Key takeaway
AI agents can help S2P, but only when work is repeatable, auditable, reversible, integrated, and governed. Judgment and risk acceptance stay human-owned.
Start with activity-level design
- Do not classify the entire S2P process as automatable.
- Break work into activities such as supplier discovery, RFx draft, supplier award, onboarding checks, invoice matching, and payment approval.
- Classify each activity based on judgment, risk, data quality, exception rate, auditability, and approval need.
Ownership buckets
- Human-owned: supplier award, payment approval, contract approval, bank detail changes, and policy exceptions.
- AI-assisted: spend classification, supplier discovery, RFx drafting, bid comparison, exception recommendations, and summarization.
- Agent-executed with controls: supplier reminders, PO follow-up, duplicate checks, document checks, and clean invoice matching where controls exist.
Controls required before scale
- Named business owner and agent owner.
- Allowed actions, blocked actions, access limits, and approval thresholds.
- Audit trail, exception queue, human review point, monitoring metrics, and kill switch.
- Control testing before production rollout.