ChatGPT can now search connected business data and, where apps and permissions allow, create or update files, messages, calendar entries and other records. For Sydney and NSW businesses, the sensible answer is not a blanket yes or no. Let it act only inside a defined, reversible operating envelope, with least-privilege access, approval before external or financial consequences, and a clear audit trail for every change.The practical question facing businesses is no longer whether artificial intelligence can produce a useful draft. It is whether an AI system should be allowed to cross the line between recommending work and changing the operating record.That distinction matters because the latest generation of connected workplace tools can do more than summarise a folder or suggest an email. Depending on the connected app, account permissions and workspace configuration, ChatGPT may be able to create documents, update spreadsheets, prepare calendar events, upload files, modify internal records or initiate communications.OpenAI’s current documentation describes apps as integrations that can search business information, reference connected data, synchronise content and perform supported write actions. Its permission settings can range from asking before every app interaction to permitting some actions without a confirmation prompt.For a Sydney property operator, construction business, strata manager, professional practice or service company, that turns AI adoption into an authority-design problem. The central issue is not whether ChatGPT is intelligent enough to perform an isolated step. It is whether the business has decided what the system is authorised to change, under which conditions, and who remains accountable when the outcome is wrong.The Capability Has Changed Faster Than Most Operating ModelsMany businesses still treat workplace AI as a more sophisticated writing assistant. Staff paste information into a chat, receive a draft and decide what to do with it.Connected AI changes the operating sequence. Instead of a staff member manually moving between email, cloud storage, calendars, customer records and project systems, the AI may be able to reach those systems directly.As at July 2026, OpenAI states that supported apps can undertake functions including:Searching and referencing information in connected services.Using synchronised company content as workplace context.Creating or updating information through supported write actions.Drafting documents, emails, spreadsheets or meeting records.Uploading, moving or renaming files where permissions allow.Supporting scheduled or repeatable workplace workflows.OpenAI also provides workspace controls covering app access, role-based availability, action permissions, connected domains and, for supported apps, restrictions on the actions the integration may perform.These controls are important, but they do not replace an internal operating decision. A technically available action is not automatically an action the business should delegate.Access Is Not the Same as AuthorityBusinesses frequently make the mistake of treating app connection as a single decision. An administrator approves Google Drive, Microsoft 365, Slack, a CRM or another platform, and the integration is considered operational.In practice, four separate questions must be answered:What information can the system see?What records can it create or change?Which actions require a person to approve them?How will the business detect, reverse and explain an incorrect action?A connected system may be able to read a project folder without being authorised to move documents. It may be permitted to prepare an email draft without being permitted to send it. It may calculate a proposed invoice adjustment without being permitted to alter the accounting record.That separation should be designed deliberately rather than left to default settings.Elyment has previously examined which business systems organisations should connect to emerging agent platforms first. The next governance question is more consequential: once a system is connected, which decisions is it allowed to execute?A Three-Level Model for AI WorkA useful way to structure workplace authority is to divide AI activity into three levels.1. ObserveThe system can retrieve, compare, classify and summarise information but cannot change the underlying record.Examples include:Finding the latest flooring specification in a controlled project folder.Summarising correspondence about a strata renovation approval.Identifying unresolved actions from project meeting notes.Comparing supplier quotations without accepting one.Reviewing a schedule for likely sequencing conflicts.This is usually the lowest-risk starting point, although privacy, confidentiality and accuracy still require controls.2. PrepareThe system creates a proposed output but does not commit it externally or alter a critical source record.Examples include:Creating a private draft email to a client.Preparing a proposed job schedule for human review.Drafting a variation summary from approved project notes.Building a spreadsheet in a temporary working folder.Preparing a contractor briefing without issuing it.This level can remove substantial administrative effort while preserving a meaningful approval point.3. CommitThe system changes the operational state of the business.Examples include:Sending an email or client message.Updating a confirmed project date.Changing a customer or supplier record.Uploading a document into a live project folder.Cancelling an appointment.Changing file-sharing permissions.Deleting information.Approving expenditure or initiating a financial transaction.Commit authority should be narrow, role-specific and proportionate to the consequences of an error.Where Sydney Businesses Can Gain Real Operational TimeThe strongest use cases are often not fully autonomous. They are workflows in which AI completes the information-heavy preparation stage and a responsible person controls the commitment stage.Property and Renovation OperationsA connected assistant could review project correspondence, locate the latest floor plan, compare scheduled access times and prepare a morning operations brief.It could also draft a client update explaining that floor levelling cannot proceed until demolition depth, moisture conditions or substrate repairs are confirmed.It should not independently promise a revised completion date, accept a variation, approve additional materials or instruct a contractor to proceed where scope and cost remain unresolved.Strata and Facilities CoordinationAI could consolidate defect reports, retrieve approval conditions, identify insurance documents that are nearing expiry and draft a building-management update.It should not independently alter contractor access, issue notices to residents, approve work affecting common property or represent that a proposed scope satisfies an owners corporation requirement.Professional and Property ServicesAI may assist with assembling checklists, locating previous correspondence, drafting routine updates and identifying missing information.It should not alter settlement instructions, transmit identity documents, provide unreviewed legal advice, change payment details or send a substantive client communication without an authorised person checking the context.Accounts and ProcurementAI can compare invoices against purchase orders, identify unusual totals, prepare a reconciliation and draft a supplier query.It should not change bank details, release payment, approve a refund or accept a commercial commitment without a separate control.These examples illustrate why workflow-embedded AI can outperform a disconnected chatbot, but only when the embedded system operates inside a disciplined authority structure.A Practical Action-Authority MatrixA business does not need to treat every app action as equally risky. It should classify actions by consequence, reversibility and exposure.Action type: Read and searchTypical example: Locate a project file or summarise internal correspondence.Recommended starting position: Permitted within approved data boundaries.Required control: Least-privilege access and source citations.Action type: Private draftingTypical example: Create an unsent email, report or working spreadsheet.Recommended starting position: Generally suitable for controlled pilots.Required control: Human review before use.Action type: Internal record updateTypical example: Add a note to a CRM or revise a non-critical task status.Recommended starting position: Permit only for tightly defined fields.Required control: Approval, logging and rollback.Action type: External communicationTypical example: Send an email, message, notice or invitation.Recommended starting position: Require human confirmation.Required control: Recipient, content and attachment review.Action type: Commercial commitmentTypical example: Accept a quote, confirm a variation or change a booking.Recommended starting position: Keep under authorised human control.Required control: Delegation limits and dual review where material.Action type: Financial actionTypical example: Release payment, issue a refund or change bank details.Recommended starting position: Do not delegate autonomously.Required control: Independent financial controls.Action type: Access or security changeTypical example: Modify sharing permissions or create credentials.Recommended starting position: Restricted to authorised administrators.Required control: Strong authentication and audit records.Action type: Deletion or cancellationTypical example: Delete a file, cancel an appointment or remove a record.Recommended starting position: Require explicit confirmation.Required control: Retention rules, backups and a recovery process.Default Settings May Still Be Too Broad for a PilotOpenAI’s current app-permission model includes settings such as Always ask, Any changes, Important actions and, where available, Never ask.The default Important actions setting allows information to be read automatically and asks for confirmation before actions assessed as consequential, sensitive or difficult to reverse. However, OpenAI also notes that some lower-risk changes may proceed without a prompt under that setting.That distinction is operationally important.During an early business pilot, the safer starting point may be to require approval before any change rather than relying on the system to determine which changes are important. This provides the project team with evidence about how the integration behaves before broader authority is considered.A mature deployment may later permit selected low-risk changes, such as saving a private draft or updating a tightly controlled internal status field. That expansion should follow testing, not precede it.The production-readiness issues are similar to those examined in Elyment’s analysis of what organisations should prepare before AI agents move into live operations. The difference here is that readiness must be tested action by action rather than judged at platform level.The Sydney Risk Is Often Workflow FragmentationSydney service businesses commonly operate across a fragmented collection of systems rather than one controlled enterprise platform.A single renovation or property matter may involve:Email correspondence.Cloud storage.A scheduling calendar.A CRM or job-management platform.Supplier quotations.Site photographs.Strata or building-management records.Accounting software.Contractor messages.Client approval records.Connecting an AI system to several of these sources may improve visibility, but it can also collapse boundaries that previously existed because separate staff members controlled separate steps.A project coordinator may be authorised to change a site attendance time but not a contract completion date. An accounts employee may view an approved variation but not instruct the project team. A contractor may receive access information but should not see the client’s financial or identity records.An AI integration can unintentionally cross those role boundaries unless access is designed around the workflow rather than the convenience of connecting an entire account.Privacy and Cyber Security Are Operational RequirementsThe Office of the Australian Information Commissioner’s guidance on commercially available AI products advises organisations to assess how an AI product collects, stores, uses and discloses personal information, and to consider privacy obligations before deployment.The OAIC also cautions organisations against placing personal information, particularly sensitive information, into publicly available generative AI tools because of the privacy risks involved.Not every small business is automatically covered by the Privacy Act 1988. The application of the Act depends on turnover and business activities, with several categories of smaller organisations still covered. Regardless of the statutory position, clients, insurers, larger contractors and professional partners may impose confidentiality, data-handling and security requirements through contracts or procurement policies.The Australian Cyber Security Centre’s small-business guidance recommends least-privilege access, meaning users receive only the minimum permissions required to perform their work.That principle should extend to AI services. An AI assistant should not receive wider access than the employee or workflow it is assisting.The NSW Small Business Commissioner also directs businesses to strengthen cyber awareness and recognise that cyber security involves both technology and the way people interact with it.For government-related work, Digital NSW’s AI frameworks are directed at NSW Government agencies rather than private businesses. Even so, their emphasis on privacy, security, accountability, transparency and documented risk assessment offers a useful governance reference for private organisations designing higher-impact AI workflows.The Hidden Cost Is Not Just an Incorrect OutputBusinesses often assess AI risk in terms of hallucination or factual inaccuracy. Once the system can act, the cost profile broadens.An incorrect action may create:A client commitment that operations cannot meet.A contractor arriving before access has been approved.A duplicate or conflicting project record.A document stored in the wrong project folder.A message sent to an incorrect recipient.An overwritten spreadsheet formula.A deleted record that was subject to retention requirements.A privacy incident caused by excessive access.A dispute about who authorised a change.Additional labour required to reconstruct the correct sequence.In construction, property and professional workflows, a small administrative error can move quickly into the physical world. A changed booking can affect keys, loading zones, lift protection, resident notices, contractor mobilisation, material delivery and the availability of other trades.The cost of an AI mistake therefore depends less on the wording of the output and more on how far the action travels before a person detects it.A Safer Rollout SequenceBusinesses considering connected ChatGPT workflows should progress through a controlled sequence rather than enabling broad access on the first day.Map the existing workflow.Identify each system, record owner, approval point and external consequence. Do not automate a process that staff cannot explain consistently.Classify the data.Separate general operational information from client identity records, financial information, legal material, health information, credentials and commercially sensitive files.Begin with read-only access.Test retrieval quality, source accuracy, project separation and whether the system consistently selects the correct records.Introduce private drafting.Allow the system to create proposed outputs in a controlled location without sending, publishing or changing the live source record.Enable one narrow write action.Select an action that is reversible, low-value and easy to audit, such as updating a non-critical internal task status.Define approval gates.Require named human approval for external communication, commercial commitments, changes to access, deletion, financial actions and sensitive-data disclosure.Log and reconcile changes.Review what the system changed, who approved it, whether the result was correct and how the action can be reversed.Revoke unused access.Remove apps, scopes, accounts and permissions that are no longer required.This approach complements Elyment’s analysis of how small businesses can identify the first workflow worth automating. Workflow selection determines where to begin. Authority design determines how far automation should be permitted to proceed.What a Business Should Measure During the PilotThe success of an AI pilot should not be measured only by the number of minutes saved.Useful operating measures include:The percentage of retrieved records that came from the correct client or project.The percentage of drafts accepted without material correction.The number of actions blocked by permissions.The number of approvals requested at the correct stage.The number of duplicate, incomplete or incorrectly placed records.The time required to review each proposed action.The time required to reverse an incorrect change.The number of staff members who can explain the escalation process.Whether logs clearly identify what changed and why.A workflow that saves 30 minutes but creates uncertain records, additional reconciliation or a higher risk of external error may not be an operational improvement.The Governance Questions to Answer Before Enabling Write AccessBefore allowing an AI system to alter a connected service, management should be able to answer the following:Which exact actions are enabled?Which data sources can the system access?Can access be restricted by folder, team, project, domain or role?Which changes can occur without a confirmation prompt?Who is authorised to approve each action category?Can the action be reversed quickly?Where is the audit record stored?What happens if the system selects the wrong client or project?How are new app actions reviewed before they are enabled?Who removes access when a pilot, employee or supplier relationship ends?If those answers are unclear, the system is not ready for broad write authority.Planning a connected AI workflow across files, email, calendars or operational systems?Review the permissions, approval gates, data boundaries and delivery sequence before enabling live actions.Review Your AI Workflow, Permissions and Approval GatesShould Businesses Let ChatGPT Act?Yes, but not with undefined authority.The most defensible operating model is not fully manual and it is not fully autonomous. It is a graduated system in which AI can observe broadly within approved boundaries, prepare work efficiently, and commit only where the action is narrow, reversible and properly controlled.External communications, financial decisions, contractual commitments, access changes, sensitive-data disclosures and destructive actions should remain behind clear human approval points.For Sydney businesses, the advantage will not come from connecting the largest number of apps. It will come from designing the cleanest line between what the system may recommend, what it may prepare and what it is genuinely authorised to change.Sources and ReferencesElyment: Which Business Systems Should Organisations Connect to Emerging Agent Platforms First?Elyment: Why Workflow-Embedded AI Can Outperform a Disconnected ChatbotElyment: Preparing Before AI Agents Move Into Live OperationsOffice of the Australian Information Commissioner: Privacy and Commercially Available AI ProductsAustralian Cyber Security Centre: Small-Business Cyber Security GuideNSW Small Business Commissioner: Protect Your Business From Online ThreatsElyment: Identifying the First Small-Business Workflow Worth AutomatingElyment: Contact