AI requires proper risk management strategies to really deliver on its promise. Let’s dive into a crucial phase in our risk management process: the baseline assessment.
With great power comes great responsibility, and this is definitely the case for AI. It’s a technology with vast potential, but it also comes with its fair share of risks. The solution is, of course, AI risk management – as we’ve said here before. So how does AI risk management work in practice? Many people see it as a mysterious, arcane practice steeped in typical consulting language. It’s often shrouded in “optimized processes”, “rigorous testing”, and “streamlined workflows”, but it’s really not that complicated.
In our AI risk management strategy, we start with awareness-building through workshops. We make sure people understand what AI is, what its risks are, and what’s at stake for the company. We get everyone involved, collect insights, and help you set objectives for your risk management journey.
Then, we look at your “as-is” situation by taking stock. We collect data on your processes and policies, your technical capabilities, and your team’s readiness. This is no easy task, and it’s best left to a team of experts with experience in compliance, data science, and business strategy. It requires a fresh perspective that an insider lacks – if you’re working for or leading a business, you’re bound to look at your internal processes and structures in a different way.
We also create an inventory of the AI systems you’re using, from major applications to smaller tools and scripts embedded in other systems. What kinds of tasks are your systems doing and how important are they for your core business processes? Who is using these systems – employees or clients? Our team, with decades of data strategy experience, will also chart the data flows within your company and determine any interdependencies.
Then, we start our analysis. First, we examine what risks your systems pose. How likely is it that an adverse event could happen? And if such an event were to happen, how severe would its effects be? We also categorize your systems in accordance with the provisions of the EU AI Act.
Then, we assess your organization’s maturity to deal with those risks. We evaluate your risk management and mitigation strategies, your technical skills, your data infrastructure, your reporting protocols, and much more. Both the risk rating and maturity score are, of course, reported back to you so you fully understand where you have room for improvement.
From there, we build a risk management roadmap that is fully tailored to your needs. The baseline assessment, with its risk rating and maturity score gives you a much better view of how important and how extensive your risk management journey will be.
After that, we’ll do everything that needs to be done to make sure you’re using AI responsibly. We get you fully aligned with the AI Act by adapting your organization’s policies and processes (such as your method of disclosure of AI-generated content), review your technical capacities, and revise your team structure to, for example, always keep a human in the loop. We’ll ensure you adhere to obligations like the AIA’s quality management system.
For high-risk systems, we’ll perform conformity assessments wherever necessary, set up an internal review protocol, create model cards, and review or adapt your technical documentation. After we ensure you’re compliant, the process doesn’t end. We’re in it for the long term, so we’ll continue to make sure you’re using AI responsibly. We’ll be your trusted AI partner with a deep understanding of how AI impacts your business in its own unique way.
We’ll dive deeper into the implementation and maintenance phases in future insights – for now, don’t hesitate to get in touch to explore what we can do for you. Contact our EU AI Act Manager Koen Mathijs or your local Sparkle office to learn more!
