They're running something real. Benefits processing, permitting, case adjudication — a workflow that used to require three analysts and now runs leaner because an AI tool is doing the heavy work in the middle. When the tool was deployed, they handed off anything that sounded like "identity and access" to IT. That was the right call at the time. What nobody asked them to do was think about what happens to their program when that access becomes a compliance flag, a revocation event, or an audit finding.
This persona spans a wide range. A GS-13 program manager running a regional automation pilot and a Senior Executive Service official overseeing a cross-agency AI initiative are both in scope here. The questions work across that range because they stay at the level of program risk, not technical architecture. You don't need to know what a service account is to have this conversation. Neither does the buyer. You're raising a program management problem, not opening a security discussion.
"If an auditor asked you today to show them which AI tools have access to your program's data, and what level of access each one holds — how quickly could your team produce that documentation?"
Why it works: Every program officer understands audit readiness. This question doesn't require them to know anything about identity systems. It asks whether they can account for their program's exposure — which is squarely their responsibility.
Revealing answer: "I'd have to ask IT." That's the gap. They've delegated accountability without retaining visibility. Follow up: "And if IT needed two weeks to compile that, would that create a problem for you?"
Polite non-answer: "We have strong controls in place." Ask who owns producing the documentation and on what timeline. If they can't name a person and a number, the control isn't as strong as the answer implies.
"If the AI tool running this workflow had its access suspended — say, because of a compliance flag or a vendor security incident — what's your manual fallback, and how long could you sustain it?"
Why it works: Many programs have built operational dependencies on AI-assisted workflows without explicitly planning for access interruption. This question makes that dependency visible without framing it as a technology problem.
Revealing answer: "We don't really have a manual fallback anymore." That's the exposure. The program has become structurally dependent on access that someone else controls.
Polite non-answer: "We'd figure it out." Ask what "figuring it out" looked like the last time there was an unplanned system outage. That conversation usually produces more honesty than the hypothetical does.
"Is the AI tool you're using currently operating under a full ATO, or is it still under a provisional authorization while the formal review is pending?"
Why it works: A significant share of agency AI deployments are running under inherited or provisional authorizations, often without the program officer realizing it. This question reveals whether they know their authorization status — and whether they've thought about what a compliance finding during that review period would mean for their timeline.
Revealing answer: Uncertainty or a redirect to IT. Authorization status not being tracked at the program level is exactly the gap — and it says nothing unflattering about the program officer. That's just where the accountability line got drawn, and nobody has redrawn it. (In companion context: this is where Okta's ability to provide continuous access monitoring within an existing FedRAMP High authorization boundary becomes relevant.)
"Who owns the review of what this AI tool can access, and when did that last happen?"
Why it works: Access reviews for human users have established cadences in most agencies. Access reviews for AI agents often don't exist yet, or exist informally. This question brings ownership of that cycle into the open.
Revealing answer: A long pause, followed by "that's a good question." That pause is worth more than any answer they could give. It means the question landed somewhere real.
Polite non-answer: "IT handles that." Ask whether IT reports back to the program office on findings, and what the program office's role is if access needs to be adjusted. If there's no answer, there's no loop.
When a Program Officer starts describing a workflow that's become operationally dependent on AI access they can't account for, that conversation has earned escalation to the CIO level.