Best Practices for AI Adoption – Key Insights from GRC Panel Discussion

I recently participated in a GRC-hosted panel discussion on "Best Practices for AI Adoption," where we explored managing risks and seizing opportunities in AI.

The session was moderated by Adomas Siudika, Esq. , a privacy counsel at OneTrust . Joining the panel were Michael Charles Borrelli , Director at AI & Partners , and myself, CEO at Tigon Advisory Corp.

Our discussion provided valuable insights into navigating the complexities of AI adoption. We emphasized risk management, governance frameworks, and the importance of complying with emerging regulations.

Here’s a summary of the key takeaways:

Understanding AI Risks: People, Data, and Ethics

The panel explored several major risks associated with AI deployment:

• People: Concerns about job displacement, privacy invasion, and biased outcomes are prevalent. Many individuals lack the understanding needed to fully trust AI results.
• Data Privacy and Security: AI systems require extensive data, which raises concerns about privacy breaches and security vulnerabilities. Mishandling data can lead to severe legal and reputational consequences.
• Bias and Transparency: AI algorithms can perpetuate existing biases in training data and lead to discriminatory outcomes. The lack of transparency in AI decision-making can undermine trust and accountability.
• Costs and ROI: Implementing AI can be expensive.? It requires substantial investments. Businesses need to carefully evaluate the financial costs and expected returns.

Building a Robust AI Governance Program

Key components of a robust AI Governance program were discussed, including:

• Commitment to High-Quality Data: Both AI and privacy frameworks emphasize the need for high-quality data that meets privacy and protection standards. The EU AI Act supports this by ensuring that AI systems, especially high-risk ones, are developed based on training, validation, and testing data sets that meet quality criteria.
• Data Governance and Management Practices: The EU AI Act mandates stringent data governance practices to ensure data integrity and privacy. AI systems must implement measures to detect, prevent, and mitigate biases, ensuring data is accurate and complete.
• Privacy-Preserving Techniques: The EU AI Act promotes privacy-preserving techniques in AI development and testing, aligning with data protection principles and ensuring respectful handling of data throughout its lifecycle.
• Transparency and Accountability: Transparency and accountability are essential. The Act requires AI systems to be developed and used in ways that ensure traceability and explainability.
• Mitigation of Biases and Discrimination: The Act emphasizes the need to mitigate biases and ensure fairness, which aligns with privacy principles to prevent discrimination.

Navigating New Regulatory Landscapes

Recent developments in AI regulation were highlighted:

• EU AI Act: This landmark regulation sets a global benchmark, imposing penalties for non-compliance of up to EUR 35 million or 7% of global annual turnover.
• AI Regulatory Sandboxes: The Act requires the establishment of national AI regulatory sandboxes within 24 months. These sandboxes provide a controlled environment for testing and validating innovative AI systems, fostering innovation while ensuring compliance.
• Support for Innovation: The Act includes measures to support SMEs and startups, such as access to regulatory sandboxes and tailored training activities.

The Role of Techno-Multilateralism in AI Governance

Techno-multilateralism involves a collaborative approach with diverse stakeholders—governments, international organizations, private sector entities, civil society, and academia—shaping policies and regulations for emerging technologies. This approach ensures inclusive decision-making, promotes innovation, and enhances governance accountability.

AI Governance and Frameworks

An AI Governance Committee oversees the ethical, legal, social, and technical aspects of AI adoption. Its role includes developing guidelines for responsible AI use, assessing risks like biases and privacy issues, and ensuring compliance with ethical standards. Typically comprised of experts from various fields, including AI technology, cybersecurity, and law, the committee helps ensure AI systems are developed and used responsibly.

The NIST AI RMF provides a framework to manage AI risks through governance, mapping, measurement, and management functions, guiding organizations throughout the AI lifecycle.

AI Literacy

AI literacy refers to understanding artificial intelligence concepts, principles, applications, and implications. It includes knowledge about how AI works, its benefits and risks, and its ethical considerations. Here’s why AI literacy is important and how it can be fostered:

• Empowerment: AI literacy enables individuals to make informed decisions about AI adoption, usage, and regulation.
• Enhancement of Workforce Skills: AI literacy boosts productivity by enhancing skills and freeing up time from repetitive tasks.
• Ethical Development: Understanding AI principles and ethics is crucial for responsible AI development and deployment.

Fostering AI Literacy:

• Education and Training: Integrate AI training programs into early and higher education curricula to build foundational knowledge.
• Accessible Learning Resources: Develop user-friendly resources such as online courses, tutorials, workshops, and educational videos to make AI concepts more accessible.
• Infrastructure and Accessibility: Work to reduce infrastructure costs and energy consumption to make AI more accessible.
• Innovation Hubs: Visiting AI innovation centers, such as the EY-Nottingham Spirk Innovation Hub, can provide valuable insights. Engaging your executive team or board in such experiences can help them understand AI’s transformative potential.

Key Considerations and Examples

• Approaches to AI Governance: Various strategies include risk-based, rules-based, principles-based, and outcomes-based approaches.
• Examples from Industry: Best practices from leading companies, such as implementing explainability standards, fairness appraisals, and safety considerations, were highlighted.

Final Thoughts

The discussion concluded with reflections on the future of AI, referencing a quote about the exponential growth of AI capabilities. The consensus was that responsible AI deployment and trust-building will depend on effective governance, adherence to regulations, and a commitment to ethical practices. The future success of AI will hinge on managing these technologies with diligence and responsibility.