APMG AI Project Governance Framework (AIPGF) Practitioner Quick Reference

Compact AIPGF Practitioner reference for AI project governance, lifecycle gates, roles, artifacts, risks, assurance, and scenario decisions.

Exam Identity and Practitioner Lens

Use this independent Quick Reference for candidates preparing for APMG International’s APMG AI Project Governance Framework (AIPGF) Practitioner exam, exam code AIPGF Practitioner.

Practitioner-style questions usually test applied judgment: which governance action, artifact, role, escalation, or control best fits the scenario. The strongest answer is normally the one that is proportionate, evidence-based, value-linked, risk-aware, and accountable.

Core Answer Pattern

StepAskStrong practitioner response
1. Identify contextIs this idea, feasibility, development, deployment, operation, or change?Match the action to the lifecycle point. Do not jump to deployment, procurement, or escalation too early.
2. Confirm valueWhat business outcome or public/service value justifies AI?Validate the business case and benefits before technical optimization.
3. Classify riskWho could be affected? How autonomous, novel, opaque, or sensitive is the use case?Tailor governance intensity to impact and uncertainty.
4. Check evidenceWhat artifact proves readiness?Require data, model, security, human oversight, testing, and benefits evidence as applicable.
5. Assign accountabilityWho can accept the decision or residual risk?Keep decision rights with the proper sponsor, board, owner, or assurance function.
6. Decide next actionContinue, remediate, escalate, pause, or stop?Prefer controlled progression over unmanaged experimentation.

AI Project Governance Decision Path

    flowchart TD
	    A[AI idea, project issue, or change request] --> B{Clear business outcome and owner?}
	    B -- No --> B1[Clarify objective, benefits, sponsor, and success measures]
	    B -- Yes --> C{AI is justified over simpler options?}
	    C -- No --> C1[Reassess solution approach or stop AI route]
	    C -- Yes --> D{Impact, uncertainty, or autonomy is significant?}
	    D -- Low --> D1[Use proportionate controls and standard project governance]
	    D -- High --> E[Complete risk, data, ethics, security, and assurance checks]
	    E --> F{Evidence supports next stage?}
	    F -- No --> F1[Remediate, time-box discovery, or escalate]
	    F -- Yes --> G{Residual risk within delegated authority?}
	    G -- No --> G1[Escalate to appropriate governance body or sponsor]
	    G -- Yes --> H[Authorize next stage with monitoring and change controls]

Lifecycle Governance Map

Lifecycle pointGovernance questionKey evidence/artifactsCommon trapBest next action
Idea / mandateIs there a justified need for AI?Problem statement, objectives, sponsor, initial benefits hypothesisStarting with model choice or vendor demoClarify outcome, users, decision context, and whether AI is appropriate
FeasibilityIs the use case viable, valuable, and governable?Business case, options analysis, initial risk/impact assessmentTreating proof of concept as approval for productionTime-box feasibility and define stage-gate evidence
Data readinessIs data suitable, authorized, representative, and controlled?Data inventory, provenance, lineage, quality report, data management planAssuming more data automatically improves fairness or performanceFix data issues before model claims are accepted
Solution designAre architecture, oversight, explainability, security, and integration addressed?Solution design, control design, human oversight model, threat modelDesigning governance after build completionBuild controls into design, not as late documentation
Development / experimentationAre experiments traceable and bounded?Experiment logs, version control, model registry, test datasetsUnmanaged notebooks, undocumented feature changesMaintain reproducibility and decision records
ValidationDoes the system perform acceptably for intended use and affected groups?Evaluation report, bias/fairness testing, robustness tests, user acceptance evidenceRelying only on aggregate accuracyValidate against business, ethical, operational, and subgroup criteria
Authorization / deploymentIs release justified with residual risk understood?Go/no-go recommendation, deployment plan, rollback plan, operational readiness checklistSponsor pressure overrides unresolved assurance findingsAuthorize only within delegated tolerances or escalate
OperationIs the AI system still performing safely and usefully?Monitoring dashboard, incident log, drift reports, benefits trackingTreating deployment as project closure with no model ownershipMonitor performance, harms, drift, and benefit realization
Change / retrainingDoes the change alter risk, behavior, users, or accountability?Change request, impact reassessment, updated model/system card“It is only a retrain” avoids change controlReassess based on effect, not label
RetirementShould the AI capability be decommissioned or replaced?Retirement plan, data retention/disposal evidence, transition planKeeping unused models active indefinitelyRetire safely, preserve records, and protect users/data

Governance Roles and Accountability

Role or groupPrimary accountabilityPractitioner exam cueAvoid this error
Sponsor / senior responsible ownerBusiness justification, benefits, funding, acceptance of business risk within authorityBenefits unclear, strategic alignment questioned, funding decision neededMaking the project manager own business justification alone
Project board / governance boardStage authorization, tolerances, escalation decisions, continued viabilityResidual risk exceeds delegated limits; go/no-go decision neededEscalating every routine technical issue
Project managerDelivery control, issue/risk management, coordination, reporting, escalationWork is off plan, evidence missing, unresolved dependenciesPersonally accepting ethical, legal, or strategic risk outside authority
Product owner / business ownerRequirements, user value, prioritization, operational fitConflicting feature priorities or acceptance criteriaOptimizing model metrics while ignoring user workflow
Data ownerData access, permitted use, quality expectations, retention constraintsNew dataset, unclear provenance, access requestAssuming the AI team can use any available data
Data steward / data governance leadMetadata, lineage, quality rules, data handling controlsInconsistent labels, missing provenance, quality defectsTreating data cleaning as a purely technical task
AI / ML leadModel design, training approach, technical evaluation, reproducibilityModel performance, feature engineering, experiment controlDeciding production risk without governance input
Security leadThreat modeling, access control, secure deployment, adversarial riskAPI exposure, model theft, prompt injection, supply chain issueAddressing security only after deployment
Privacy / legal / compliance specialistInterpretation of applicable obligations and compliance risksPersonal, sensitive, regulated, or cross-border data concernInventing legal conclusions without specialist input
Ethics / responsible AI reviewerFairness, accountability, transparency, human impact, contestabilityPotential harm, vulnerable groups, opaque automated decisionsTreating ethics as optional communication activity
Independent assurance / auditObjective review of controls, evidence, and governance operationHigh-impact release or unresolved control weaknessHaving only the build team validate its own work
Operations / service ownerProduction support, monitoring, incidents, service continuityModel is live or about to be handed overClosing project without operational ownership
Supplier / vendor managerThird-party obligations, service levels, assurance access, exit planningBlack-box model, SaaS AI, external data processorAssuming supplier reputation removes due diligence

Artifact Selection Matrix

ArtifactUse whenWhat it provesHigh-yield distinction
AI use case briefEarly idea or mandateProblem, decision context, users, intended valuePrevents technology-first project initiation
Business caseFunding, prioritization, continuation, stage approvalValue, cost, risk, options, disbenefits, benefits ownerA technically feasible AI model is not automatically a viable project
AI risk / impact assessmentAny meaningful AI use case; especially high impact, autonomous, sensitive, or novelRisk level, affected groups, control needs, escalation routeDrives proportional governance intensity
Stakeholder analysisUsers, affected parties, operators, regulators, support teams, or impacted communities are unclearInterests, influence, communication and engagement needsAffected people may not be system users
Data management planData is collected, reused, acquired, transformed, or retainedSource, permissions, quality, lineage, retention, access controlData governance starts before model training
Data quality reportModel depends on dataset reliabilityCompleteness, consistency, bias, label quality, missingnessClean-looking data may still be unrepresentative
Model card / system cardModel/system behavior must be explained to governance, operators, or stakeholdersIntended use, limitations, metrics, training data summary, risksDocumentation should support decisions, not just describe algorithms
Evaluation and test strategyBefore accepting model performance or releaseTest methods, acceptance criteria, subgroup performance, robustnessAccuracy alone is rarely enough
Human oversight planHumans review, approve, override, or contest AI outputsDecision rights, escalation, competence, workload, override process“Human in the loop” is not effective if humans cannot challenge outputs
Security threat modelAI system is exposed, integrated, high value, or supplier-basedAttack surfaces, controls, monitoring, responseAI adds threats such as data poisoning, model extraction, prompt injection
Responsible AI / ethics assessmentHarms, fairness, transparency, vulnerable users, or significant autonomy are presentEthical risks, trade-offs, mitigations, accountabilityEthics is a governance input, not public relations
Deployment and rollback planProduction release or major changeRelease steps, fallback, monitoring, owner, support readinessProduction readiness includes failure handling
Monitoring planLive AI service, changing data, model drift riskMetrics, thresholds, alerts, ownership, review cadenceMonitoring must include business and harm indicators, not only uptime
Incident response planAI failure could harm users, operations, trust, or complianceDetection, triage, escalation, containment, communicationAI incidents can be model, data, security, or human-process failures
Benefits realization planBusiness case benefits must be tracked after deliveryBaseline, target, owner, measurement method, review pointModel performance is not the same as realized benefit
Change control recordRetraining, threshold change, new data, new users, or supplier update occursImpact assessment, approval, traceability“Minor technical change” can be major governance change

Tailoring Governance Intensity

Factor increasing governance intensityWhy it mattersStronger controls to consider
High impact on people, rights, access, safety, money, employment, or essential servicesConsequences of error or unfairness are greaterFormal impact assessment, independent assurance, explicit board approval
High autonomyLess human correction before harm occursHuman oversight design, fail-safe controls, tighter monitoring
Sensitive or personal dataHigher privacy, security, and trust riskData minimization, access controls, provenance, specialist review
Vulnerable or disadvantaged affected groupsHarm may be uneven or harder to contestFairness testing, stakeholder engagement, accessible redress
Novel model, novel data, or novel use caseHistorical assurance evidence is weakerTime-boxed discovery, staged gates, pilot limits
Opaque model or black-box supplierHarder to explain, validate, and challengeExplainability requirements, supplier assurance, operational limits
Dynamic environmentDrift and decay are more likelyMonitoring thresholds, retraining triggers, change control
Integration with critical systemsFailure can cascadeResilience, rollback, service continuity, security testing
Regulatory, contractual, or reputational exposureAccountability extends beyond the project teamSpecialist review, evidence retention, formal approvals
Low organizational readinessUsers may misuse or over-trust outputsTraining, communication, adoption controls, support model

Common Scenario Decisions

Scenario cueWeak answerStrong AIPGF Practitioner-style action
Sponsor wants rapid deployment before validation is completeAccept the pressure because benefits are urgentExplain missing evidence, assess risk, seek appropriate governance decision, and do not bypass required assurance
Proof of concept achieved high accuracyMove straight to productionConfirm production data, controls, monitoring, security, user workflow, and benefits case
Dataset has missing fields and uncertain provenanceTrain anyway and document laterPause or time-box investigation; establish provenance, quality, permitted use, and remediation
Model performs worse for a subgroupReport only overall metricInvestigate cause, assess fairness and impact, adjust data/model/process, and escalate if residual risk is material
New dataset becomes availableAdd it to improve performanceReassess permitted use, quality, bias, lineage, and change impact before use
Supplier offers a proprietary black-box modelAccept supplier assurance at face valueRequire evidence, contractual controls, explainability/operational limits, and exit arrangements
Human reviewers always accept AI recommendationsClaim oversight existsInvestigate automation bias, improve training/interface, define override expectations, and monitor reviewer behavior
Model drift alert triggersIgnore until next planned reviewTriage as operational issue; assess impact, rollback/retrain if needed, record decision
Benefits are not being realized despite good model metricsImprove algorithm onlyRevisit workflow, adoption, baseline, user behavior, and benefits ownership
Risk exceeds project manager toleranceProject manager decides aloneEscalate to the role/body with authority to accept, reduce, transfer, or reject residual risk
A change affects users, data, or decision thresholdsTreat as routine technical updateUse change control and update risk, testing, documentation, monitoring, and approvals
Users do not understand AI outputAdd technical model detailsProvide role-appropriate explanation, limitations, confidence guidance, and escalation route
Incident causes incorrect decisionsRetrain quietlyContain, assess harm, communicate as required by governance route, preserve evidence, fix root cause

Change Control for AI Systems

Change typeReassessment needed?Include these rolesEvidence to update
Code defect fix with no behavioral changeLight, unless controls or outputs changeAI lead, project/service owner, testerChange log, regression test evidence
Retraining on refreshed data for same useYes, because behavior can changeAI lead, data owner, service ownerData quality, evaluation report, model/system card
New data sourceYesData owner, privacy/compliance as applicable, AI leadData provenance, permitted use, quality, risk assessment
Feature engineering changeYes, if explainability, fairness, or performance changesAI lead, data steward, responsible AI reviewerEvaluation, fairness checks, documentation
Decision threshold changeYes, often materialBusiness owner, AI lead, risk ownerImpact analysis, false positive/false negative trade-off
New user group or populationYes, high importanceSponsor, stakeholder lead, responsible AI reviewerImpact assessment, subgroup testing, communications
New purpose or business processTreat as new or materially changed use caseSponsor, board, risk/compliance specialistsBusiness case, risk assessment, governance approvals
Increased automation / reduced human reviewYes, high importanceSponsor, operations, risk, ethics, assuranceOversight plan, risk acceptance, monitoring thresholds
Supplier model version changeYes, depending on impactSupplier manager, AI lead, security, service ownerSupplier release notes, test results, assurance evidence
Decommissioning or replacementYesService owner, data owner, sponsorRetirement plan, data disposal/retention evidence, transition plan

Responsible AI Controls

PrinciplePractical controlEvidence to look forCommon trap
AccountabilityNamed owners for business outcome, data, model, risk, and operationRACI, governance approvals, decision logs“The algorithm decided” is treated as accountability
TransparencyClear explanation of intended use, limitations, and decision influenceModel/system card, user guidance, communication planGiving users technical detail that does not help them act
FairnessTest for uneven error rates or harmful outcomes across relevant groupsFairness analysis, subgroup metrics, mitigation recordsRelying on overall performance only
Privacy and data governanceMinimize data, control access, confirm provenance and permitted useData management plan, access logs, lineageUsing available data without confirming suitability
Robustness and safetyTest failure modes, edge cases, drift, and resilienceRobustness tests, monitoring plan, incident processAssuming test performance remains stable in production
SecurityProtect data, model, pipeline, prompts, APIs, and outputsThreat model, secure architecture, vulnerability testingTreating AI security as ordinary application security only
Human agency and oversightEnable meaningful review, override, escalation, and challengeOversight plan, training, audit of override behaviorHuman review is nominal or overloaded
ContestabilityAllow affected parties or users to question outcomesAppeals or review route, support scripts, audit trailNo route to correct harmful or incorrect outputs
ProportionalityMatch controls to risk, impact, and uncertaintyTailoring record, risk acceptance rationaleApplying either no governance or excessive bureaucracy
Sustainability and maintainabilityConsider operating cost, environmental/resource burden, lifecycle supportArchitecture and operations assessmentSelecting a model that cannot be supported responsibly

Risk Reference

Risk categoryExample causesImpactControls
Strategic / value riskWeak business case, AI not needed, benefits unclearWaste, reputational damage, opportunity costOptions analysis, benefits owner, stage reviews
Data riskPoor quality, biased labels, uncertain provenance, unauthorized useInaccurate or unfair outputs, compliance issuesData governance plan, quality checks, lineage, access controls
Model riskOverfitting, poor calibration, low robustness, opaque logicWrong decisions, inconsistent behaviorValidation, stress testing, explainability, model documentation
Fairness / ethics riskUneven performance, proxy variables, harmful automationDiscrimination, loss of trust, user harmImpact assessment, subgroup testing, oversight, redress
Security riskData poisoning, model extraction, prompt injection, insecure APIsBreach, manipulation, service compromiseThreat modeling, secure pipeline, monitoring, access control
Operational riskDrift, poor handover, weak incident response, support gapsService failure, accumulating harmMonitoring, runbooks, ownership, rollback
Change riskRetraining changes behavior, supplier update, new contextUndetected degradation or new harmChange control, regression testing, reauthorization
Supplier riskBlack-box model, unclear data use, lock-in, weak assuranceLoss of control, hidden obligations, poor exit optionsDue diligence, audit evidence, contract controls, exit plan
Stakeholder riskLow adoption, poor understanding, over-trust, resistanceBenefits not realized, misuseEngagement, training, clear guidance, feedback channels
Governance riskUnclear accountability, weak escalation, missing evidenceUnauthorized risk acceptanceRACI, decision records, stage gates, independent assurance

Useful Formulas

Use formulas only when the scenario provides the variables and asks for prioritization, risk exposure, project control, or evaluation metrics.

\[ \text{Risk Exposure} = P(\text{event}) \times \text{Impact} \]\[ \text{Expected Monetary Value} = P(\text{outcome}) \times \text{Monetary Impact} \]\[ \text{Cost Performance Index} = \frac{\text{Earned Value}}{\text{Actual Cost}} \]\[ \text{Schedule Performance Index} = \frac{\text{Earned Value}}{\text{Planned Value}} \]\[ \text{Precision} = \frac{TP}{TP + FP} \]\[ \text{Recall} = \frac{TP}{TP + FN} \]\[ F_1 = 2 \times \frac{\text{Precision} \times \text{Recall}}{\text{Precision} + \text{Recall}} \]

Metric Interpretation

MetricPlain meaningGovernance caution
AccuracyShare of correct predictionsCan hide poor performance on minority classes or high-impact cases
PrecisionOf positive predictions, how many were correctImportant when false positives cause harm or cost
Recall / sensitivityOf actual positives, how many were foundImportant when missed cases are harmful
False positive rateHow often negatives are incorrectly flaggedMay create unfair burden, cost, or unnecessary intervention
False negative rateHow often positives are missedMay create safety, access, or service failure risk
F1 scoreBalance between precision and recallUseful when classes are imbalanced, but still not a business outcome
CalibrationWhether confidence scores reflect real likelihoodPoor calibration can mislead human decision-makers
DriftChange in data, concept, or performance over timeRequires monitoring, thresholds, and response ownership
LatencyTime to produce outputMay affect user workflow, safety, or service levels
ExplainabilityAbility to understand key factors or rationaleMust fit the audience and decision context

Agile, Predictive, and Hybrid Delivery

SituationBetter delivery stanceGovernance implication
Uncertain data quality or model feasibilityTime-boxed agile discoveryPermit learning, but keep boundaries, records, and decision gates
Stable compliance, procurement, or infrastructure requirementsPredictive or controlled planningDefine approvals, dependencies, evidence, and acceptance criteria early
AI model development inside a regulated or high-impact serviceHybridIterate technically, but retain formal governance gates
Frequent model experimentationAgile technical workflowVersion experiments, document assumptions, and prevent uncontrolled production use
Production deployment and operational handoverControlled release managementRequire readiness, rollback, monitoring, and support ownership
Benefits realization after launchIterative improvementTrack outcomes and adjust workflow, model, or adoption plan

Agile Governance Traps

  • Agile does not remove the need for risk assessment, data controls, or authorization.
  • A sprint review is not the same as independent assurance.
  • A working model is not the same as an operationally safe service.
  • Backlog priority should consider risk, value, dependencies, and governance evidence.
  • Technical experimentation should be sandboxed and traceable.

Stage-Gate Readiness Checklist

GateMinimum readiness questions
Start feasibilityIs the problem clear? Is AI plausibly justified? Is there a sponsor and benefits hypothesis?
Start developmentIs data access authorized? Are quality and provenance understood? Are evaluation criteria defined?
Start validationAre model versions, test data, expected performance, and acceptance thresholds documented?
Deploy pilotIs scope limited? Are users briefed? Are monitoring, fallback, and incident routes in place?
Full productionAre residual risks accepted by the right authority? Are operations, support, monitoring, and benefits tracking ready?
Continue operationAre performance, fairness, drift, incidents, and benefits still acceptable?
Major changeHas the change been classified and reassessed? Are documentation and approvals updated?
RetireAre users transitioned, data handled appropriately, records preserved, and dependencies removed?

Stakeholder and Communication Reference

Stakeholder groupNeedsUseful evidence or communication
Sponsor / governance boardValue, risk, options, tolerances, decision requestBusiness case, risk summary, stage report, recommendation
End usersHow to use outputs, limitations, escalation routeUser guidance, training, confidence/limitations explanation
Affected partiesHow decisions affect them and how to challenge errorsClear notices, review/appeal route, support process
Operations and supportHow to monitor, triage, and restore serviceRunbook, incident plan, monitoring thresholds
Data ownersHow data is used, protected, retained, and changedData management plan, lineage, access records
Compliance / legal / privacy specialistsFacts needed to interpret obligationsData flows, purpose, controls, risk assessment
Security teamAttack surfaces, access paths, deployment modelThreat model, architecture, vulnerability results
Assurance / auditObjective evidence of control design and operationDecision logs, approvals, tests, monitoring records
Supplier managerObligations, assurance evidence, change and exit controlsSupplier documentation, contract controls, service reports

Benefits and Value Control

ItemGood practiceExam cue
Benefit definitionMeasurable outcome with baseline, target, owner, and review date“Improve decisions” is too vague
Benefit ownerBusiness role accountable for realizationProject team cannot realize operational benefits alone
Leading indicatorsAdoption, cycle time, accuracy, recall, user compliance, override ratesIndicators help but do not prove final value
DisbenefitsNegative outcomes that may occur even if project succeedsIncreased workload, user mistrust, unfair burden
Value-risk trade-offCompare benefit against residual risk and cost of controlsHigh performance may not justify unacceptable harm
Benefits reviewContinue after deploymentProject closure is not the end of benefits governance

Supplier and Third-Party AI Governance

Supplier issueGovernance response
Proprietary or black-box modelDefine minimum explainability, testing, monitoring, and assurance evidence required
Supplier uses customer data for improvementConfirm permitted use, controls, and opt-in/opt-out position through appropriate review
Model updates are controlled by supplierRequire notification, versioning, test evidence, rollback, and change impact review
Service-level dependencyDefine availability, incident, support, and continuity expectations
Exit or lock-in riskPlan data export, replacement approach, knowledge transfer, and termination handling
Unclear intellectual property or data rightsSeek specialist review before commitment
Supplier claims compliance generallyAsk for evidence specific to the use case, data, deployment, and operating context

Assurance and Escalation

When to Escalate

Escalate when:

  • Residual risk exceeds delegated authority or tolerance.
  • Business case viability is uncertain or benefits no longer justify risk.
  • Data use, fairness, privacy, security, or ethics concerns cannot be resolved by the team.
  • Required evidence for a stage gate is missing or disputed.
  • Model behavior changes materially after retraining, new data, or supplier update.
  • An incident causes or could cause harm, service failure, or loss of trust.
  • Stakeholder objections reveal a material impact not previously assessed.
  • A decision requires acceptance by a sponsor, governance board, or specialist authority.

When Not to Escalate

Do not escalate merely to avoid routine management responsibility. Handle within the team when the issue is inside delegated limits, controls are known, and no material change to risk, scope, benefits, or accountability is involved.

Common Exam Traps

TrapBetter reasoning
“AI is innovative, so it should be used.”Confirm AI is justified against simpler, safer, cheaper options.
“The model is accurate, so it is ready.”Check data, fairness, robustness, security, oversight, operations, and benefits.
“The project manager can accept the risk.”Risk acceptance must match delegated authority and governance structure.
“A pilot success authorizes full deployment.”Production needs operational readiness, wider impact assessment, monitoring, and approval.
“Human oversight solves accountability.”Oversight must be meaningful, trained, resourced, and auditable.
“Supplier assurance removes customer responsibility.”The organization still needs use-case-specific governance and evidence.
“More data reduces bias.”More data can amplify bias if source, labels, or representation are flawed.
“Documentation can be completed later.”Key artifacts support decisions before progression.
“Agile means governance can be lightweight always.”Governance is tailored to risk, not delivery style.
“No personal data means no ethical risk.”AI can still create unfair, unsafe, opaque, or harmful outcomes.
“Retraining is routine maintenance.”Retraining can change behavior and may require reassessment.
“Explainability is only for technical staff.”Explanations must be useful to decision-makers, users, affected parties, and governance bodies.

Final Revision Checklist

Before answering a scenario question, check:

  • What lifecycle point is the project in?
  • What decision is being asked: proceed, pause, remediate, escalate, approve, or stop?
  • Is the business outcome clear and still justified?
  • Is AI appropriate compared with non-AI alternatives?
  • Which risks are material: data, model, ethics, security, operations, supplier, stakeholder, or benefits?
  • What evidence is missing?
  • Which role has authority to decide or accept residual risk?
  • Is the proposed action proportionate to impact and uncertainty?
  • Does the answer preserve traceability, accountability, and monitoring?
  • Does the answer avoid overreacting, bypassing controls, or solving governance issues with technical fixes only?

Practical Next Step

Use this Quick Reference to identify weak areas, then complete scenario-based practice for the APMG AI Project Governance Framework (AIPGF) Practitioner exam. For each question, explain why the best answer is the most proportionate governance action and why the distractors are too early, too late, under-controlled, over-escalated, or outside the role’s authority.