Skip to main content

Auditing AI, a Lehman Brothers in the making?

 


Can auditing AI products work? 'AI audit refers to evaluating AI systems to ensure they work as expected without bias or discrimination and are aligned with ethical and legal standards.' states Javid in the 'How to perform an AI Audit in 2023' article.  It's a fine article, listing many of the existing frameworks that are currently in existence, principally COBIT Framework (Control Objectives for Information and related Technology) and IIA's (Institute of Internal Auditors) AI Auditing Framework: This AI framework aims to assess the design, development, and working of AI systems and their alignment with the organisation’s objectives. Three main components of IIA’s AI Auditing Framework are Strategy, Governance, and Human Factor. 

This all seems fine, on the surface. Internal auditing has had a variety of issues though. The same can be said for External Auditing. There are five large firms that conduct external AI auditing: Deloitte, PwC, EY, KPMG and Grant Thronton. Those of you familiar with recent history may be aware of say the contractors Carrilion, who collapsed in 2018 with debts of £7bn came after annual accounts were approved by KPMG. Carillion may not be the same industry, but there have been many other auditor failures, Lehman Brothers employed Ernst & Young (EY) as their firm's independent auditors. Lehman Brothers and MF Global had very comprehensive Enterprise Risk Management programs and very knowledgeable CROs, and they still failed.

So what lessons can be learned from both internal and external audit failures? Thankfully there is a lot of literature on the subject. Most, but not all of the literature emanated from the Great Financial Crash of 2018 but are still of value: 

Risk managers face several challenges that make it difficult to demonstrate the total cost of risk and the Return On Investment of enterprise risk management. 

They often struggle to uncover and deliver risk-related information from across the entire organisation due to a lack of convincing and actionable data. Relevant data is often tied up in multiple, manually-based systems that are a challenge to pull together, making it exceedingly difficult to demonstrate the value of preventing risks that never came to fruition or the value of taking risks that resulted in revenue generation. 

A lack of sound and timely data often translates into a lack of organisational support for enterprise risk management. The E suite often won’t buy in because they can’t comprehend why ERM matters any more than all the other initiatives on its plate, and those employees on the lower rungs of the organisational ladder often won’t buy in because they presume the data intake and input associated with ERM is going to impede them from doing their actual jobs. 

When inadequate data is married to inadequate organisational support, risk management won’t be a strategic endeavour. This makes it extremely difficult for a risk manager to earn a seat at the decision-making table, and organisations often struggle to fulfil the many risk management tasks spread across a multitude of departments and countless employees.


In Deep Minds paper, 'Model evaluation for extreme risks' they state:

'Model evaluations for extreme risks will play a critical role in governance regimes. A central goal of AI governance should be to limit the creation, deployment, and proliferation of systems that pose extreme risks. To do this, we need tools for looking at a particular system and assessing whether it poses extreme risks. We can then craft company policies or regulations that ensure:

1. Responsible training: Responsible decisions are made about whether and how to train a new model that shows early signs of risk.
2. Responsible deployment: Responsible decisions are made about whether, when, and how to deploy potentially risky models.
3. Transparency: Useful and actionable information is reported to stakeholders, to help them mitigate potential risks.
4. Appropriate security: Strong information security controls and systems are applied to models that might pose extreme risks.'

This is for Extreme Risk Models. It seems totally inadequate, to me. We also know that a large proportion of staff dealing with risk have been cut recently from most of the big tech firms. So who will be left, internally, to train their programmers, their LLM trainers, their C Suite staff on AI Ethics? 

No wonder there are so many signatories to the 'risks in the far future papers' which can serve to distract from the risks that are currently occurring in the Tech corporate sector. 

Such an approach, if adopted by legislators, is likely though to stymie the deployment of models through the Open Source communities.


AI is not new. Far from it. The risks and concerns have long been debated. Their are frameworks in place in the sector to mitigate against risk (few seem to want to prevent risk). The biggest problems occur still, from the facts that legislators will find it difficult to adapt sufficiently to the scale of change that is occurring in the industry, and the risks posed by this all taking place in the context of: economy's prioritising individual choice and viewing social outcomes as a byproduct of individual maximising behaviour, in a rapidly decaying biosphere.

Labels:

Comments

Post a Comment

Popular posts from this blog

The AI Dilemma and "Gollem-Class" AIs

From the Center for Humane Technology Tristan Harris and Aza Raskin discuss how existing A.I. capabilities already pose catastrophic risks to a functional society, how A.I. companies are caught in a race to deploy as quickly as possible without adequate safety measures, and what it would mean to upgrade our institutions to a post-A.I. world. This presentation is from a private gathering in San Francisco on March 9th with leading technologists and decision-makers with the ability to influence the future of large-language model A.I.s. This presentation was given before the launch of GPT-4. One of the more astute critics of the tech industry, Tristan Harris, who has recently given stark evidence to Congress. It is worth watching both of these videos, as the Congress address gives a context of PR industry and it's regular abuses. "If we understand the mechanisms and motives of the group mind, it is now possible to control and regiment the masses according to our will without their
Post a Comment
Read more

Beware the Orca, the challenge to ChatGPT and Palm2 is here

  So Google's 'we have no moat' paper was correct. If you train an LLM wisely then it's cost effective and cheap to produce a small LLM that is able to compete or even beat established, costly LLMs, as Microsoft has just found. It's another excellent video from AI Explained, who goes through some of the training procedures, which I won't get into here. Orca, is a model that learns from large foundation models (LFMs) like GPT-4 and ChatGPT by imitating their reasoning process. Orca uses rich signals such as explanations and complex instructions to improve its performance on various tasks. Orca outperforms other instruction-tuned models and achieves similar results to ChatGPT on zero-shot reasoning benchmarks and professional and academic exams. The paper suggests that learning from explanations is a promising way to enhance model skills. Smaller models are often overestimated in their abilities compared to LFMs, and need more rigorous evaluation methods. Explana
Post a Comment
Read more

What is happening inside of the black box?

  Neel Nanda is involved in Mechanistic Interpretability research at DeepMind, formerly of AnthropicAI, what's fascinating about the research conducted by Nanda is he gets to peer into the Black Box to figure out how different types of AI models work. Anyone concerned with AI should understand how important this is. In this video Nanda discusses some of his findings, including 'induction heads', which turn out to have some vital properties.  Induction heads are a type of attention head that allows a language model to learn long-range dependencies in text. They do this by using a simple algorithm to complete token sequences like [A][B] ... [A] -> [B]. For example, if a model is given the sequence "The cat sat on the mat," it can use induction heads to predict that the word "mat" will be followed by the word "the". Induction heads were first discovered in 2022 by a team of researchers at OpenAI. They found that induction heads were present in
Post a Comment
Read more