The governance frameworks most enterprises built for AI were designed around policy documents, compliance reviews, and executive discussion. That worked when AI adoption was narrow and experimental. It does not work now. As AI becomes embedded in product development, customer success, sales motions, and IC workflows, the old models create more friction than protection, and organizations that treat responsible AI as a static compliance exercise are falling behind those building it directly into how they operate.
Angela Cirulli leads AI Strategy and Operations for Worldwide Sales and Solutions at Microsoft. She has held senior strategy and operations roles at Meta, Amazon, DocuSign, and Symantec, where she led global GTM planning, sales operations, and M&A integration across multi-billion-dollar organizations. She began applying AI within sales operations at Meta in 2019 and has since built forecasting and analytics models that operationalize AI for enterprise decision-making. Cirulli frames responsible AI not as a policy layer but as an operating discipline that has to touch every part of the organization.
"The governance model that existed in the past doesn't always work anymore," Cirulli says. "Being responsible on AI is a huge initiative, and we're seeing that in all different segments."
It starts at product build
The shift Cirulli describes begins earlier than most organizations expect. Responsible AI is no longer something that gets reviewed after a product ships. It is built into the product management process from the start.
"The responsible AI process starts earlier. You start thinking about responsible AI when product is built," she says. "The entire product management process has been updated to include responsible AI. When you're looking at responsible AI, it starts really at the beginning of product making and then continues throughout the entire execution once the product is live." That means functional specs, development workflows, and deployment pipelines all carry responsible AI requirements before anything reaches a customer.
Reskilling replaces restructuring
Rather than creating new reporting lines or shifting ownership between departments, Cirulli sees the more effective approach as reskilling existing teams with new capabilities and new responsibilities. Sales, product, finance, and marketing teams all receive AI enablement, but with guardrails built around approved processes and governance frameworks.
"It's not so much how we're changing the responsibility from one org to another. It's more how we're reskilling," Cirulli says. "We're giving more tools to each of these different organizations to be able to do their role faster, but with a responsible process that's approved within the org." The mechanism for enforcement is goal-setting. AI responsibility and security goals cascade from the top of the organization down to every individual contributor, creating clear accountability at every level.
The risks of moving too slowly
Cirulli identifies three risks that organizations underestimate as they embed AI across their operations. The first is governance that becomes its own bottleneck. "Governance can slow down innovation if you're not careful," she says. "Too many approval layers, long review cycles." The second is incentive misalignment across functions. "Product may want faster shipment, legal wants less risk, finance wants efficiency. It's really making sure that there's goal alignment and incentive alignment across organizations."
The third is change management. "Change management is underestimated. This is a big one," Cirulli says. "The velocity of the change management is underestimated." Organizations that wait to reskill or delay adopting new processes simply fall further behind.
Taken together, these risks point to a common failure mode: organizations that build elaborate responsible AI policies but lack the operational infrastructure to execute them at the speed AI demands. The gap between policy and practice is where trust erodes and where accountability breaks down. Cirulli sees responsible AI becoming a default way of thinking rather than a separate initiative, but only for organizations willing to treat it as an operating model problem rather than a compliance one.
"It's not about controlling," she says. "It's more about building the right governance model that can scale, that can be adaptable, and then really focus on what matters. The value realization of what we're trying to do is going to be the most important thing, and then building operating models that are going to support that."