How to harness AI with governance: Artificial Intelligence guide

AI is demonstrating its potential to disrupt industries on par with the internet and personal computers. Some predict it could become the ultimate game-changer across all platforms. Amidst the flood of AI-related content on social media, discussions on governance are often overlooked. This article delves into the importance of establishing AI governance within organizations to ensure the safe, ethical, and legal use of AI technology.

AI requirements development

Following the establishment of AI classification, organizations must formulate precise requirements concerning the design, utilization, and supervision of AI systems. Typically, requirements for higher-risk AI systems will entail stricter criteria compared to those for lower-risk AI systems.

It is imperative that AI requirements undergo formal evaluation, tracking, and scoring to guarantee desired outcomes. Requirements analysis is more likely to garner attention within organizations that systematically address various types of requirements.

Classification of AI systems

Not all AI systems pose the same risks or deliver equivalent value to organizations. Just like other technological capabilities, savvy organizations develop a straightforward classification framework to differentiate between higher-risk and lower-risk systems. Key criteria used for classifying AI systems include:

• Training data: Does the data utilized to train an AI system contain sensitive information such as personally identifiable data (PII), undisclosed financial data, or intellectual property? Is publicly available data used for training? Is there a risk of training data manipulation or poisoning?
• Decision-making: Does the AI system make critical decisions, such as determining product or service pricing, employee remuneration, or recruitment decisions?
• Human oversight: Is there adequate human supervision planned for specific AI systems, enabling humans to monitor, authorize decision-making, or override AI-generated decisions when necessary?
• Transparency: Does the AI system leverage employee or customer data, and are privacy policies transparent about this usage? Do users interacting with systems, chatbots, or interactive voice responses (IVRs) comprehend that they are engaging with an AI system?

Reviewing proposed AI systems

As with other capabilities, designated personnel should be tasked with evaluating the characteristics of proposed AI systems to ensure their usage aligns with safety, ethics, security, and legal standards.

Similar to a security architecture review, an assessment of proposed AI systems should encompass understanding the system's context, architecture, data protection measures, data flows, and integration with existing processes and systems.

Personnel conducting these reviews must possess knowledge of the organization's technology stack, information systems architecture, and management principles.

AI policy development

Corporate policies must delineate permissible and prohibited uses of AI within the organization.

However, policymakers need to grasp the widespread presence of AI systems online before adopting a blanket "AI is not permitted" stance. Shadow AI, where end-users circumvent policies to utilize AI tools, is prevalent. Similar to the theme of "life finds a way" in Jurassic Park, employees within an organization will find avenues to utilize AI tools, even if their usage is restricted.

Success factors

Generally, organizations with higher maturity levels are more adept at governing AI usage and ensuring it adds value without exposing the organization to unacceptable risks.

Organizations with lower maturity levels and inadequate IT and cybersecurity governance structures are more prone to relinquishing control of AI to end-users and departments. For these organizations, the battle may already be lost.

AI, like any technology, possesses the potential to amplify efficiency and accuracy in business processes. However, without proper governance, the consequences of deploying AI systems without safeguards can pose significant risks to organizations, surpassing those associated with other disruptive technologies.

Solutions without problems

IT departments are often quick to adopt the latest technology trends, even before identifying relevant business problems. The allure of AI can tempt even the most ardent advocates for governance and policy. Organizations lacking governance structures may already be utilizing AI at lower levels without leadership awareness.