Skip to main content

Auditing AI, a Lehman Brothers in the making?

 


Can auditing AI products work? 'AI audit refers to evaluating AI systems to ensure they work as expected without bias or discrimination and are aligned with ethical and legal standards.' states Javid in the 'How to perform an AI Audit in 2023' article.  It's a fine article, listing many of the existing frameworks that are currently in existence, principally COBIT Framework (Control Objectives for Information and related Technology) and IIA's (Institute of Internal Auditors) AI Auditing Framework: This AI framework aims to assess the design, development, and working of AI systems and their alignment with the organisation’s objectives. Three main components of IIA’s AI Auditing Framework are Strategy, Governance, and Human Factor. 

This all seems fine, on the surface. Internal auditing has had a variety of issues though. The same can be said for External Auditing. There are five large firms that conduct external AI auditing: Deloitte, PwC, EY, KPMG and Grant Thronton. Those of you familiar with recent history may be aware of say the contractors Carrilion, who collapsed in 2018 with debts of £7bn came after annual accounts were approved by KPMG. Carillion may not be the same industry, but there have been many other auditor failures, Lehman Brothers employed Ernst & Young (EY) as their firm's independent auditors. Lehman Brothers and MF Global had very comprehensive Enterprise Risk Management programs and very knowledgeable CROs, and they still failed.

So what lessons can be learned from both internal and external audit failures? Thankfully there is a lot of literature on the subject. Most, but not all of the literature emanated from the Great Financial Crash of 2018 but are still of value: 

Risk managers face several challenges that make it difficult to demonstrate the total cost of risk and the Return On Investment of enterprise risk management. 

They often struggle to uncover and deliver risk-related information from across the entire organisation due to a lack of convincing and actionable data. Relevant data is often tied up in multiple, manually-based systems that are a challenge to pull together, making it exceedingly difficult to demonstrate the value of preventing risks that never came to fruition or the value of taking risks that resulted in revenue generation. 

A lack of sound and timely data often translates into a lack of organisational support for enterprise risk management. The E suite often won’t buy in because they can’t comprehend why ERM matters any more than all the other initiatives on its plate, and those employees on the lower rungs of the organisational ladder often won’t buy in because they presume the data intake and input associated with ERM is going to impede them from doing their actual jobs. 

When inadequate data is married to inadequate organisational support, risk management won’t be a strategic endeavour. This makes it extremely difficult for a risk manager to earn a seat at the decision-making table, and organisations often struggle to fulfil the many risk management tasks spread across a multitude of departments and countless employees.


In Deep Minds paper, 'Model evaluation for extreme risks' they state:

'Model evaluations for extreme risks will play a critical role in governance regimes. A central goal of AI governance should be to limit the creation, deployment, and proliferation of systems that pose extreme risks. To do this, we need tools for looking at a particular system and assessing whether it poses extreme risks. We can then craft company policies or regulations that ensure:

1. Responsible training: Responsible decisions are made about whether and how to train a new model that shows early signs of risk.
2. Responsible deployment: Responsible decisions are made about whether, when, and how to deploy potentially risky models.
3. Transparency: Useful and actionable information is reported to stakeholders, to help them mitigate potential risks.
4. Appropriate security: Strong information security controls and systems are applied to models that might pose extreme risks.'

This is for Extreme Risk Models. It seems totally inadequate, to me. We also know that a large proportion of staff dealing with risk have been cut recently from most of the big tech firms. So who will be left, internally, to train their programmers, their LLM trainers, their C Suite staff on AI Ethics? 

No wonder there are so many signatories to the 'risks in the far future papers' which can serve to distract from the risks that are currently occurring in the Tech corporate sector. 

Such an approach, if adopted by legislators, is likely though to stymie the deployment of models through the Open Source communities.


AI is not new. Far from it. The risks and concerns have long been debated. Their are frameworks in place in the sector to mitigate against risk (few seem to want to prevent risk). The biggest problems occur still, from the facts that legislators will find it difficult to adapt sufficiently to the scale of change that is occurring in the industry, and the risks posed by this all taking place in the context of: economy's prioritising individual choice and viewing social outcomes as a byproduct of individual maximising behaviour, in a rapidly decaying biosphere.

Comments

Popular posts from this blog

OpenAI's NSA Appointment Raises Alarming Surveillance Concerns

  The recent appointment of General Paul Nakasone, former head of the National Security Agency (NSA), to OpenAI's board of directors has sparked widespread outrage and concern among privacy advocates and tech enthusiasts alike. Nakasone, who led the NSA from 2018 to 2023, will join OpenAI's Safety and Security Committee, tasked with enhancing AI's role in cybersecurity. However, this move has raised significant red flags, particularly given the NSA's history of mass surveillance and data collection without warrants. Critics, including Edward Snowden, have voiced their concerns that OpenAI's AI capabilities could be leveraged to strengthen the NSA's snooping network, further eroding individual privacy. Snowden has gone so far as to label the appointment a "willful, calculated betrayal of the rights of every person on Earth." The tech community is rightly alarmed, with many drawing parallels to dystopian fiction. The move has also raised questions about ...

What is happening inside of the black box?

  Neel Nanda is involved in Mechanistic Interpretability research at DeepMind, formerly of AnthropicAI, what's fascinating about the research conducted by Nanda is he gets to peer into the Black Box to figure out how different types of AI models work. Anyone concerned with AI should understand how important this is. In this video Nanda discusses some of his findings, including 'induction heads', which turn out to have some vital properties.  Induction heads are a type of attention head that allows a language model to learn long-range dependencies in text. They do this by using a simple algorithm to complete token sequences like [A][B] ... [A] -> [B]. For example, if a model is given the sequence "The cat sat on the mat," it can use induction heads to predict that the word "mat" will be followed by the word "the". Induction heads were first discovered in 2022 by a team of researchers at OpenAI. They found that induction heads were present in ...

Prompt Engineering: Expert Tips for a variety of Platforms

  Prompt engineering has become a crucial aspect of harnessing the full potential of AI language models. Both Google and Anthropic have recently released comprehensive guides to help users optimise their prompts for better interactions with their AI tools. What follows is a quick overview of tips drawn from these documents. And to think just a year ago there were countless YouTube videos that were promoting 'Prompt Engineering' as a job that could earn megabucks... The main providers of these 'chatbots' will hopefully get rid of this problem, soon. Currently their interfaces are akin to 1970's command lines, we've seen a regression in UI. Constructing complex prompts should be relegated to Linux lovers. Just a word of caution, even excellent prompts don't stop LLM 'hallucinations'. They can be mitigated against by supplementing a LLM with a RAG, and perhaps by 'Memory Tuning ' as suggested by Lamini (I've not tested this approach yet).  ...