actors participate with delegated authority, never inherent authority. Responsibility for all findings, claims, and conclusions rests with the named author.

Provenance

Full workpaper with attestation and provenance chain available at research.grytlabs.ai/docs. DOI: 10.5281/zenodo.20327174