Best Practices for AI Governance Committees

🧭Governing AI Ethics with ISO42001🧭 Many organizations treat AI ethics as a branding exercise, a list of principles with no operational enforcement. As Reid Blackman, Ph.D. argues in "Ethical Machines", without governance structures, ethical commitments are empty promises. For those who prefer to create something different, #ISO42001 provides a practical framework to ensure AI ethics is embedded in real-world decision-making. ➡️Building Ethical AI with ISO42001 1. Define AI Ethics as a Business Priority ISO42001 requires organizations to formalize AI governance (Clause 5.2). This means: 🔸Establishing an AI policy linked to business strategy and compliance. 🔸Assigning clear leadership roles for AI oversight (Clause A.3.2). 🔸Aligning AI governance with existing security and risk frameworks (Clause A.2.3). 👉Without defined governance structures, AI ethics remains a concept, not a practice. 2. Conduct AI Risk & Impact Assessments Ethical failures often stem from hidden risks: bias in training data, misaligned incentives, unintended consequences. ISO42001 mandates: 🔸AI Risk Assessments (#ISO23894, Clause 6.1.2): Identifying bias, drift, and security vulnerabilities. 🔸AI Impact Assessments (#ISO42005, Clause 6.1.4): Evaluating AI’s societal impact before deployment. 👉Ignoring these assessments leaves your organization reacting to ethical failures instead of preventing them. 3. Integrate Ethics Throughout the AI Lifecycle ISO42001 embeds ethics at every stage of AI development: 🔸Design: Define fairness, security, and explainability objectives (Clause A.6.1.2). 🔸Development: Apply bias mitigation and explainability tools (Clause A.7.4). 🔸Deployment: Establish oversight, audit trails, and human intervention mechanisms (Clause A.9.2). 👉Ethical AI is not a last-minute check, it must be integrated/operationalized from the start. 4. Enforce AI Accountability & Human Oversight AI failures occur when accountability is unclear. ISO42001 requires: 🔸Defined responsibility for AI decisions (Clause A.9.2). 🔸Incident response plans for AI failures (Clause A.10.4). 🔸Audit trails to ensure AI transparency (Clause A.5.5). 👉Your governance must answer: Who monitors bias? Who approves AI decisions? Without clear accountability, ethical risks will become systemic failures. 5. Continuously Audit & Improve AI Ethics Governance AI risks evolve. Static governance models fail. ISO42001 mandates: 🔸Internal AI audits to evaluate compliance (Clause 9.2). 🔸Management reviews to refine governance practices (Clause 10.1). 👉AI ethics isn’t a magic bullet, but a continuous process of risk assessment, policy updates, and oversight. ➡️ AI Ethics Requires Real Governance AI ethics only works if it’s enforceable. Use ISO42001 to: ✅Turn ethical principles into actionable governance. ✅Proactively assess AI risks instead of reacting to failures. ✅Ensure AI decisions are explainable, accountable, and human-centered.

💂♂️ Do you have robust #AI guidelines & guardrails in place for your business/team regarding #employee use & #HR policies? 😦 We still hear about professionals who are having a 'bad time' after falling into AI pitfalls. For example, employees going 'rogue' and using AI without anyone knowing. Companies uploading proprietary information that is now available for the public (or competitors) to access. Sales teams sharing customer data with #LLMs without thinking through consequences. People passing off AI-generated outputs as their own work. ✅ Here's a good mini framework to consider: - Statement of Use: Purpose, Method, and Intent - Governance: Steering Committee, Governance & Stewardship - Access to AI Technologies: Permissions, Oversight & Organization - Legal & Compliance: Compliance with Industry-specific Laws/Regulations - HR Policies: Integration with Existing Policies - Ethical Considerations: Transparency, Privacy & Anti-bias Implications - IP & Fair Use: Who owns AI-influenced IP? - Crisis Plan: Creating an Internal Crisis Management & Communications Plan - Employee Communications: Internal Training & Feedback Loops ⛷ Shout out to #SouthPark for inspiring this #meme 👉 Need help to tailor AI Guidelines to your #business? We're here to help! Drop me a DM and I'd love to share some ideas on how to get your team on the same page, so you 'have a good time' when using #artificialintelligence.

Board Directors: A flawed algorithm isn’t just the vendor’s problem…it’s yours also. Because when companies license AI tools, they don’t just license the software. They license the risk. I was made aware of this in a compelling session led by Fayeron Morrison, CPA, CFE for the Private Directors Association®-Southern California AI Special Interest Group. She walked us through three real cases: 🔸 SafeRent – sued over AI tenant screening tool that disproportionately denied housing to Black, Hispanic and low-income applicants 🔸 Workday – sued over allegations that its AI-powered applicant screening tools discriminate against job seekers based on age, race, and disability status. 🔸 Amazon – scrapped a recruiting tool which was found to discriminate against women applying for technical roles Two lessons here: 1.\ Companies can be held legally responsible for the failures or biases in AI tools, even when those tools come from third-party vendors. 2.\ Boards could face personal liability if they fail to ask the right questions or demand oversight. ❎ Neither ignorance nor silence is a defense. Joyce Cacho, PhD, CDI.D, CFA-NY, a recognized board director and governance strategist recently obtained an AI certification (@Cornell) because: -She knows AI is a risk and opportunity. -She assumes that tech industry biases will be embedded in large language models. -She wants it to be documented in the minutes that she asked insightful questions about costs - including #RAGs and other techniques - liability, reputation and operating risks. If you’re on a board, here’s a starter action plan (not exhaustive): ✅ Form an AI governance team to shape transparency culture 🧾 Inventory all AI tools: internal, vendor & experimental 🕵🏽♀️ Conduct initial audits 📝 Review vendor contracts (indemnification, audit rights, data use) Because if your board is serious about strategy, risk, and long-term value… Then AI oversight belongs on your agenda. ASAP What’s your board doing to govern AI?

This new white paper "Steps Toward AI Governance" summarizes insights from the 2024 EqualAI Summit, cosponsored by RAND in D.C. in July 2024, where senior executives discussed AI development and deployment, challenges in AI governance, and solutions for these issues across government and industry sectors. Link: https://lnkd.in/giDiaCA3 * * * The white paper outlines several technical and organizational challenges that impact effective AI governance: Technical Challenges: 1) Evaluation of External Models:  Difficulties arise in assessing externally sourced AI models due to unclear testing standards and development transparency, in contrast to in-house models, which can be customized and fine-tuned to fit specific organizational needs. 2) High-Risk Use Cases: Prioritizing the evaluation of AI use cases with high risks is challenging due to the diverse and unpredictable outputs of AI, particularly generative AI. Traditional evaluation metrics may not capture all vulnerabilities, suggesting a need for flexible frameworks like red teaming. Organizational Challenges: 1) Misaligned Incentives: Organizational goals often conflict with the resource-intensive demands of implementing effective AI governance, particularly when not legally required. Lack of incentives for employees to raise concerns and the absence of whistleblower protections can lead to risks being overlooked. 2) Company Culture and Leadership: Establishing a culture that values AI governance is crucial but challenging. Effective governance requires authority and buy-in from leadership, including the board and C-suite executives. 3) Employee Buy-In: Employee resistance, driven by job security concerns, complicates AI adoption, highlighting the need for targeted training. 4) Vendor Relations: Effective AI governance is also impacted by gaps in technical knowledge between companies and vendors, leading to challenges in ensuring appropriate AI model evaluation and transparency. * * * Recommendations for Companies: 1) Catalog AI Use Cases: Maintain a centralized catalog of AI tools and applications, updated regularly to track usage and document specifications for risk assessment. 2) Standardize Vendor Questions: Develop a standardized questionnaire for vendors to ensure evaluations are based on consistent metrics, promoting better integration and governance in vendor relationships. 3) Create an AI Information Tool: Implement a chatbot or similar tool to provide clear, accessible answers to AI governance questions for employees, using diverse informational sources. 4) Foster Multistakeholder Engagement: Engage both internal stakeholders, such as C-suite executives, and external groups, including end users and marginalized communities. 5) Leverage Existing Processes: Utilize established organizational processes, such as crisis management and technical risk management, to integrate AI governance more efficiently into current frameworks.