Chapter 21: Exercises — Corporate Governance of AI

Difficulty ratings: ⭐ (foundational) through ⭐⭐⭐⭐ (advanced). Exercises marked with † involve external research or fieldwork.

Foundational Exercises (⭐)

Exercise 1 — Governance Vocabulary Check Match each governance term to its most accurate definition: (a) Model card — (b) Red-teaming — (c) Algorithmic impact assessment — (d) Ethics washing — (e) Responsible AI Standard

  1. A structured review of an AI system's potential harms and benefits before deployment
  2. Using ethics vocabulary and structures to signal commitment without making substantive changes
  3. Documentation describing a machine learning model's performance, limitations, and intended use
  4. Structured adversarial testing designed to surface harmful or unintended AI outputs
  5. An operational document translating AI principles into specific development requirements

After matching, write one sentence explaining why each concept matters for AI governance practice.

Exercise 2 — The Three Pillars in Practice For each of the following organizational situations, identify which governance pillar — accountability, oversight, or enablement — is most clearly deficient, and explain your reasoning:

(a) An organization has a detailed responsible AI framework but no one is specifically responsible for ensuring AI systems comply with it. (b) An organization has clear role assignments for AI system accountability but provides engineers with no training, tools, or guidance for ethical AI development. (c) An organization has an ethics review process, but the ethics reviewers are members of the same product team as the engineers building the systems being reviewed. (d) An organization's AI bias testing consistently finds problems, but the findings are never communicated to the executives responsible for deployment decisions.

Exercise 3 — Principles Document Analysis Find and read an AI ethics principles document published by a major technology company (Microsoft, Google, IBM, Meta, or Amazon each have published versions). Using the four-part test from Section 21.4 — specificity, accountability, enforcement, and review — assess the document:

  • Rate each dimension on a 1–5 scale (1 = entirely absent, 5 = fully addressed)
  • Provide specific textual evidence for each rating
  • Identify the single most significant gap between what the document promises and what it operationalizes
  • Propose one specific, actionable improvement for the identified gap

Intermediate Exercises (⭐⭐)

Exercise 4 — Ethics Board Design You have been asked to design an AI ethics board for a mid-sized financial services company that uses AI in credit scoring, fraud detection, and customer segmentation. The company has approximately 3,000 employees, is publicly traded, and operates in the United States with some international operations.

Design the ethics board structure, specifying: - Board size and composition (internal and external members, expertise areas, diversity considerations) - Reporting line and relationship to the board of directors - Authority structure: what decision rights does the board have? - Meeting frequency and decision trigger criteria - Escalation mechanism when the ethics board and business leadership disagree - Resignation protocol: under what circumstances can or should members resign?

Justify each design choice with reference to the governance principles discussed in this chapter.

Exercise 5 — The Maturity Assessment Using the five-level governance maturity framework from Section 21.9, assess a real or hypothetical organization across the following governance dimensions:

  1. Ethics body structure and authority
  2. Responsible AI function capacity and authority
  3. Principles documentation and operationalization
  4. Procurement governance
  5. Data governance practices
  6. Incentive structure alignment
  7. Board-level AI oversight

For each dimension, assign a maturity level (1–5) and provide the specific evidence or reasoning that supports your rating. Where you find variation across dimensions, analyze what the variance reveals about the organization's governance priorities and gaps.

Exercise 6 — Vendor Due Diligence Questionnaire Your organization is evaluating three AI vendors for a hiring screening tool that will process applications and rank candidates for interview consideration. Develop a due diligence questionnaire of at least 15 substantive questions that you would send to each vendor before purchase.

Your questionnaire should address: - Training data composition and demographic representation - Performance metrics by demographic subgroup - Third-party auditing and bias testing - Incident disclosure and response policies - Data retention and use practices - Contractual provisions the vendor is willing to accept (audit rights, performance guarantees, etc.) - Regulatory compliance documentation

After drafting the questionnaire, explain which five questions are most important and why, given the specific risks of AI in hiring decisions.

Exercise 7† — Field Interview: AI Governance in Practice Identify and interview a professional who works in AI governance, responsible AI, AI ethics, or a closely related role. Prepare at least ten interview questions addressing: - The nature and scope of their AI governance work - The authority and organizational position of their function - The biggest challenges they face in practice - The gap between governance aspirations and operational reality - What they wish they had known when they started this work

After the interview, write a 750-word reflection analyzing how your interviewee's experience compares to the governance concepts discussed in this chapter. Where does experience confirm the chapter's analysis? Where does it complicate or contradict it?

Advanced Exercises (⭐⭐⭐)

Exercise 8 — Incentive Redesign A technology company's AI product team has the following OKRs for the quarter: - Reduce model inference latency by 20% - Grow monthly active users by 15% - Reduce false positive rate in recommendation algorithm by 10% - Launch three new AI features before competitor

Review these OKRs from an AI governance perspective. Identify the specific ethical risks that these OKRs, as written, create or exacerbate. Then redesign the OKR set to embed ethical AI requirements while preserving the legitimate business objectives. For each ethics-focused metric you add, explain what it measures and why it matters.

Exercise 9 — The Resignation Decision You are a member of a company's AI ethics board. The company is developing an AI-powered bail recommendation tool for use in criminal courts. Over three months of board meetings, you have raised serious concerns about:

  • The historical crime data used for training, which reflects decades of racially biased policing
  • The absence of any demographic subgroup performance testing in the validation results shared with the board
  • The absence of any meaningful mechanism for defendants to understand or contest the tool's assessment
  • The timeline for deployment, which does not allow time for the testing and remediation you believe is necessary

The company's CEO has listened to your concerns at each meeting, thanked you for your input, and proceeded with the original deployment timeline. You have been told that the system will be deployed in three jurisdictions within 60 days.

Write a structured analysis of your options: (a) continue on the board and continue raising concerns; (b) escalate within the organization (to the board of directors, if different from the ethics board's principal; to counsel); (c) resign without public statement; (d) resign with a public statement; (e) disclose your concerns externally without resigning. For each option, analyze the likely effects, the ethical considerations, and the risks. Conclude with a recommendation and defense of your chosen course.

Exercise 10† — AI Governance Gap Analysis Select a publicly traded company that deploys AI systems as a significant part of its business. Using publicly available information — annual reports, proxy statements, SEC filings, published AI principles, and any available third-party reporting — conduct a governance gap analysis:

  1. Document what governance structures the company claims to have in place (ethics bodies, responsible AI teams, published principles, external commitments)
  2. Identify available evidence about how those structures operate in practice
  3. Identify documented AI incidents, controversies, or governance failures involving the company
  4. Assess the gap between the governance the company claims and the governance the evidence supports
  5. Using the maturity framework, assign a maturity level and justify it with specific evidence

Present your analysis in a professional format (3–5 pages) that could be shared with the company's board of directors.

Expert Exercises (⭐⭐⭐⭐)

Exercise 11 — Governance Architecture Design You have been engaged as an AI governance consultant by the board of a large hospital system. The system uses AI in multiple clinical and administrative functions: a sepsis prediction tool in the ICU, a radiology image analysis tool, an AI scheduling system for operating rooms, an AI chatbot for patient intake, and a predictive readmission risk tool used in discharge planning.

Design a comprehensive AI governance architecture for the hospital system. Your design should address: - The appropriate governance body structure for the organization's risk profile - The responsible AI function: staffing, authority, reporting structure - Pre-deployment review processes calibrated to different risk tiers - Vendor governance and procurement requirements - Post-deployment monitoring for each category of AI tool - Board-level reporting structure and frequency - Incentive alignment mechanisms - Patient engagement mechanisms (how affected populations' perspectives are incorporated) - Incident response and public disclosure protocols

Present your architecture as a governance design document suitable for presentation to the hospital system's board.

Exercise 12† — Comparative AI Governance Analysis Select three organizations — one from the technology sector, one from financial services, and one from a regulated sector such as healthcare or energy — and conduct a comparative analysis of their AI governance approaches. Use a consistent analytical framework across all three:

  • Governance body structure and authority
  • Published principles and their operationalization
  • Responsible AI function (if any)
  • Public evidence of governance effectiveness or failure
  • Maturity level assessment

Based on your comparison, identify: (a) what governance practices appear to be sector-specific and why; (b) what practices appear to be transferable across sectors; (c) what you believe is the single most important governance improvement each organization should make.

Exercise 13† — Ethics Board Simulation Working in a group of 6–9 people, simulate an AI ethics board review for a proposed product: an AI-powered predictive sentencing recommendation tool for use by federal judges. Assign roles — ethics board members with different expertise areas, a company representative presenting the product, an external observer/evaluator.

The simulation should include: - A 20-minute product presentation by the company representative (based on a prepared fact sheet) - A 30-minute Q&A and deliberation period - A 15-minute board deliberation (without the company representative) - A 10-minute presentation of the board's conclusions and recommendations

After the simulation, each participant should write a 500-word individual reflection analyzing: (a) what factors influenced the board's conclusions; (b) what information the board would have needed that it didn't have; (c) how the board's authority (advisory only, in this simulation) affected its deliberations; (d) what they would do differently in a real governance context.

Exercise 14 — The Long-Term Governance Case Google's AI Principles (2018) stated that Google would not develop AI for "weapons or other technologies whose principal purpose or implementation is to cause or directly facilitate injury to people." Using publicly available information about Google's subsequent AI activities — Project Maven, Project Dragonfly, Timnit Gebru, and others — write a case analysis (1,500–2,000 words) that assesses whether Google's principles have been:

(a) Genuinely operationalized in its AI governance practice (b) Selectively applied based on commercial considerations (c) Revised in response to experience, and if so, how and to what effect

Conclude with your assessment of the overall integrity of Google's AI principles governance — not as a moral judgment of the company but as an organizational analysis of the gap between stated principles and actual governance practice.

Exercise 15† — Board Education Design You have been asked to design a half-day AI governance education session for the board of directors of a Fortune 500 consumer products company. The company has begun integrating AI into its marketing, supply chain, HR, and customer service functions. Most directors have limited AI technical background.

Design the session agenda, including: - Learning objectives for the session - Content outline for each session segment - Teaching methods appropriate for a board audience (case discussion, external speaker, expert panel, etc.) - The three AI governance questions every director should be able to ask management after the session - Recommended ongoing AI governance education to follow the initial session - Governance reporting template the board should request from management on an ongoing basis

Your design should be practical, focused on the governance questions boards actually need to be able to answer, and respectful of the fact that board members are not expected to become technical AI experts.