Artificial Intelligence (AI) makes it essential to rethink your GRC programs, processes, and activities!

I have been talking with Carole Switzer, President of OCEG, about the implications of AI for GRC.

Carole and I have been collaborating for more than 20 years around the creation of GRC principles, frameworks, and leading practices. We’ve continued to discuss the evolution of GRC over all these years and its always thought provoking. Most recently, our focus has been on AI and its implications for GRC.

Boards of directors and the executives responsible for assuring the responsible, trustworthy deployment and use of AI in their enterprises have important decisions to make and work to do. Carole and I agree that the increasing adoption and use of artificial intelligence (AI) requires them to be asking new and important questions about their governance, risk management, and compliance strategies and functions. It is important that they consider both sides of the equation, and explore not only GRC for AI, but also AI for GRC - i.e., opportunities to leverage AI to improve GRC.

AI systems are designed to draw conclusions, make recommendations, and even make decisions based on complex algorithms and data. This means that errors or biases in the data or models can lead to unintended consequences, including compliance violations, reputational damage, and financial losses. Therefore, boards and senior executives must ensure that their organizations have effective governance, risk management, and compliance management frameworks in place to address these risks. The old ways will almost certainly be inadequate or deficient at some point as AI deployment increases. It is important to understand the unique challenges presented by AI and the need to adapt accordingly.

Organizations must identify, design, and implement appropriate controls to realize the benefits of AI while managing the inevitable risks. It is crucial that board directors and senior executives take a proactive approach to AI governance, risk management, and compliance management.

Start by asking the right questions. To help navigate the complex landscape of AI, here are five critical questions that Carole and I think every board and executive team should be asking:

1. Do we know which business units, departments, or functions are already using AI, in what ways and for what purposes?

This is an essential question but getting an accurate answer can be a challenge. With the increasing availability of open-source AI frameworks and cloud-based AI services, different teams within the organization might be using AI without the knowledge of the IT department. Also, some AI applications might be embedded within larger software systems, making it difficult to identify their usage. To get an accurate answer, executives need to work with the IT department to conduct a thorough audit of all the systems being used within the organization.

2. Do we have any defined and documented governance processes for the development, deployment, and use of AI?

Establishing governance processes for the development, deployment, and use of AI is essential to mitigate the risks associated with its use. However, this is easier said than done. AI is a complex technology that involves multiple stakeholders, including data scientists, IT professionals, and business leaders. Developing a governance framework that is comprehensive and flexible enough to accommodate the needs of all stakeholders can be a significant challenge. To answer this question, executives need to engage with all the stakeholders involved in the AI development and deployment process to understand their needs and develop a governance framework that addresses their concerns.

3. Do we have a rigorous methodology for evaluating gaps, overlaps and risks in our use of AI? Evaluating gaps, overlaps, and risks associated with AI use is crucial to ensure that the organization is making informed decisions about its use. However, evaluating AI systems can be challenging due to their complexity. AI systems often involve multiple algorithms, data sources, and models, making it difficult to understand how they work and identify the gaps, overlaps, and risks associated with their use. To answer this question, executives need to work with data scientists and other AI experts to develop a rigorous methodology for evaluating the risks associated with the use of AI.

4. How do we identify and manage the reputational, relational, regulatory, and operational risks associated with our use of AI, and do so with sufficient agility to keep up with the velocity of change?

Identifying and managing the reputational, relational, regulatory, and operational risks associated with the use of AI is essential to ensure that the organization is not exposed to unnecessary risks. However, identifying and managing these risks can be challenging due to the fast-paced nature of the technology. The risks associated with AI use are constantly evolving, and organizations need to be agile enough to keep up with the changes. To answer this question, executives need to work with legal, compliance, and risk management professionals to continually identify and manage the risks associated with AI use.

5. How do we ensure that the algorithms and models developed in our AI systems are explainable, reliable, and trustworthy?

Ensuring that the algorithms and models developed in AI systems are explainable, reliable, and trustworthy is crucial to building trust in the technology. However, achieving this goal can be challenging due to the complexity of AI systems. To answer this question, executives need to work with data scientists and other AI experts to develop algorithms and models that are explainable, reliable, and trustworthy.

These are just the first five of many important questions that executives should be asking about GRC for AI. For a more comprehensive list, check out The Top 25 Questions Leadership Must Ask About GRC For AI.

Carole and I are currently considering the most relevant questions for different executive roles, stakeholders, and functions. Look for an upcoming post around “AI for GRC” – i.e., questions regarding how AI can improve governance, risk management, compliance management and related activities.

#ai #grc #leadership #artificialintelligence