AI 扩展计划 / Playbooks

AI Stakeholder Decision Coalition / Influence Risk Playbook

本文是学习、作品集、架构训练和内部治理讨论材料, 不构成法律意见、监管解释、合规结论、审计意见、模型验证结论、风险接受决定、劳动关系建议或正式管理授权。正式项目必须由 Business Owner、Legal、Compliance、Privacy、Records、Information Security、Model Risk、Operational Risk、Internal Audit、Arch

710 行AI_STAKEHOLDER_DECISION_COALITION_INFLUENCE_RISK_PLAYBOOK.md

AI Stakeholder Decision Coalition / Influence Risk / Alignment Architecture Playbook

定位: 面向 Senior AI PM、AI Architect、Enterprise Architect、CBAP+ BA、金融零售业务负责人、AI Governance、Model Risk、Operational Risk、CISO、Legal、Operations 和 Support Lead 的执行手册。核心目标: 把 AI initiative 的 stakeholder concerns 转成 decision rights、architecture viewpoints、requirements、controls、evidence、communication artifacts、decision forums 和 adoption operating model。核心观点: stakeholder alignment 不是软性沟通任务, 而是 AI delivery architecture。谁能批准、阻断、出资、运营、审计、采用或受伤害, 必须像 model、data、RAG、tool 和 control 一样被设计、追踪和验证。

0. Disclaimer

1. Source Anchors

Anchor	Official link	本 playbook 使用方式
ISO/IEC/IEEE 42010 Architecture Description	https://www.iso.org/standard/74393.html	用 stakeholder、concern、viewpoint、view、rationale 组织 AI stakeholder concern 到架构视图的工作流。
ISO/IEC/IEEE 29148 Requirements Engineering	https://www.iso.org/standard/72089.html	用 stakeholder need、requirements lifecycle、information item 和 traceability 组织 concern 到 requirement / control / evidence。
NIST AI Risk Management Framework	https://www.nist.gov/itl/ai-risk-management-framework	用 Govern / Map / Measure / Manage 组织 stakeholder risk mapping、measurement、management 和 learning loop。
ISO/IEC 42001 AI Management System	https://www.iso.org/standard/81230.html	用 AI management system、roles、operation、performance evaluation、internal audit 和 improvement 设计论坛、证据和管理节奏。

Source-to-execution pattern:

official anchor
  -> governance principle
  -> playbook activity
  -> artifact template
  -> decision forum
  -> evidence record

2. When To Use This Playbook

Use this playbook when an AI initiative has any of these properties:

Signal	Why this playbook matters
AI affects customer money, access, eligibility, identity, collections, complaints or pricing	harmed parties and recourse must be explicit
Multiple control functions are involved	CISO, CRO, Legal, Compliance, Model Risk and Audit need concern-specific evidence
AI agents can call tools or change workflow state	action rights, approvals and operator readiness must be designed
The project depends on frontline adoption	incentives, resistance, training and override patterns must be managed
Sponsors want speed while reviewers want assurance	forums, evidence and risk appetite interpretation must structure decisions
There is a known "everyone supports it but nobody approves it" pattern	decision rights are unclear
Architecture review keeps asking different questions	viewpoint package is missing

Do not use this as a political gossip exercise. The output is not a list of personalities. The output is decision architecture.

3. Deliverables

Deliverable	Purpose	Owner
Stakeholder ontology	classify decision owner, influencer, reviewer, operator, blocker, adopter and harmed party	PM / BA
Decision-rights map	identify who can approve, block, fund, operate, audit, adopt or be harmed	PM / Sponsor
Stakeholder-concern matrix	convert concerns into architecture responses	BA / Architect
Concern-to-viewpoint catalog	define architecture views needed for each stakeholder concern	Architect
Concern traceability graph	connect concern -> requirement -> control -> evidence -> decision	BA / Architect
Coalition graph	show formal authority, influence, hidden veto and evidence dependency	PM / Delivery Lead
Influence risk register	track hidden veto, narrative conflict, adoption resistance and evidence gaps	PM / Risk Partner
Forum architecture	define decision forums, entry evidence, possible outcomes and escalation	PMO / Governance Lead
Communication artifact pack	support sponsor, risk, operator, customer/support and audit communication	PM / BA
Evidence binder index	prove alignment, decisions, exceptions, controls and monitoring	Release Manager / Audit Liaison

Minimum success criterion:

For every material stakeholder concern,
the team can point to a viewpoint,
a requirement or control,
evidence,
an accountable decision forum,
and a monitoring signal.

4. Step 1: Frame The AI Initiative

Start with a one-page initiative frame before mapping people.

Field	Write this
AI use case	The business capability being changed, not just the model or tool
Customer / employee population	Who is affected directly and indirectly
AI role	summarize, recommend, rank, draft, decide, execute tool, monitor, route
Decision impact	whether output influences money, access, eligibility, risk, complaint, collections or pricing
Business outcome	baseline, target metric, value hypothesis
Risk tier	low, medium, high, with rationale
Operating model change	who does work differently after release
Governance path	likely forums, reviewers and blockers
Evidence ambition	what must be proven before pilot, release and scale

Example:

Field	KYC AI example
AI use case	AI-assisted document extraction and pass/review recommendation for retail account opening
Population	mobile applicants, KYC reviewers, onboarding support team
AI role	extract fields, detect mismatch, recommend pass/review; no final reject
Decision impact	affects onboarding friction, manual review and possible customer delay
Business outcome	reduce review cycle time while maintaining false reject guardrails
Risk tier	high because identity, access and customer harm are involved
Operating model change	reviewers handle AI triage categories and override reasons
Governance path	product council, model risk, legal/compliance, privacy, CISO, ops readiness
Evidence ambition	segment eval, recourse journey, reviewer capacity, communication approval

5. Step 2: Build Stakeholder Ontology

Classify stakeholders by their relationship to decisions and harm.

Type	Test question	Artifact field
Decision owner	Can this role say yes or no to a decision?	decision_owner
Funder	Can this role allocate or remove budget/capacity?	funding_owner
Blocker	Can this role stop pilot, release or scale?	block_condition
Influencer	Can this role change sponsor, adopter or reviewer position?	influence_path
Reviewer	Must this role review evidence or challenge design?	review_scope
Operator	Must this role run the process or controls after launch?	operating_responsibility
Adopter	Must this role use, recommend or accept the AI capability?	adoption_dependency
Harmed party	Can this population be negatively affected?	harm_scenario
Evidence owner	Must this role generate or preserve evidence?	evidence_owner
Hidden veto	Can this role block through an informal or late-stage gate?	hidden_veto_signal

Recommended stakeholder inventory:

Role	Type(s)	Primary concern	Decision touched	Evidence needed
Business Owner	decision owner, funder	value, scope, accountability	discovery, pilot, release, scale	business case, adoption metrics
Product Lead	decision owner, influencer	journey, adoption, outcome	scope, rollout	PRD, KPI baseline, user research
CISO	blocker, reviewer	data boundary, access, tool action	architecture, release	threat model, access review, action ledger
CRO / Operational Risk	blocker, reviewer	risk appetite, operational control	pilot, release, exception	risk memo, control matrix
Legal	blocker, reviewer	commitments, disclosure, records	communication, release	approved language, retention assessment
Compliance	blocker, reviewer	policy, conduct, customer fairness	pilot, release	compliance review, control evidence
Model Risk	blocker, reviewer	model fitness, monitoring, limitation	model approval, scale	model card, eval report, validation
Operations	operator, blocker	capacity, SOP, queue, fallback	pilot, release	runbook, training, capacity test
Sales	influencer, adopter	conversion, customer conversation	rollout, adoption	enablement pack, incentive assessment
Support	operator, adopter	explanation, complaints, escalation	release, support readiness	support scripts, FAQ, complaint path
Customer / applicant	harmed party, adopter	fairness, clarity, recourse, privacy	design, monitoring	harm model, segment eval, recourse evidence
Internal Audit	reviewer, assurance	traceability, control operation	post-release, audit	evidence binder, decision log

Quality check:

If the inventory has sponsors and reviewers but no operators or harmed parties,
the map is incomplete.

6. Step 3: Create Decision-Rights Map

List decisions before listing meetings.

Decision stage	Required decision	Owner	Potential blockers	Forum	Entry evidence	Outcomes
Discovery	approve problem and affected population	Business Owner	Product, Risk	Product Discovery Council	opportunity brief, stakeholder inventory	proceed / narrow / stop
Architecture	approve system, data, model, tool and control design	Architecture Owner	CISO, Privacy, Model Risk	AI Architecture Review	viewpoint pack, data flow, tool tier	approve / revise / hold
Pilot	approve limited exposure	Business Owner + Risk Owner	Legal, Ops, Model Risk	Pilot Gate	eval result, harm model, runbook	limited pilot / hold
Release	certify readiness	Release Owner	CISO, Legal, Model Risk, Ops	Release Certification Forum	evidence binder, open risks	release / exception / hold
Scale	expand population or automation	Sponsor + Risk Owner	CRO, Ops, Support	Scale Review	pilot metrics, complaints, adoption, monitoring	scale / restrict / pause
Rollback	stop or reduce exposure	Incident Owner	Business Owner, Risk	Incident Command	breach signal, impact analysis	rollback / degrade / monitor
Retirement	stop old process or AI version	Product + Ops	Records, Legal, Audit	Decommission Review	dependency, records and communication pack	retire / archive / extend

Decision rights questions:

Which decision can materially change customer impact?
Which decision can create or remove legal, model, security or operational exposure?
Who can approve an exception?
Who can force a hold?
Which evidence is required for the decision to be valid?
Which decision has an expiry or re-review trigger?

7. Step 4: Stakeholder-Concern Matrix Workshop

Run a focused workshop by concern type, not by department status update.

Workshop agenda:

Segment	Output
Use case frame	shared understanding of AI role and impacted population
Stakeholder ontology	confirmed roles, decision rights and missing stakeholders
Concern capture	stakeholder concerns in plain language
Concern classification	business, customer harm, model, legal, security, operations, audit, adoption
Architecture response	viewpoint, requirement, control or evidence needed
Decision mapping	forum and owner for unresolved concern
Risk signal capture	hidden veto, narrative conflict, incentive conflict, adoption resistance

Matrix template:

ID	Stakeholder	Concern	Type	Severity	Architecture response	Requirement/control	Evidence	Forum	Status
C-001	CISO	Agent may execute write tools with broad privileges	security/tool	high	tool action view	tiered tool gateway with approval	action ledger test	AI Architecture Review	open
C-002	Legal	Collections AI may promise hardship relief	legal/customer harm	high	communication and policy view	approved response library and human review	prohibited phrase eval	Legal Review	open
C-003	Ops	KYC AI may increase review queue	operations	high	operating model view	capacity threshold and fallback queue	parallel run workload report	Ops Readiness	open
C-004	Sales	Pricing AI may reduce conversion if too cautious	adoption/value	medium	narrative and offer strategy view	segment rollout and sales enablement	offer acceptance dashboard	Product Council	open

Status values:

Status	Meaning
captured	concern is recorded but not yet mapped
mapped	architecture response and owner identified
designed	requirement/control/evidence defined
evidenced	evidence artifact exists and is reviewed
decided	forum made a decision with record
monitored	production signal tracks the concern

8. Step 5: Concern-To-Viewpoint Catalog

Use 42010-style viewpoints to answer stakeholder-specific concerns.

Viewpoint	Primary stakeholders	Concerns answered	Required content
Stakeholder Impact View	Product, Risk, Compliance	who benefits, who is burdened, who may be harmed	role map, segment impact, harm scenario
Decision Rights View	Sponsor, PMO, Audit	who approves, blocks, funds, operates, audits	decision map, forum, quorum, escalation
Data Boundary View	CISO, Privacy, Data Owner	what data is used, where it flows, who can access	data flow, classification, retention, vendor boundary
Model / Prompt / RAG View	Model Risk, AI Architect	model fitness, source quality, prompt changes	model card, prompt registry, corpus version
Tool / Action View	CISO, Ops, Compliance	what AI can execute, approve or deny	tool tier, policy rule, dry run, ledger
Customer Harm View	CRO, Compliance, Support	how errors harm customers and how recourse works	harm taxonomy, recourse path, complaint monitor
Operating Model View	Ops, Support, Sales	workflow, capacity, training, adoption	swimlane, queue model, training, fallback
Control / Evidence View	Audit, Risk, Release	how controls operate and are proven	control matrix, evidence index, sample traces
Communication View	Legal, Product, Sales, Support	what story and language are approved	stakeholder briefs, customer FAQ, support scripts
Monitoring View	Ops, Risk, Product	how concerns are monitored after release	metrics, thresholds, owners, escalation

Viewpoint acceptance check:

A viewpoint is ready only when it has:
stakeholders,
concerns,
model kind,
view content,
evidence,
decision supported,
and update trigger.

9. Step 6: Trace Concern To Requirement, Control And Evidence

Traceability template:

Field	Description
concern_id	stable id from concern matrix
stakeholder_need	what the stakeholder needs to be true
requirement	system, process, data, model or control requirement
acceptance_criteria	observable pass/fail condition
control	preventive, detective, corrective or governance control
evidence	artifact proving design and operation
forum	decision forum that accepts evidence
monitoring	production signal that continues assurance

Example: AML triage.

Field	Example
concern_id	C-AML-007
stakeholder_need	AML Program Owner needs assurance AI triage does not suppress high-risk alert investigation.
requirement	The AI triage assistant must not auto-close alerts and must route high-risk typologies to analyst review with cited source evidence.
acceptance_criteria	In high-risk eval slices, missed mandatory escalation cases equal zero before release.
control	SAR boundary rule, high-risk override, analyst confirmation, action log.
evidence	eval report, typology test pack, analyst override sample, action ledger.
forum	Model Risk Review and Financial Crime AI Committee.
monitoring	high-risk override rate, analyst disagreement, QA misses, SAR QA findings.

Traceability failure patterns:

Failure	Fix
concern has no requirement	write a stakeholder need and route to BA owner
requirement has no control	define preventive, detective or corrective control
control has no evidence	define owner, artifact, frequency and review
evidence has no forum	attach to decision gate or review forum
monitoring has no threshold	define alert level and escalation path

10. Step 7: Build Coalition Graph

Coalition graph structure:

Decision nodes
  connected to formal decision owners
  connected to blockers and reviewers
  connected to operators and adopters
  connected to harmed parties and advocates
  connected to evidence artifacts
  connected to forums and escalation paths

Graph node table:

Node	Type	Description
D-PILOT-KYC	decision	approve KYC AI limited pilot
F-AI-ARCH	forum	AI Architecture Review
R-CISO	actor	security blocker and reviewer
R-KYC-OPS	actor	operator and readiness owner
H-NEW-APPLICANTS	harmed party	applicants delayed or misclassified
E-EVAL-KYC-SEG	evidence	segment eval by document type and language
C-REC	control	recourse and manual review path

Graph edge table:

Edge	Meaning
owns_decision	actor is accountable for decision
can_block	actor or forum can stop decision
reviews_evidence	reviewer must review artifact
operates_control	operator runs the control
protects	control protects harmed party
requires	decision requires evidence
influences	actor shapes adoption or sponsor position
conflicts_with	incentive, concern or decision conflicts

Use the graph to answer:

Which decision has too many reviewers but no owner?
Which blocker has no evidence path?
Which harmed party has no advocate or control?
Which operator is affected but absent from the forum?
Which evidence artifact depends on an uncommitted team?

11. Step 8: Influence Risk Register

Influence risk register turns soft alignment risk into managed delivery risk.

Risk	Signal	Impact	Mitigation	Owner	Review cadence
hidden legal veto	legal asks for customer language late	release hold	early legal review and approved language library	PM	weekly until release
sales resistance	sales leaders frame AI guardrail as conversion blocker	low adoption or pressure to bypass controls	sales narrative and incentive alignment	Product	biweekly
ops overload	pilot queue exceeds baseline	customer delay	exposure cap and capacity threshold	Ops	daily in pilot
security uncertainty	tool action details unclear	architecture hold	tool tier and dry-run demo	Architect	weekly
model risk evidence gap	eval lacks high-risk segment	model approval delay	expand eval slices and evidence binder	EvalOps	weekly
narrative conflict	sponsor says productivity, risk says decision automation	forum confusion	one-page use case and AI role boundary	PM / BA	weekly

Scoring:

Score	Description	Action
1	concern known, owner engaged, evidence path clear	monitor
2	concern known, evidence incomplete	resolve before next forum
3	formal blocker or hidden veto likely	escalate to decision owner
4	release or pilot likely blocked	create executive decision brief
5	customer harm or governance breach possible	pause exposure and use incident path

12. Step 9: Design Escalation Paths

Escalation paths must be written before pilot.

Trigger	First responder	Forum	Decision options	Evidence
prohibited customer commitment	Support supervisor	Legal / Compliance Review	disable response, retrain, continue with review	transcript, AI output, policy source
high-risk AML miss	AML QA lead	Financial Crime AI Committee	pause triage, expand review, remediate	alert sample, analyst note, eval slice
tool action denial spike	SRE / Platform	Security Architecture Review	adjust policy, keep deny, disable tool	action ledger, role matrix
KYC false reject signal	KYC Ops lead	Customer Harm Review	pause cohort, route manual, notify support	case sample, segment metric
collections complaint spike	Complaint owner	Conduct Risk Review	reduce automation, revise script, train agents	complaint tags, call evidence
personalized pricing fairness breach	Risk analytics	CRO delegate forum	stop segment, adjust model, customer remediation	offer distribution, fairness metric
evidence completeness failure	Release Manager	Release Certification Forum	hold, limited release, exception	evidence binder gap report

Escalation record:

Field	Required content
trigger	metric, event or review finding
affected population	customer, employee, system, segment
impacted decision	pilot, release, scale, rollback
severity	customer, risk, legal, operational and reputational impact
owner	accountable decision owner
options	continue, restrict, pause, rollback, remediate
decision	recorded outcome and rationale
monitoring	metric and review cadence after decision

13. Step 10: Forum Architecture

Forum architecture creates the route from concern to decision.

Forum	Entry criteria	Decision rights	Outputs
Product Discovery Council	use case frame, value hypothesis, initial stakeholder map	discovery funding, scope direction	discovery approval, scope changes
AI Architecture Review	viewpoint pack, data/model/tool/control design	architecture approval or required changes	architecture decision record
Security / Privacy Review	data flow, access, vendor, logging, threat model	approve, require controls, block data use	security/privacy decision
Model Risk Review	model card, eval, limitations, monitoring plan	approve model use, restrict, require validation	model risk decision
Legal / Compliance Review	communication, policy mapping, records, conduct risk	approve language, require recourse, block release	legal/compliance decision
Operations Readiness Review	runbook, capacity, training, support scripts, fallback	approve operational readiness, hold rollout	readiness signoff
Release Certification Forum	evidence binder, open risks, exceptions, monitoring	release, limited pilot, exception, hold, rollback	release decision record
Post-Release Learning Review	metrics, complaints, overrides, incidents, adoption	scale, tune, pause, remediate	learning actions and control updates

Forum operating rules:

Every forum has an owner and decision scope.
Entry evidence is visible before the meeting.
Decisions use standard outcomes: approve, approve with condition, limited pilot, exception, hold, rollback.
Exceptions have owner, expiry, compensating control and monitoring.
Forum decisions update the evidence binder within the same release cycle.

14. Communication Artifact Pack

14.1 One-Page Decision Brief

Section	Content
Decision ask	exact decision needed and date
Use case boundary	AI role, affected population, in/out of scope
Options	recommended path and alternatives
Stakeholder concerns	top concerns with owner and status
Evidence	links to eval, architecture, control, operations and communication evidence
Residual risk	accepted risks, owner, expiry and monitoring
Recommendation	explicit approve / limited pilot / hold request

14.2 Risk Appetite Translation Memo

Section	Content
AI use case	business process and decision impact
Enterprise appetite phrase	risk appetite statement or policy principle
Operational translation	threshold, control, approval or monitoring requirement
Evidence before pilot	what must exist before exposure
Evidence before scale	what must be proven after pilot
Escalation trigger	metric or event that requires forum review

14.3 Operator Adoption Pack

Section	Content
Workflow change	what changes for operator and supervisor
AI role boundary	what AI can and cannot do
Review and override	when human review is required and how override is logged
Support path	where operators escalate problems
Metrics	adoption, override, queue, quality and complaint metrics
Training evidence	training completion, scenario practice, supervisor readiness

14.4 Customer / Support FAQ

Section	Content
What changes	customer-visible process change
What does not change	rights, recourse, human help and privacy commitments
How decisions are made	explain AI role without overstating automation
How to get help	support, complaint and escalation path
Approved wording	legal/compliance reviewed language
Evidence link	source policy, communication approval, retention class

14.5 Audit Evidence Index

Section	Content
Decision evidence	forums, approvals, decision records
Architecture evidence	views, data flow, model/RAG/tool design
Requirements evidence	traceability from concern to control
Risk evidence	harm model, risk appetite memo, exception records
Test/eval evidence	eval contract, segment results, critical failures
Operations evidence	runbook, training, capacity, incident path
Monitoring evidence	dashboards, thresholds, alerts, review cadence

15. Financial Retail Scenario Cards

15.1 AI Agent Tools For Customer Support

Workstream	Execution actions
Stakeholders	CISO, Support Ops, Legal, Compliance, Product, Platform, Customer Advocate
Decision rights	tool action approval, customer language approval, support readiness, release gate
Key concerns	unauthorized write, wrong answer, over-reliance, customer commitment, audit log
Viewpoints	tool/action view, customer support workflow view, policy/citation view, evidence view
Controls	tool tiering, dry-run, supervisor approval, citation, action ledger, confidence threshold
Evidence	action ledger tests, support QA samples, approved script, access review
Metrics	AHT, first contact resolution, unsupported claim rate, override rate, complaint tags

15.2 KYC AI

Workstream	Execution actions
Stakeholders	KYC Ops, Sales, Legal, Compliance, Privacy, Model Risk, CISO, Applicants
Decision rights	data use, model approval, customer notice, pilot cohort, manual review capacity
Key concerns	false reject, document bias, privacy, queue overload, insufficient recourse
Viewpoints	stakeholder impact, data boundary, model eval, operating model, recourse view
Controls	no final reject by AI, manual review, segment eval, status transparency
Evidence	document-type eval, language/channel slices, reviewer override, appeal path
Metrics	review cycle time, false reject proxy, manual queue aging, applicant complaints

15.3 AML Alert Triage

Workstream	Execution actions
Stakeholders	AML Program Owner, Analysts, Compliance, Model Risk, Audit, CRO delegate
Decision rights	triage use, SAR boundary, model validation, scale approval
Key concerns	missed high-risk alert, hallucinated summary, analyst over-reliance, record quality
Viewpoints	financial crime workflow, model/eval, evidence, human accountability
Controls	no auto-close, source citation, analyst confirmation, high-risk override
Evidence	typology test pack, QA sample, action log, analyst feedback
Metrics	recall on high-risk slices, analyst disagreement, QA findings, escalation misses

15.4 Collections Hardship

Workstream	Execution actions
Stakeholders	Collections Ops, Legal, Compliance, Customer Support, Vulnerable Customer Advocate
Decision rights	approved language, hardship policy boundary, customer communication, escalation
Key concerns	unauthorized promise, vulnerable customer harm, complaint, record retention
Viewpoints	customer harm, communication, policy, operating model, evidence
Controls	approved response library, human specialist route, prohibited phrase eval
Evidence	policy source card, call/case samples, complaint path, training record
Metrics	complaint rate, unsupported commitment, hardship specialist referral, QA pass rate

15.5 Personalized Pricing

Workstream	Execution actions
Stakeholders	Product, Sales, CRO, Legal, Compliance, Model Risk, Customer Advocate, Support
Decision rights	pricing strategy, risk appetite, model use, customer explanation, scale
Key concerns	fairness, opacity, suitability, conversion pressure, complaint risk
Viewpoints	offer strategy, segment fairness, risk appetite, communication, monitoring
Controls	policy constraints, fairness eval, offer approval, recourse and complaint monitoring
Evidence	offer distribution, segment eval, approved disclosure, risk acceptance
Metrics	conversion, margin, offer disparity, complaint tags, override and appeal rate

16. Evidence Binder Checklist

Evidence	Required fields	Owner
Stakeholder inventory	role, type, concern, decision touched, evidence need	PM / BA
Decision-rights map	decision, owner, blocker, forum, evidence, outcome	PMO
Concern matrix	concern id, stakeholder, type, severity, architecture response	BA
Viewpoint catalog	viewpoint, stakeholder, concern, model kind, evidence	Architect
Traceability table	concern, need, requirement, control, evidence, monitoring	BA / Architect
Coalition graph	node, edge, decision, blocker, operator, harmed party	PM
Influence risk register	signal, impact, mitigation, owner, cadence	PM / Risk
Risk appetite memo	appetite, translation, threshold, escalation	Risk Partner
Communication approvals	script, FAQ, legal/compliance approval, version	Product / Legal
Operations readiness	SOP, capacity, training, support, fallback	Ops
Eval and test evidence	dataset, slices, thresholds, results, critical failures	EvalOps
Release decision	forum, decision, conditions, residual risks, monitoring	Release Manager

Binder quality tests:

A reviewer can reconstruct why pilot or release was approved.
Each high-severity concern has a control and evidence artifact.
Each exception has owner, expiry and monitoring.
Each customer-facing communication has approval and source.
Each high-impact AI action has an action log or equivalent evidence.

17. Metrics And Monitoring

17.1 Alignment Health Metrics

Metric	Meaning
concerns mapped percentage	share of material concerns linked to viewpoint/control/evidence
open blocker count	unresolved concerns owned by formal blockers
hidden veto count	informal decision dependencies still unresolved
evidence readiness score	evidence complete, reviewed and versioned
forum decision cycle time	time from evidence submission to decision
exception aging	open exceptions by expiry and risk level
stakeholder disagreement recurrence	repeated challenges in same concern category

17.2 Adoption And Harm Metrics

Metric	Use
active adoption by role	detect passive resistance or training gaps
override rate and reason	measure trust, quality and workflow fit
manual queue aging	detect operational overload
complaint tags	detect customer confusion or harm
recourse usage	measure whether appeal path is visible and used
segment performance	detect harmed party gaps
unsupported claim rate	detect communication and grounding issues
tool denial / approval rate	monitor autonomy boundary

Monitoring rule:

Every release concern must have at least one post-release signal,
and every high-risk signal must have an escalation owner.

18. Anti-Patterns

Anti-pattern	Operational risk	Better pattern
Stakeholder list without decision rights	many meetings, no valid approval	decision-rights map
Sponsor says yes, blockers are absent	late release hold	blocker and hidden veto register
Architecture diagram answers every question poorly	reviewers keep asking new questions	concern-specific viewpoint package
Risk appetite remains abstract	controls and thresholds unclear	risk appetite translation memo
Operators engaged after design	adoption failure and workarounds	operating model view in discovery
Customer harm treated as legal review only	weak recourse and complaint readiness	harm model and customer journey evidence
Sales incentives ignored	pressure to bypass guardrails	incentive and narrative alignment
AI summary used as evidence	unsupported or unreviewed claims	evidence binder with source artifacts
Exception without expiry	residual risk becomes permanent	exception owner, expiry and monitoring
Forum decisions not recorded	audit trail breaks	decision log linked to release binder

19. Interview Answers

Q1: How do you align stakeholders for a high-risk AI initiative?

30 秒版本:

I treat alignment as architecture. I map who can approve, block, fund, operate, audit, adopt or be harmed, then translate each stakeholder concern into viewpoints, requirements, controls and evidence. The outcome is a decision-rights map, concern matrix, forum architecture and evidence binder, not just meeting notes.

2 分钟版本:

In financial retail, a high-risk AI initiative touches product value, customer harm, model risk, legal language, security boundaries, operations capacity and audit evidence. I start by defining the AI role and affected population. Then I classify stakeholders as decision owners, blockers, influencers, reviewers, operators, adopters and harmed parties. For each concern, I define the architecture viewpoint needed: data boundary, tool action, model eval, customer harm, operating model, communication or evidence view. The concern is traced into requirement, control, evidence and monitoring. Finally, I route unresolved tradeoffs to the right forum, such as architecture review, model risk, legal/compliance, operations readiness or release certification.

Q2: How do you prevent hidden vetoes from appearing late?

30 秒版本:

I ask every decision who can approve, who can block, what evidence they need, and which forum owns the decision. Hidden vetoes often come from data owners, records, legal hold, vendor risk, operations, accessibility or support. I register them early with a mitigation and review cadence.

2 分钟版本:

A hidden veto is not an interpersonal problem; it is an undiscovered decision dependency. For example, a KYC AI project can be blocked late by privacy because the document data purpose is unclear, by operations because reviewer capacity is missing, or by legal because customer notices are not approved. I expose this by building a decision-rights map and concern matrix in discovery. Every blocker gets a block condition and evidence path. Every concern gets a forum. If the path is unclear, it becomes an influence risk with an owner and deadline.

Q3: How do you convert stakeholder concerns into requirements?

30 秒版本:

I use concern-to-requirement-to-control-to-evidence traceability. A concern like "agent tools may update records incorrectly" becomes requirements for action tiering, policy checks, dry-run preview, approval, idempotency and action ledger evidence.

2 分钟版本:

The key is to avoid vague requirements like "make it secure" or "keep legal comfortable." For a collections hardship assistant, Legal's concern becomes a stakeholder need: customer communication must stay within approved hardship policy and preserve escalation rights. The requirement states the assistant must cite active policy, avoid final commitment language unless authorized and route uncertainty to a specialist. Controls include approved response library, prohibited phrase eval and human review. Evidence includes source policy card, eval results, reviewer samples and communication approval.

Q4: How do you handle adoption resistance from frontline teams?

30 秒版本:

I treat adoption resistance as a signal about workflow, trust, incentive or capacity. I measure usage, override reasons, queue impact and training gaps, then adjust workflow, narrative, controls and rollout cohort.

2 分钟版本:

Frontline resistance is often rational. A support agent may avoid AI if it slows them down, creates compliance risk or makes them accountable for bad suggestions. Sales may resist pricing guardrails if incentives reward conversion only. I include operators and adopters in the stakeholder ontology, build an operating model view, define override and escalation paths, and monitor adoption by role. If adoption fails, I do not call it change resistance by default; I test whether the design changed workload, incentives, trust or customer conversations.

20. Portfolio Exercise

Build a portfolio-ready artifact pack for one of these initiatives:

AI agent tools for customer support.
KYC AI for onboarding.
AML alert triage assistant.
Collections hardship assistant.
Personalized pricing engine.

Required artifacts:

Artifact	Minimum content
Use case frame	AI role, affected population, decision impact, risk tier
Stakeholder ontology	at least 12 roles classified by decision type
Decision-rights map	discovery, architecture, pilot, release, scale and rollback
Concern matrix	at least 15 concerns with severity, response and evidence
Viewpoint catalog	at least 8 viewpoints tied to stakeholder concerns
Traceability table	at least 10 concern -> requirement -> control -> evidence rows
Coalition graph	nodes and edges for formal authority, influence, hidden veto and harmed party
Influence risk register	at least 8 risks with mitigation and owner
Forum architecture	forums, entry evidence, outcomes and escalation triggers
Communication pack	sponsor brief, risk memo, operator pack, customer/support FAQ
Evidence binder index	evidence classes, owners, versions and monitoring signals

Review rubric:

Dimension	Strong evidence
Decision clarity	approval, block, funding, operations, audit, adoption and harm are distinct
Concern translation	concerns become architecture views, requirements, controls and evidence
Financial retail specificity	CISO/CRO/legal/model risk/product/sales/ops/support/customer examples are concrete
Influence risk maturity	hidden veto, incentives, narrative conflict and resistance are managed as delivery risks
Forum discipline	unresolved tradeoffs have decision forums and escalation paths
Evidence discipline	release and exception decisions are reconstructable

Final portfolio statement:

This AI initiative is aligned because the decision rights are explicit, stakeholder concerns are traceable to controls and evidence, forums can resolve conflicts, and post-release signals monitor adoption, harm and residual risk.