Preventing agentic software from overwhelming operations, proving systems operate within acceptable bounds, and governing the flood of changes are the next big constraints many organizations will face.

This talk presents a model-based systems engineering approach for software governance, using Combined Assurance Blueprinting as a practical modeling discipline and a domain-driven design approach to structure governance, risk, and assurance. Informed by the IIA’s Three Lines Model, the IAASB’s assurance framework, and ISO 31000’s guidance on risk management, it shows how teams can turn high-level intent into machine-verifiable rules that scale with modern delivery.

The outcome is a transparent link between code and business objectives, allowing engineering teams to demonstrate to leadership that delivery speed and responsible risk management can scale together.