Manager Certification -- AEEF Certified AI Engineering Manager
The Manager Certification equips engineering managers, directors, and technical leaders with the knowledge to deploy, measure, and scale AI coding governance across their teams. This is not a technical implementation track -- it focuses on the business case, organizational change management, metrics that matter, and progressive adoption strategies.
Over 8 hours across 4 modules, managers learn to answer the questions their leadership will ask ("What is the ROI of AI governance?"), the questions their teams will ask ("Why are we adding process?"), and the questions regulators will ask ("Where is your audit evidence?").
Certification Overview
| Attribute | Detail |
|---|---|
| Certification Title | AEEF Certified AI Engineering Manager |
| Duration | 8 hours (4 modules, 2 hours each) |
| Format | Self-paced or instructor-led |
| Prerequisites | Engineering management or technical leadership role |
| Technical Depth | Configuration-level (no coding required) |
| Assessment | 40-question exam + practical governance plan |
| Passing Score | 80% on exam, governance plan approved by reviewer |
| Validity | 2 years |
Module 1: The Business Case for AI Governance (2 hours)
Learning Objectives
By the end of this module, you will be able to:
- Present the market data and risk landscape to senior leadership
- Explain the productivity paradox with quantitative evidence
- Calculate ROI for AI governance investments
- Use real incident data to justify governance spending
Topics
1.1 Market Landscape (30 minutes)
The AI coding market is not a future trend -- it is the present reality.
- Market size: $4-7 billion market with 25-44% CAGR through 2030
- Adoption rates: 92% of US developers use AI coding tools daily; GitHub Copilot at 20M+ users
- Investment scale: Cursor at $29.3B valuation; Anthropic, OpenAI, Google competing on coding capability
- Enterprise penetration: 77% of Fortune 500 companies have approved AI coding tools
- What this means for engineering leaders: AI coding is not optional, governance is the differentiator
1.2 The Productivity Paradox (30 minutes)
Why your team feels faster but your delivery metrics have not improved.
- The Faros AI study (10,000+ developers):
- 98% more pull requests opened
- 91% longer review times
- 9% more bugs per developer
- Net productivity gain: negligible to negative
- The METR randomized controlled trial:
- Developers perceived 20% speedup
- Actual measurement: 19% slower
- The Uplevel study:
- 41% of AI-generated code reverted within 2 weeks
- The GitClear analysis:
- Code churn from AI-generated code nearly doubled in 12 months
- "Moved" and "copy-pasted" code categories surged
- The core insight: generating code was never the bottleneck; understanding, reviewing, and maintaining code is
- How to present this data to skeptical leadership without being anti-AI
1.3 Real Incidents (20 minutes)
When ungoverned AI coding goes wrong -- documented cases.
- Replit agent incidents: Users reporting agents that delete files, ignore instructions, produce non-functional code at scale
- Kiro (AWS): Amazon's response to AI coding chaos -- spec-driven development as governance
- CodeRabbit data: AI-powered review finding 4x more issues in AI-generated code than human-written code
- The dependency hallucination problem: AI tools suggesting packages that do not exist, creating supply chain attack vectors
- Prompt injection via codebase: Malicious content in repositories manipulating AI tools during development
- Why these incidents are predictable and preventable with governance
1.4 ROI Framework (20 minutes)
Quantifying the return on AI governance investment.
- BCG/McKinsey data: AI investments returned $3.70 per dollar on average; top performers saw $10.30
- The governance multiplier: Organizations with governance frameworks see higher ROI from AI tools
- Cost categories:
- Direct costs: tooling, training, configuration time
- Indirect benefits: reduced defect remediation, faster reviews, lower incident rate
- Risk avoidance: regulatory fines, security breaches, reputation damage
- ROI calculation template:
- Baseline: current defect rate, review time, incident frequency
- Projected: post-governance improvements based on industry data
- Investment: training hours, configuration effort, ongoing maintenance
- Timeline: 3-week, 6-week, 12-week projections
- How to present ROI to the board without overpromising
1.5 Lab: Calculate AI ROI for Your Organization (20 minutes)
Exercise: Using the ROI calculation template, estimate the return on AI governance investment for your organization.
Steps:
- Gather your current metrics: defect density, average PR review time, CI failure rate, incident frequency
- Apply industry benchmark improvements from the Faros/METR/Uplevel studies
- Estimate governance investment: training hours (this program), configuration effort (from AEEF Quick Start docs), ongoing maintenance
- Calculate 6-week and 12-week projected ROI
- Draft a one-page executive summary
Deliverable: A completed ROI calculation with executive summary suitable for leadership presentation.
Assessment Criteria
- Can present the productivity paradox with at least 4 data points
- Can calculate AI governance ROI using the provided framework
- Can cite 3+ real incidents caused by ungoverned AI coding
- ROI calculation completed with realistic inputs from own organization
Module 2: Setting Up Governance (2 hours)
Learning Objectives
By the end of this module, you will be able to:
- Select the appropriate AEEF tier for each team and project
- Deploy Tier 1 governance using config packs on existing repositories
- Configure CI pipeline enforcement that cannot be bypassed
- Define and track the quality metrics that indicate governance health
Topics
2.1 Choosing the Right AEEF Tier (30 minutes)
Not every team needs the same level of governance.
- Tier 1 (Quick Start): Best for individual developers, small teams, greenfield projects
- 5 standards enforced, 30-minute setup, minimal process overhead
- Use when: team is new to AI governance, project is low-risk, budget is limited
- Tier 2 (Transformation): Best for teams adopting AEEF over 6 weeks
- 9 standards enforced, 1-2 week setup, 4-agent SDLC
- Use when: team has 5+ engineers, project is customer-facing, regulatory awareness needed
- Tier 3 (Production): Best for enterprise and regulated deployments
- 16 standards enforced, 2-4 week setup, 11-agent model, monitoring stack
- Use when: regulated industry, SOC2/ISO compliance needed, 20+ engineers
- Decision matrix: team size, risk level, regulatory requirements, timeline
- The brownfield challenge: adopting governance on existing projects without disruption
- Tier progression: starting at Tier 1 and upgrading over time
2.2 Config Packs for Brownfield Adoption (30 minutes)
The lowest-friction path to governance for existing projects.
- Config packs overview: standalone configuration files that drop into any project
- Available packs: AI tool configs, CI pipelines, linter configs, security policies, schemas
- Selection guide: which packs to apply first based on highest-risk areas
- Application process: copy, customize, commit, verify
- What NOT to do: applying all packs at once to a large monorepo
- Progressive adoption: one pack per sprint, measuring impact before adding more
2.3 CI Pipeline Setup and Enforcement (30 minutes)
Governance is meaningless without enforcement.
- Minimum viable pipeline: lint, test, SAST (3 stages, 5-minute run time)
- Making checks required: GitHub branch protection, GitLab merge request approvals
- Preventing bypass: no admin override, no force push, no merge without green checks
- Pipeline performance: keeping CI fast enough that developers do not circumvent it
- Monitoring pipeline health: failure rates, flaky tests, false positives in SAST
- Escalation: what happens when a check fails and the developer disagrees
2.4 Quality Metrics That Matter (30 minutes)
Measuring governance health, not just compliance.
- Defect density: Bugs per 1,000 lines of code, tracked over time by AI vs. human attribution
- Review time: Average hours from PR open to merge, segmented by AI-assisted vs. manual
- AI attribution rate: Percentage of code that was AI-generated (from commit trailers and PR metadata)
- Mutation score: Percentage of test mutations killed, indicating real test effectiveness
- CI pass rate: Percentage of pipeline runs that succeed on first attempt
- Revert rate: Percentage of merged PRs that are subsequently reverted
- Dashboard setup: connecting metrics to Grafana or your existing observability platform
- Alert thresholds: when metrics indicate governance is degrading
- Reporting cadence: weekly for team leads, monthly for directors, quarterly for executives
2.5 Lab: Deploy Tier 1 Governance for 3 Existing Repos (remaining time)
Exercise: Apply Tier 1 governance to 3 existing repositories (provided or your own) using config packs.
Steps:
- Select 3 repositories of varying sizes and languages
- For each repository: a. Apply the AI tool config pack appropriate for the team's primary AI tool b. Add the CI pipeline config pack matching the project's CI platform c. Add the PR template with AI disclosure d. Verify the pipeline runs and checks are required
- Document: which packs applied, any customizations needed, time spent per repo
Deliverable: 3 repositories with Tier 1 governance applied, passing CI checks, and documented customizations.
Assessment Criteria
- Can select the appropriate AEEF tier for a given team/project scenario
- Successfully applied config packs to at least 2 repositories
- CI pipeline running with required checks on at least 1 repository
- Can name and define 4+ quality metrics relevant to AI governance
Module 3: Team Enablement & Culture (2 hours)
Learning Objectives
By the end of this module, you will be able to:
- Design an AI adoption strategy that accounts for developer resistance
- Adapt performance management for teams using AI tools
- Plan training rollouts using the AEEF certification program
- Measure adoption success beyond simple usage metrics
Topics
3.1 Shopify's Model: AI as Fundamental Expectation (20 minutes)
A case study in organizational AI adoption.
- Shopify's mandate: AI proficiency as a baseline expectation for all engineers
- The "before asking for more headcount, show how AI is being used" principle
- What worked: clear expectations, tool provisioning, skills training
- What to adapt: not every organization has Shopify's resources or culture
- Lessons for AEEF adoption: governance enables the mandate, not the other way around
3.2 Performance Management with AI Tools (30 minutes)
How to evaluate engineers who use AI without penalizing or rewarding the wrong behaviors.
- The problem: traditional metrics (lines of code, PRs merged) are inflated by AI tools
- What NOT to measure: raw output volume, AI tool usage frequency
- What TO measure: code quality metrics, review contribution, architectural decisions
- Performance review frameworks adapted for AI-assisted development:
- Quality of AI supervision (are they reviewing AI output or rubber-stamping?)
- Prompt engineering skill (is their CLAUDE.md effective?)
- Governance compliance (are they following the established process?)
- Knowledge sharing (are they helping others use AI effectively?)
- Career growth paths that include AI governance competency
- The "10x developer" myth revisited in the AI era
3.3 Training Your Team (30 minutes)
Using the AEEF certification program as a team enablement tool.
- Selecting the right track for each team member
- Cohort-based vs. self-paced: trade-offs for team adoption
- Internal champions: identifying and empowering early adopters
- Brown bag sessions: weekly 30-minute knowledge sharing on AI governance topics
- Pair programming with governance: pairing an AEEF-certified engineer with a newcomer
- Budget planning: time allocation for training (recommendation: 5% of sprint capacity during rollout)
- Measuring training effectiveness: pre/post assessments, metric improvements, satisfaction surveys
3.4 The Trust Crisis: Handling Developer Resistance (20 minutes)
Why some developers resist governance -- and how to address it productively.
- Common objections:
- "This slows me down" -- show the data on net throughput
- "I know what I am doing" -- governance protects the team, not just the individual
- "AI governance is just process theater" -- show the incident data
- "We will adopt this when it is more mature" -- the risk is now, not later
- Addressing each objection with evidence from Module 1
- The opt-in strategy: let resistant developers see results from early adopters before requiring adoption
- When to mandate: signs that voluntary adoption is insufficient
- The cultural shift: from "move fast and break things" to "move fast with guardrails"
3.5 Measuring Adoption and Satisfaction (20 minutes)
Beyond compliance: is governance actually working for your team?
- Adoption metrics: percentage of repos governed, percentage of PRs with AI disclosure
- Satisfaction surveys: developer experience with governance tools
- Friction metrics: time added per PR by governance checks
- Value metrics: defects caught by governance that would have reached production
- Quarterly retrospectives: what is working, what is not, what to adjust
- Success indicators: governance is working when developers ask for MORE checks, not fewer
3.6 Lab: Create an AI Adoption Plan for Your Team (remaining time)
Exercise: Design a 3-week AI adoption plan for your team that includes governance, training, and metrics.
Steps:
- Assess your team's current state: AI tool usage, existing governance, pain points
- Select the target AEEF tier and justify the choice
- Create a training schedule using the AEEF certification tracks
- Define adoption metrics and success criteria
- Plan for resistance: identify likely objections and prepare responses
- Draft a communication plan: how you will announce and roll out the changes
Deliverable: A 3-week AI adoption plan with training schedule, metrics, and communication strategy.
Assessment Criteria
- Adoption plan includes training schedule aligned with AEEF certification tracks
- Plan addresses developer resistance with evidence-based responses
- Performance management approach adapted for AI-assisted development
- Metrics defined for measuring adoption success beyond simple usage
Module 4: Scaling & Compliance (2 hours)
Learning Objectives
By the end of this module, you will be able to:
- Create a progressive adoption timeline from Tier 1 to Tier 3
- Navigate regulatory requirements across jurisdictions
- Generate audit evidence from AEEF governance artifacts
- Build board-ready reports on AI governance metrics
Topics
4.1 Progressive Adoption Timeline (30 minutes)
How to scale AEEF from one team to the entire organization.
-
Phase 1 (Week 1-2): Pilot with one team
- Deploy Tier 1 on 3-5 repositories
- Collect baseline metrics
- Train team leads (Manager Certification)
- Document lessons learned
-
Phase 2 (Week 3-4): Expand to department
- Promote pilot team results internally
- Deploy Tier 1 across all active repositories
- Begin Tier 2 adoption for the pilot team
- Start Developer Certification cohorts
-
Phase 3 (Week 5-6): Organization-wide
- Tier 1 mandatory for all new repositories
- Tier 2 for teams with 5+ engineers
- Tier 3 evaluation for regulated projects
- Architect Certification for senior technical staff
-
Phase 4 (Week 7+): Continuous improvement
- Custom Semgrep rules for organizational patterns
- Internal AEEF champions network
- Contribution to open-source AEEF materials
- Annual recertification and framework updates
-
Scaling patterns: hub-and-spoke (central governance team), federated (per-team governance owners), hybrid
-
Common scaling failures: moving too fast, insufficient training, no executive sponsorship
4.2 Regulatory Requirements (30 minutes)
AI governance is increasingly a regulatory requirement, not just a best practice.
-
Saudi Arabia (KSA):
- SDAIA AI ethics principles
- National Data Management Office requirements
- Sector-specific regulations (financial, healthcare)
- AEEF sovereign overlay:
shared/overlays/ksa/
-
United Arab Emirates (UAE):
- AI Office governance framework
- Dubai International Financial Centre (DIFC) AI regulations
- Abu Dhabi Global Market (ADGM) technology governance
- AEEF sovereign overlay:
shared/overlays/uae/
-
Egypt:
- National AI Strategy requirements
- Central Bank of Egypt technology governance
- Data Protection Law compliance
- AEEF sovereign overlay:
shared/overlays/eg/
-
European Union:
- EU AI Act: classification of AI coding tools as general-purpose AI
- GDPR implications for AI-processed code containing personal data
- Digital Services Act compliance for AI-generated outputs
- AEEF sovereign overlay:
shared/overlays/eu/
-
Cross-jurisdiction challenges:
- Data residency requirements for AI model interactions
- Intellectual property concerns with AI-generated code
- Export control implications for certain AI capabilities
- Multi-jurisdiction teams: applying the most restrictive overlay
4.3 Audit Evidence Generation (30 minutes)
Turning governance artifacts into audit-ready evidence.
- What auditors want to see:
- Policy documentation: AEEF standards mapped to organizational controls
- Enforcement evidence: CI pipeline logs showing governance checks
- Training records: certification completions and assessment results
- Incident history: how governance detected and responded to issues
- Change management: how governance configurations are updated and versioned
- AEEF artifacts that serve as evidence:
settings.json-- tool permission controls- CI workflow logs -- enforcement execution
- PR metadata -- AI disclosure, review records
- Commit trailers -- AI attribution
- Agent contracts -- role definitions and constraints
- Mutation testing reports -- test quality evidence
- Semgrep scan results -- security scanning evidence
- Evidence collection automation:
- Scheduled exports from CI/CD platforms
- Provenance log aggregation (from AEEF CLI
/aeef-provenanceskill) - Compliance dashboards with historical trend data
- Audit preparation checklist:
- Map AEEF standards to regulatory requirements
- Verify evidence collection is running for all governed repositories
- Review incident history for completeness
- Prepare narrative: "Here is how we govern AI coding, here is the evidence"
4.4 Board-Ready Metrics and Reporting (30 minutes)
Translating technical governance metrics into business language.
- Board-level metrics:
- AI governance coverage: percentage of repositories under AEEF governance
- Quality trend: defect density over time (trending down = governance working)
- Risk reduction: incidents prevented by governance controls (pre vs. post adoption)
- Investment efficiency: cost of governance vs. cost of incidents avoided
- Compliance status: regulatory requirements met vs. outstanding
- Reporting templates:
- Monthly engineering report: 1-page summary with 5 key metrics
- Quarterly board update: 3-page report with trends, incidents, and recommendations
- Annual governance review: comprehensive assessment with year-over-year comparison
- Visualization guidelines:
- Use trend lines, not point-in-time numbers
- Show before/after comparisons around governance adoption dates
- Include industry benchmarks for context
- Highlight leading indicators (governance adoption rate) alongside lagging indicators (defect density)
- Common mistakes in executive reporting:
- Too much technical detail (the board does not need Semgrep rule counts)
- Too much optimism (acknowledge challenges and gaps)
- No connection to business outcomes (tie every metric to revenue, risk, or efficiency)
4.5 Lab: Create a 6-Week Transformation Roadmap (remaining time)
Exercise: Build a comprehensive 6-week roadmap for adopting AEEF governance across your organization.
Steps:
- Map your current state: number of teams, repositories, AI tool usage, existing governance
- Define target state at 6 weeks: which tier for which teams, training targets, metric goals
- Create a week-by-week plan:
- Week 1: Executive briefing, pilot team selection, Tier 1 deployment
- Week 2: Manager certification, expand Tier 1, begin metrics collection
- Week 3: Developer certification cohort 1, Tier 2 for pilot team
- Week 4: Developer certification cohort 2, expand Tier 2
- Week 5: Architect certification, Tier 3 evaluation
- Week 6: Organization-wide review, adjust and plan next 6 weeks
- Define success criteria for each week
- Identify risks and mitigation strategies
- Budget: training hours, tooling costs, consulting (if needed)
Deliverable: A 6-week transformation roadmap with weekly milestones, success criteria, and budget estimate.
Assessment Criteria
- Roadmap includes progressive tier adoption with realistic timelines
- Regulatory requirements identified for the relevant jurisdiction
- Audit evidence generation strategy defined with specific artifacts
- Board-level reporting template drafted with 5+ business metrics
Practical Assessment: Governance Deployment Plan
The Manager Certification culminates in a governance deployment plan that demonstrates competency across all 4 modules. This plan is evaluated by a reviewer or peer group.
Plan Requirements
| Section | Content | Weight |
|---|---|---|
| Business Case | ROI calculation, risk data, executive summary | 20% |
| Tier Selection | Tier recommendation per team with justification | 15% |
| Deployment Plan | Config packs, CI setup, enforcement strategy | 20% |
| Training Plan | Certification track selection, schedule, budget | 15% |
| Metrics & Reporting | KPIs defined, dashboards planned, reporting cadence | 15% |
| Compliance | Regulatory mapping, audit evidence strategy | 15% |
| Total | 100% |
Passing Score: 80% overall, no section below 60%.
Knowledge Assessment
In addition to the governance plan, candidates complete a 40-question multiple-choice exam:
| Section | Questions | Topics |
|---|---|---|
| Business Case & Market Data | 10 | Productivity paradox, ROI, incidents |
| Governance Setup | 10 | Tier selection, config packs, CI enforcement |
| Team Enablement | 10 | Culture, training, performance management |
| Scaling & Compliance | 10 | Progressive adoption, regulations, audit |
| Total | 40 | Pass: 32/40 (80%) |
Time limit: 60 minutes.
Preparation Checklist
Before starting the Manager Certification, ensure you have:
- Access to at least 3 repositories you manage (for lab exercises)
- Current team metrics: defect density, PR review time, CI pass rate (if available)
- Familiarity with your organization's regulatory requirements
- Review of Why AI Coding Governance? as pre-reading
- GitHub account (for config pack deployment labs)
- 8 hours of dedicated study time (recommend 2 hours per week over 4 weeks)
Recommended Study Schedule
Self-Paced (4 weeks)
| Week | Module | Hours |
|---|---|---|
| 1 | Module 1: The Business Case | 2 |
| 2 | Module 2: Setting Up Governance | 2 |
| 3 | Module 3: Team Enablement & Culture | 2 |
| 4 | Module 4: Scaling & Compliance + Exam | 2 |
Intensive (2 days)
| Day | Modules | Hours |
|---|---|---|
| Day 1 | Modules 1-2 | 4 |
| Day 2 | Modules 3-4 + Exam | 4 |
Continuing Education
After completing the Manager Certification, you may pursue:
- Executive Track: Sharpen your board-level communication and strategic decision-making
- Architect Track: Deepen technical understanding of agent SDLC design
- Workshop Specializations: Attend AI Governance for CTOs or From Vibe Coding to Agentic Engineering
- Internal Training: Deliver the AEEF training program within your organization using the open-source materials
Related Resources
- AEEF Training & Certification Program -- Program overview and track comparison
- Developer Certification -- For software engineers on your team
- Workshop Catalog -- Standalone workshops for targeted training
- Why AI Coding Governance? -- The evidence base referenced throughout Module 1
- Adoption Paths -- Decision tree for tier selection (Module 2)
- Transformation Track -- The organizational program that governance supports
- KPI Framework -- Metrics framework referenced in Module 2