Creating a Strong Foundation for Scalable AI Means Operationalizing Responsibility

The views and opinions expressed are those of Kenza Rchi and do not represent the official policy or position of any organization.

Enterprise AI has a translation problem: high‑level principles are rarely converted into concrete engineering workflows. Survey data suggests that well-intentioned principles frequently stall before reaching ground-level execution, leaving teams unclear on how to apply them to real projects. The gap usually comes down to a lack of clear ownership. Without clear lifecycle accountability, governance remains a theoretical concept rather than a functioning operating model.

Kenza Rchi is an expert in enterprise architecture and AI scaling. Holding an MSc in Big Data Analytics and serving as a Global Ambassador for the WomenTech Network, she currently works as a Senior IT Analyst for AI Scaling at Philip Morris International, where she is building enterprise‑level Responsible AI (RAI) architecture focused on translating principles into operational systems and governance models. Rchi’s approach to scaling intelligent systems focuses on how policies and high‑level standards are translated into operational reality.

"Responsible AI is the only AI that will scale," she says. "Innovation alone isn’t enough; without accountability and governance, AI initiatives struggle to deliver sustainable, meaningful value." Teams tend to establish standards at the "principle level," or the level where policies and ethical requirements live, without successfully translating those ideals into distinct lifecycle ownership.

• Diluted by design: Weak leadership accountability manifests as a lack of clearly defined ownership throughout the AI cycle, often stalling expensive enterprise tech projects. "The biggest gap between the policy and making it work is operational ownership, not just assigning it to teams in the air. Most teams get it wrong because they define responsible AI at a principle level, but fail to translate that into who owns what across the lifecycle."

• All noise, no signal: In Rchi's experience, when accountability is entirely shared, no one truly owns the deployment. "Responsible AI requires multiple perspectives, of course, but accountability cannot be a shared value. If everyone is involved but no one is clearly responsible, governance becomes just noise rather than real control." A setup of communal accountability often leads to slow, circular reviews where no single person is confident enough to authorize trade-offs, prompting high-stakes sectors to implement stricter governance controls that directly shape the engineering lifecycle. Accountability must be assigned to roles throughout the enterprise.

• Mandates meet reality: The fix usually involves building a lean, cross-functional task force capable of establishing enterprise data standards and defining its own AI lifecycle standards, such as roles, traceability, and monitoring. Rchi stresses that while executive direction sets the tone, the substance has to come from practitioners. "Policy ultimately comes from leadership, but the details defining those standards need to come from the ground. The people actually interacting with AI on a daily basis are the ones who truly understand the use cases and the governance process."

Rchi advises bringing in specialized IT counsel to define legal bounds, alongside information security teams who integrate risk controls into existing frameworks, and HR to assess workforce impact and capability-building teams to design future training, all guided by comprehensive data governance frameworks.

That organizational alignment bleeds directly into the technical architecture. Product teams are often incentivized by speed, while compliance teams focus on risk reduction, which can sometimes create friction as new initiatives are introduced. Embedding models into mature IT processes natively aligns those competing incentives without reinventing the entire governance stack.

• Logical layering: Rchi tends to resolve that misalignment by framing the technology as the next logical layer on top of traditional IT infrastructure. "We already have IT processes and conduct risk assessments for standard use cases, and AI is just existing on top of that. It must be treated as a component that sits on top of an existing layer." AI must be treated as a tier-one enterprise workload integrated into existing risk, security, and change management processes. Governed models built on a solid IT foundation can provide greater durability at scale and are one way to better protect the bottom line. For many organizations, maintaining infrastructure stability and controlling inference costs serve as prerequisites for safely swapping out fast-moving tools on top of the technology stack.

• The drift dilemma: Moving from theoretical discussions to operational practice requires, Rchi says, end‑to‑end traceability across the AI lifecycle, including versioned datasets, model lineage, and performance monitoring, so that when drift occurs, there is a clear owner responsible for remediation. "We are moving from a general belief in fairness and transparency to establishing exactly who is accountable if a model drifts next month."

Navigating the reality of enterprise business frequently involves calculated trade-offs between revenue targets and ethical boundaries. With new regulatory frameworks building on earlier data privacy laws, the financial stakes for non-compliance are a standard operational reality. Sometimes, a low‑impact risk is acceptable, provided the business owner understands it and documents it within defined tolerances. In other cases, such as agents handling sensitive financial data, the same level of risk would be unacceptable. Decisions to accept any residual risk should be recorded and overseen by an accountable leader to ensure transparency.

• Calculated trade-offs: Rchi notes that establishing clear authority on foundational rules is what allows companies to move forward confidently. Risk tolerance depends on the type of AI use case and the level of impact involved. For example, limited hallucinations in an internal brainstorming or ideation tool may be acceptable within defined tolerances, while the same level of risk would be unacceptable in high-impact contexts such as financial, regulatory, or health-related systems. “Sometimes the value is proven, and a low residual risk may be acceptable, but it needs to be clearly assessed, documented, and governed within the appropriate risk framework,” she says. Decisions around acceptable risk should remain aligned with existing enterprise governance processes and applicable regulatory requirements.

She also draws a line between risks created by new models and risks inherent in the business use case itself. In those situations, governance is about recognizing that the underlying case is not workable. Identifying non-workable use cases is just as much a part of governance as finding the workable ones.

The tools will keep changing. The models will keep improving. The regulatory landscape will keep shifting. But the organizations positioned to ride that wave will be the ones that foreground clearly-defined roles, lifecycle traceability, and integration into IT processes. Rchi sees adaptability itself as a reward for doing the hard governance work early: strong IT foundations allow teams to layer on whatever comes next without questioning the base. "The fundamentals you build won't change. Because if you have the AI layer built and the control and everything, what's coming next will be on top of it. You will be sure that it is standing on the right base."