AI Risk Management in Practice: Conformance assessments
Sri Krishnamurthy, CFA, CAP
CEO, QuantUniversity | AI Expert | Educator | Author | TedX Speaker |
In Edition 5 of the AI Risk Newsletter, we discussed scoping assessments primarily focused on benchmarking. In this edition, we will focus on conformance assessments.
?? What is a Conformance Assessment?
Conformance assessments??are conducted on models or algorithmic systems internally or by a qualified external entity to obtain a certification of compliance/conformance. The scoping of a conformance assessment, which is closely related to compliance assessments depends on what is being assessed. Conformance assessments can be scoped to cover many aspects. We will discuss three types of conformance assessments in this letter.
?? Internal policy conformance assessment:?
In an internal policy conformance assessment, the goal is to assess whether the various stakeholders have adhered to the internal models policies adopted by the organization in the development and deployment of algorithmic systems.
Examples:
Internal company policies may include policies like:
The goal of an assessment conducted internally/externally is to ensure that such internal policies are adhered to.
?? Industry?standards conformance assessment:?
In an Industry?standards conformance assessment, the goal is to evaluate whether an organization has confirmed to specific standards pertinent to the development and deployment of algorithmic systems. Examples of standards could be adoption of a consortium/industry-based standard/best practice or standards defined by NIST, EU, ISO etc.
Examples:
Ethical sourcing of training data?
2. Annotators would be paid market wage for work performed
?? Legal/Regulatory compliance assessments:?
Legal/regulatory compliance assessments would assess if an organization is compliant with pertinent regulations or should plan for due to emerging laws. This could also include adherence to geo-specific laws.
Examples
领英推荐
?? How do you plan conformance assessments?
Conformance audits could be planned proactively(anticipatory), routinely or triggered due to incidents.
?Routine assessments
Example:
You operate in multiple states/countries with different laws and compliance requirements. You release product updates routinely and want to ensure that prior to release of a product update, you are conforming to all legal requirements or industry standards you are obligated to/adopted.
?Proactively(anticipatory) assessments
Example:
A new law (NYC Bias law for example) will be implemented soon. You have implemented practices in place to comply and want an external assessment to see if you comply with all requirements.
?Incident-related assessments
Example:
These are samples and the field is evolving. Have you done conformance assessments before or have you hired agencies to conduct conformance assessments? Please share your experiences in the comments below!
In the next letter, we will discuss?Risk assessments! Stay tuned!
??Keep on learning!
?? Want to learn more formally? Join the AI Risk Management Certificate program developed in partnership with PRMIA ->?https://lnkd.in/eVEhyNSQ
??Many of these topics will be elaborated in the?AI Risk Management?Book published by Wiley. Check updates here ->?https://lnkd.in/gAcUPf_m
??Subscribe to this newsletter/share it with your network ->?https://www.dhirubhai.net/newsletters/ai-risk-management-newsletter-6951868127286636544/
I am constantly learning too :) Please share your feedback and reach out if you have any interesting product news, updates or requests so we can add it to our pipeline.
Sri Krishnamurthy?