An assistant may not own the company, sign the mandate or appear on the organisation chart. None of that tells you how much power the role actually carries. In a modern private office, the person who controls the principal’s calendar, inbox, travel, devices, introductions and recovery channels can often create more immediate consequence than the person with the formal title. They can move a meeting, release a document, reset an account, redirect a courier, admit a caller, approve an exception or supply the context that makes an instruction believable. That is not an argument against trust. It is an argument against pretending trust is a control system.
The job description is not the authority map
Formal authority is usually legible. It appears in board minutes, signing rules, bank mandates, powers of attorney and employment terms. Practical authority is scattered across systems and habits. It lives in shared inboxes, password-manager collections, recovery email addresses, delegated calendars, travel profiles, document rooms, contact lists, mobile devices and the private language a close team uses to establish urgency. A person may lack the power to order a payment while possessing everything needed to make a fraudulent payment instruction convincing. This is why access reviews organised by department or application routinely miss the point. They record what a person can click. They do not record what a person can cause.
Four kinds of power accumulate around the role
- Identity power: the ability to speak in the principal’s name, answer from a trusted channel or establish that a request is authentic.
- Sequence power: the ability to decide what the principal sees, in what order and with which context.
- Recovery power: the ability to reset credentials, receive codes, replace devices or persuade a provider that an exception is legitimate.
- Coordination power: the ability to connect bankers, lawyers, advisers, family members, household staff and vendors around an instruction.
Each power can be defensible in isolation. The danger appears when several accumulate in one person, one device or one account without an independent brake.
The control should match the consequence
Do not respond by forcing the principal to approve every diary change. That is security theatre with a productivity cost. Segment delegated actions by consequence.
- Routine: scheduling, reservations and low-consequence administration may proceed within a standing mandate.
- Sensitive: release of private records, changes to trusted contacts or new provider access require a second check.
- High consequence: payments, asset transfers, changes to recovery paths, public statements and legal commitments require independent verification through a channel the initiator did not select.
- Exceptional: any instruction that asks someone to bypass the normal rule should become more difficult, not easier, to execute.
The verification rule matters because appearance is no longer enough. The Swiss National Cyber Security Centre describes CEO fraud built from public role information and recommends checking unusual instructions by calling or speaking through an independent route—not by replying to the message that carried the request. Its reporting also documents a deepfake-enabled version in which the supposed boss appeared in a video meeting. Familiar voice, face and urgency are evidence to consider; they are not authority.
Build an authority surface review
Once a quarter—and immediately after any role change—map the assistant’s effective authority. The review should answer:
- Which channels can this person send from, monitor or recover?
- Which third parties will accept their instruction without consulting the principal?
- Which documents, identity records and transaction details can they assemble?
- Which exceptions have become normal through habit?
- What happens if their primary device is stolen, coerced or unavailable?
- Who can revoke the access quickly, and who verifies that revocation actually occurred?
The output should not be a spreadsheet of permissions with no owner. It should be a one-page authority map tied to named decisions: retain, narrow, split, time-limit or remove.
Protect the role, not just the principal
The assistant is often the highest-pressure human interface in the system. Attackers know this. Colleagues also route ambiguity, urgency and emotional load into the role. Good design protects the assistant by making refusal legitimate. Give the role a written right to pause. Publish the independent verification channels. Define which requests can never be completed from email or messaging alone. Make it clear that a principal who is genuinely in a hurry will respect the control that protects both parties. The strongest private offices do not rely on an exceptional assistant to remember every unwritten rule. They turn the best judgment of that assistant into an operating system the whole institution can survive.
The useful test
Ask one question: if this person’s account and phone were controlled by an adversary for two hours, what could the adversary make other trusted people do? The answer is the role’s real authority. Govern that—not the title.
