Artificial Intelligence, or AI, is no longer the exclusive tool of limited entities such as defense organizations, instead, AI is now present everywhere and impacting all walks of life. From gaming to films and from manufacturing to services, AI is impacting ever person’s life.
Further, AI has disrupted the way risk was envisaged by the risk advisory professionals. AI has presented challenges and also it has given new opportunities.
Notwithstanding above, the more powerful the technology the more damage it can do, If used incorrectly or with wrong intention. Hence, it is very important for the senior leadership of the Company to accept the kind of risk AI bring to the table and Risk advisory professionals need to possess the required skills to get a grip on AI so that the risks related to AI can be reported.
Responsibilities of the senior leadership
Senior leadership need answers of following questions to understand whether the risks related to AI are taking care of:
- How are the risks related to AI are identified? Whether management and Auditors are working in cooperation to identify the risks comprehensively.
- Whether the risks are segregated between high, medium and low category. How auditors are going to address the risks?
- Is there an Audit plan in place for the established AI risks?
- Whether the organization has requisite controls in place to address the risk related to AI?
- Whether the auditors have requisite skills and training to assess the controls in the organization with respect to mitigate AI related risks?
- Whether there is training facilities in place to update the management and the auditors with respect to new developments in technologies around the globe. It is very important for the auditors to sharpen their critical thinking skills.
Role of Risk Advisory professionals
Role of risk advisory professional is multi-faceted in assessing and reporting risk related to AI. The role itself start with the introduction of AI to the organization, following assurances are required by the management from the risk advisory team at various stages:
At the time of introduction of AI
Risk advisory professionals requires to give assurance to the organization that the implementation of AI is assisting in the achievement of the overall objective of the organization. Further, the implementation of AI is not skewed by the biases of the technology creators. Assurance also required in the legal and other compliance aspects.
Performance of AI
- Assurance of data quality used by the AI on the principle of ‘Garbage in Garbage out’.
- Review of the performance of AI as measuring it against the expected output required out of the system.
- Assessing the emerging risk associated with AI proactively and ensuring the mitigatory controls in place.
Governance of AI
- Policy and procedures governing AI
- Risk control matrix to ascertain the risks
- IT security