AIG-002 AI Roles and Responsibilities
Description
Named roles with defined accountability for AI risk management, AI system lifecycle decisions, and AI policy compliance are documented and assigned. This includes at minimum: an accountable executive for AI governance, named owners for each production AI system, and defined responsibilities for data scientists, ML engineers, and operators. Role assignments are kept current as systems and personnel change.
Rationale
Diffuse accountability is the most common failure mode in AI governance. Explicit role assignments make enforcement and audit possible.
Framework Mappings (5)
| EU-AI-Art.26.2 | Deployer Obligations — Human Oversight Assignment | partial |
| A.3.2 | AI roles and responsibilities | full |
| GOVERN 2.1 | AI Risk Roles and Responsibilities | full |
| GOVERN 2.3 | Executive Leadership Accountability | full |
| GOVERN 3.2 | Human-AI Configuration Roles | partial |
Evidence (2)
RACI matrix or role-definition document assigning named accountability for AI governance, with specific roles for executive AI sponsor, per-system owners, and technical practitioners.
Example: AI Governance RACI v1.3 (Confluence), listing Head of AI as executive sponsor, named product owners per system in AI inventory, and ML engineering lead as model risk owner
Test: Request the AI roles and responsibilities document. Verify: (1) an executive is named as accountable for AI governance, (2) every system in the AI inventory has a named owner, (3) roles for data scientists, ML engineers, and operators include explicit AI risk obligations, (4) the document has been updated in the last 12 months or after the last personnel change affecting a named role.
Completed training or competency records for AI oversight personnel confirming they have received appropriate training to exercise their assigned AI governance responsibilities.
Example: LMS completion records (Workday Learning) showing AI risk training completion for all named oversight roles, with course date and score
Test: Cross-reference the AI roles RACI against training completion records. Verify: (1) all named oversight roles appear in training records, (2) training completion date is within the last 12 months or within 90 days of role appointment, (3) training content covers AI risk, automation bias, and applicable regulatory obligations.
Questions (2)
Are named roles with defined accountability for AI risk management documented and assigned in your organisation?
Diffuse accountability is the most common AI governance failure mode. Look for a RACI or equivalent document that names an executive AI governance sponsor and assigns a system owner to every production AI system.
Which of the following AI governance roles are formally defined and assigned in your organisation?
All five should be present for a mature programme. Missing executive accountability or per-system ownership are the most significant gaps — they indicate AI governance cannot be enforced or audited.