02 Oct Risk Management for AI: A New Frontier
Artificial intelligence is the way of the future, but the speed of its adoption introduced a particular set of problems. One of those problems overshadows the others: How can a company create an AI framework that allows it to operate legally, ethically and profitably? The answer is this: They must create a system that allows the company to view its operations holistically rather than in a traditional silo structure.
Data security and privacy departments need to be aware of the security and privacy processes and procedures the marketing department is implementing and vice versa. Without the give and take of a holistic framework, different departments may be operating at cross-purposes — and that can lead to a legal or reputational disaster.
Developing an AI Framework
Carefully developing an AI framework is the only way to minimize the inherent risks:
- Strategic vision. The leadership team needs to create a strategic vision for use of AI in the company. It is critical that the entire leadership team is on the same page. First, they need to have a written statement about why using AI benefits the company. Companies that rushed to implement AI in the immediacy of the Covid-19 pandemic did not have time to take this step, but the advantage of hindsight may make doing it now even more important. In addition to the benefits, the statement should include the risks at both the company level and the department level.
- Data protection. The next step in the process is crafting detailed, department-level statements outlining where the data will come from, how it will be used, how customer privacy will be maintained and secured, what internal controls will be in place, who will be accountable at each step and how often policies and procedures will be reviewed.
- Department policies. These consumer privacy statements need to be reviewed to ensure that all department policies and procedures are in alignment and any conflicts are resolved. Issues should be resolved at the department level because it is the department leaders who have the most intimate knowledge of how the data “lives” in their area of specialty. Top management should oversee the process to encourage transparency and ensure the company’s strategic vision is followed.
- Staff training. Everyone needs to be trained in the proper use of the company’s AI tools. The goal of this training is to ensure that all employees understand their role in using the technology, their responsibility for using it ethically and the company’s guidelines for asking questions and reporting breaches.
Understanding the Risks
AI is here to stay, and so are the risks that come with it. Companies that adopted AI because their survival depended on it are in an unusual position — they can develop risk management policies and procedures with a level of understanding that comes only with experience. Company leaders who recognize that fact will benefit from this enhanced perspective as they formulate risk management policies that are both holistic and transparent.