While the use of artificial intelligence (AI) systems promises to bring significant economic and social benefits, it is also coupled with ethical, legal, and technical challenges. Business leaders thus face the question of how to best reap the benefits of automation whilst managing the associated risks. As a first step, many companies have committed themselves to various sets of ethics principles aimed at guiding the design and use of AI systems. So far so good. But how can well-intentioned ethical principles be translated into effective practice? And what challenges await companies that attempt to operationalize AI governance? In this article, we address these questions by drawing on our first-hand experience of shaping and driving the roll-out of AI governance within AstraZeneca, a biopharmaceutical company. The examples we discuss highlight challenges that any organization attempting to operationalize AI governance will have to face. These include questions concerning how to define the material scope of AI governance, how to harmonize standards across decentralized organizations, and how to measure the impact of specific AI governance initiatives. By showcasing how AstraZeneca managed these operational questions, we hope to provide project managers, CIOs, AI practitioners, and data privacy officers responsible for designing and implementing AI governance frameworks within other organizations with generalizable best practices. In essence, companies seeking to operationalize AI governance are encouraged to build on existing policies and governance structures, use pragmatic and action-oriented terminology, focus on risk management in development and procurement, and empower employees through continuous education and change management.

翻译：尽管人工智能系统的应用有望带来显著的经济和社会效益，但其同时也伴随着伦理、法律和技术层面的挑战。企业管理者因此面临着一个核心问题：如何在有效管理相关风险的同时，最大限度地获取自动化带来的收益。作为第一步，许多公司已承诺遵循各类伦理原则，旨在指导人工智能系统的设计与使用。这固然是良好的开端。然而，善意的伦理原则如何才能转化为有效的实践？试图将人工智能治理付诸实施的企业又将面临哪些挑战？本文基于我们在生物制药公司阿斯利康内部塑造并推动人工智能治理落地的第一手经验，对这些问题进行探讨。我们所讨论的案例凸显了任何试图实施人工智能治理的组织都必须面对的挑战，包括如何界定人工智能治理的实质范围、如何在去中心化的组织中协调标准，以及如何衡量具体人工智能治理举措的成效。通过展示阿斯利康处理这些操作性问题的实践，我们希望为其他组织中负责设计和实施人工智能治理框架的项目经理、首席信息官、人工智能从业者及数据隐私官提供可推广的最佳实践。本质上，寻求实现人工智能治理落地的企业应立足于现有政策与治理架构，采用务实且面向行动的术语，聚焦于开发与采购过程中的风险管理，并通过持续的教育与变革管理赋能员工。